Section: .. / 0706-advisories /
| /// File Name: |
MDKSA-2007-130.txt |
Description:
|
Mandriva Linux Security Advisory - The Auth API in ProFTPD, when multiple simultaneous authentication modules are configured, did not require that the module that checks authentication is the same module that retrieves authentication data, which could possibly be used to allow remote attackers to bypass authentication. The updated packages have been patched to prevent this issue. As well, this update provides proper PAM configuration files for ProFTPD on Corporate Server 4 that had prevented any mod_auth_pam-based connections from succeeding authentication.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15611 | | Related CVE(s): | CVE-2007-2165 | | Last Modified: | Jun 21 15:53:42 2007 |
| MD5 Checksum: | 826a791c6e040487d46c183cfbe3ad6c |
|
| /// File Name: |
dsa-1303-1.txt |
Description:
|
Debian Security Advisory 1303-1 - Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 14835 | | Related CVE(s): | CVE-2007-1870, CVE-2007-1869 | | Last Modified: | Jun 10 20:45:19 2007 |
| MD5 Checksum: | 53b93cc320f665f7b4307e46d491a35a |
|
| /// File Name: |
USN-473-1.txt |
Description:
|
Ubuntu Security Notice 473-1 - A buffer overflow was discovered in libgd2's font renderer. By tricking an application using libgd2 into rendering a specially crafted string with a JIS encoded font, a remote attacker could read heap memory or crash the application, leading to a denial of service. Xavier Roche discovered that libgd2 did not correctly validate PNG callback results. If an application were tricked into processing a specially crafted PNG image, it would monopolize CPU resources. Since libgd2 is often used in PHP and Perl web applications, this could lead to a remote denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13845 | | Related CVE(s): | CVE-2007-0455, CVE-2007-2756 | | Last Modified: | Jun 12 20:52:55 2007 |
| MD5 Checksum: | 8c53c90a1f9981b62999f9c72d19ae6e |
|
| /// File Name: |
USN-474-1.txt |
Description:
|
Ubuntu Security Notice 474-1 - It was discovered that xscreensaver did not correctly validate the return values from network authentication systems such as LDAP or NIS. A local attacker could bypass a locked screen if they were able to interrupt network connectivity.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13296 | | Related CVE(s): | CVE-2007-1859 | | Last Modified: | Jun 14 00:35:41 2007 |
| MD5 Checksum: | d092c2c16d99d6ffa6ec16b321388785 |
|
| /// File Name: |
USN-469-1.txt |
Description:
|
Ubuntu Security Notice 469-1 - A weakness in APOP authentication has been discovered in Mozilla Thunderbird. Additionally, various flaws were discovered in the layout and JavaScript engines.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12807 | | Related CVE(s): | CVE-2007-1558, CVE-2007-2867, CVE-2007-2868 | | Last Modified: | Jun 7 02:51:49 2007 |
| MD5 Checksum: | d97fb26233a62fc426b6e154e5488c4c |
|
| /// File Name: |
USN-439-2.txt |
Description:
|
Ubuntu Security Notice 439-2 - USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11324 | | Related CVE(s): | CVE-2007-2799 | | Last Modified: | Jun 12 20:33:21 2007 |
| MD5 Checksum: | 51dc7dbf35aca69fca878435f43d7e3b |
|
| /// File Name: |
MDKSA-2007-124.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Tetex uses an embedded copy of the gd source and may also be affected by this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10779 | | Related CVE(s): | CVE-2007-2756 | | Last Modified: | Jun 14 01:13:18 2007 |
| MD5 Checksum: | a087c34ebaa86347b374a97442437c85 |
|
| /// File Name: |
dsa-1302-1.txt |
Description:
|
Debian Security Advisory 1302-1 - A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
| | Homepage: | http://www.debian.org/security | | File Size: | 10432 | | Related CVE(s): | CVE-2007-2754 | | Last Modified: | Jun 10 20:46:12 2007 |
| MD5 Checksum: | 5907cad571cca0c3ac6d607a3b51841a |
|
| /// File Name: |
dsa-1312-1.txt |
Description:
|
Debian Security Advisory 1312-1 - It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure.
| | Homepage: | http://www.debian.org/security | | File Size: | 10270 | | Related CVE(s): | CVE-2007-1860 | | Last Modified: | Jun 20 00:20:21 2007 |
| MD5 Checksum: | 70d5798b6f48581fdbb7d154013012ca |
|
| /// File Name: |
SSRT071438.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 9887 | | Last Modified: | Jun 26 16:05:22 2007 |
| MD5 Checksum: | 48ba65640898843db17d427d04539d5b |
|
| /// File Name: |
MDKSA-2007-137.txt |
Description:
|
Mandriva Linux Security Advisory - David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code. David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code. Finally, a stack buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9855 | | Related CVE(s): | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798 | | Last Modified: | Jun 29 22:34:41 2007 |
| MD5 Checksum: | 2e1a3145902e2c36d59b1688739cdf10 |
|
| /// File Name: |
USN-472-1.txt |
Description:
|
Ubuntu Security Notice 472-1 - It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9764 | | Related CVE(s): | CVE-2007-2445 | | Last Modified: | Jun 12 20:51:14 2007 |
| MD5 Checksum: | df720d8f0a308760b529d2c7ceb14964 |
|
| /// File Name: |
USN-476-1.txt |
Description:
|
Ubuntu Security Notice 476-1 - Fabio Massimo Di Nitto discovered that cman did not correctly validate the size of client messages. A local user could send a specially crafted message and execute arbitrary code with cluster manager privileges or crash the manager, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9499 | | Last Modified: | Jun 26 17:37:30 2007 |
| MD5 Checksum: | b53d6f8705555fcf73e5395913d15c4b |
|
| /// File Name: |
rus-cert-2007-0601.txt |
Description:
|
The built-in Mini Switch in Alcatel-Lucent's IP-Touch Telephones under OmniPCX Enterprise 7.0 and later allows unauthenticated access to the voice VLAN in IEEE 802.1x-authenticated environments.
| | Author: | Oliver Goebel | | Homepage: | http://CERT.Uni-Stuttgart.DE/ | | File Size: | 9468 | | Related CVE(s): | CVE-2007-2512 | | Last Modified: | Jun 10 19:39:15 2007 |
| MD5 Checksum: | 0e6296f88ddd0c7fc892c59a7eaf8680 |
|
| /// File Name: |
schannel-offbyone.txt |
Description:
|
The Secure Channel (SChannel) library on Microsoft Windows XP SP1 and SP2 is vulnerable to an off-by-one heap buffer overwrite.
| | Author: | Thomas Lim, Steven | | File Size: | 8950 | | Last Modified: | Jun 12 21:22:49 2007 |
| MD5 Checksum: | 62ba1808a64d5f6509860fe18360b09f |
|
| /// File Name: |
dsa-1316.txt |
Description:
|
Debian Security Advisory 1316-1 - It has been discovered that emacs, the GNU Emacs editor, will crash when processing certain types of images.
| | Homepage: | http://www.debian.org/security | | File Size: | 8679 | | Related CVE(s): | CVE-2007-2833 | | Last Modified: | Jun 26 15:58:01 2007 |
| MD5 Checksum: | b779f8ecf103d889e688ab54cc3f0a8d |
|
| /// File Name: |
MDKSA-2007-115.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the OLE2 parser in ClamAV was found that could allow a remote attacker to cause a denial of service via resource consumption with a carefully crafted OLE2 file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8097 | | Related CVE(s): | CVE-2007-2650 | | Last Modified: | Jun 7 01:16:25 2007 |
| MD5 Checksum: | b77ed71d32d55b8e04eafb3ba7be4d8b |
|
| /// File Name: |
MDKSA-2007-136.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in Evolution/evolution-data-server was found in how Evolution would process certain IMAP server messages. If a user were tricked into connecting to a malicious IMAP server, it was possible that arbitrary code could be executed with the privileges of the user using Evolution.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7916 | | Related CVE(s): | CVE-2007-3257 | | Last Modified: | Jun 29 00:32:08 2007 |
| MD5 Checksum: | 1e60143c69565aa376ab66084cf21edb |
|
| /// File Name: |
prefork.txt |
Description:
|
Apache suffers from some prefork MPM vulnerabilities.
| | Author: | PSNC Security Team | | Homepage: | http://security.psnc.pl/ | | File Size: | 7803 | | Last Modified: | Jun 21 14:47:24 2007 |
| MD5 Checksum: | 01195ad82df99dec01150fe86c8b4e75 |
|
| /// File Name: |
SSRT061273.txt |
Description:
|
HP Security Bulletin - Potential vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 7457 | | Related CVE(s): | CVE-2007-4339, CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Jun 12 21:09:51 2007 |
| MD5 Checksum: | 74a843699337ab3d17789ce803e731a0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
