Section: .. / 0706-advisories /
| /// File Name: |
USN-471-1.txt |
Description:
|
Ubuntu Security Notice 471-1 - Victor Stinner discovered that libexif did not correctly validate the size of some EXIF header fields. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7052 | | Related CVE(s): | CVE-2007-2645 | | Last Modified: | Jun 12 20:34:59 2007 |
| MD5 Checksum: | 711a4b74a75ef47cebf59215d02f83ca |
|
| /// File Name: |
gdbupx-overflow.txt |
Description:
|
GDB versions 6.6 and above suffer from a buffer overflow vulnerability.
| | Author: | Lau KaiJern | | File Size: | 7051 | | Last Modified: | Jun 6 19:40:10 2007 |
| MD5 Checksum: | b0b22857d7bc8add8eadabcae4ce770c |
|
| /// File Name: |
USN-478-1.txt |
Description:
|
Ubuntu Security Notice 478-1 - Sean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7044 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 29 00:42:44 2007 |
| MD5 Checksum: | b56772df3eb4fa4f7ae9133ddcf880f3 |
|
| /// File Name: |
MDKSA-2007-114.txt |
Description:
|
Mandriva Linux Security Advisory - The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file. As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6926 | | Related CVE(s): | CVE-2007-2026, CVE-2007-2799 | | Last Modified: | Jun 7 02:17:51 2007 |
| MD5 Checksum: | 263caaec3eab0679a08a0df193a1ffc7 |
|
| /// File Name: |
SSRT071429.txt |
Description:
|
HP Security Bulletin - Potential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). The vulnerabilities could be exploited by remote users to execute arbitrary code, read arbitrary files, or cause a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6815 | | Related CVE(s): | CVE-2006-4625, CVE-2007-0988, CVE-2007-1286, CVE-2007-1380, CVE-2007-1700, CVE-2007-1701, CVE-2007-1710, CVE-2007-1835, CVE-2007-1884, CVE-2007-1885, CVE-2007-1886 | | Last Modified: | Jun 29 01:36:18 2007 |
| MD5 Checksum: | d579f8c240229015508d34de93d4860b |
|
| /// File Name: |
CX-2007-04.txt |
Description:
|
Calyptix Security Advisory CX-2007-04 - Multiple versions of Check Point's Safe@Office UTM device are vulnerable to cross-site request forgery. The test firmware was version 7.0.39x, the latest available for the Safe@Office model. Cursory testing shows that prior version 5.0.82x was also vulnerable. Other Check Point products were not tested.
| | Author: | Daniel Weber | | File Size: | 6685 | | Last Modified: | Jun 29 00:06:48 2007 |
| MD5 Checksum: | 38fb53f8516d93dfe55af0364f02691e |
|
| /// File Name: |
dsa-1299-1.txt |
Description:
|
Debian Security Advisory 1299-1 - It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 6602 | | Related CVE(s): | CVE-2007-2524 | | Last Modified: | Jun 10 19:44:48 2007 |
| MD5 Checksum: | 20461be8b154bb0cb8ddd3665b286af1 |
|
| /// File Name: |
SSRT071424.txt |
Description:
|
HP Security Bulletin - Potential vulnerabilities have been identified with HP-UX running CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 6553 | | Related CVE(s): | CVE-2007-2446, CVE-2007-2447 | | Last Modified: | Jun 7 01:23:54 2007 |
| MD5 Checksum: | 1010e4187ccb67453b634b5c0cf3e5b8 |
|
| /// File Name: |
dsa-1310-1.txt |
Description:
|
Debian Security Advisory 1310-1 - A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data.
| | Homepage: | http://www.debian.org/security | | File Size: | 6495 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 19 16:23:52 2007 |
| MD5 Checksum: | c012f8241627391e730ed9ce2f70a62e |
|
| /// File Name: |
MITKRB5-SA-2007-005.txt |
Description:
|
MIT krb5 Security Advisory 2007-005 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow.
| | Homepage: | http://web.mit.edu/ | | File Size: | 6437 | | Related CVE(s): | CVE-2007-2798 | | Last Modified: | Jun 29 00:04:13 2007 |
| MD5 Checksum: | 3b63b81d16f0b2afba7c8a2f903d53f7 |
|
| /// File Name: |
MDKSA-2007-127.txt |
Description:
|
Mandriva Linux Security Advisory - The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6416 | | Related CVE(s): | CVE-2007-1862 | | Last Modified: | Jun 21 14:39:43 2007 |
| MD5 Checksum: | a2d99b7c205baa5dde22550c005bc258 |
|
| /// File Name: |
MDKSA-2007-133.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in emacs was discovered where it would crash when processing certain types of images.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6319 | | Related CVE(s): | CVE-2007-2833 | | Last Modified: | Jun 26 16:07:36 2007 |
| MD5 Checksum: | 40842a9a1632f2f9968084206cf41db0 |
|
| /// File Name: |
MDKSA-2007-121.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6302 | | Related CVE(s): | CVE-2007-2754 | | Last Modified: | Jun 14 01:01:55 2007 |
| MD5 Checksum: | 531c409c2a601e8e9693a3c8d625ca05 |
|
| /// File Name: |
SSRT061274.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP Help and Support Center running on HP Notebook Computers running with Windows XP. The vulnerability could be remotely exploited to allow unauthorized access to the system.
| | Homepage: | http://www.hp.com | | File Size: | 6282 | | Related CVE(s): | CVE-2007-3180 | | Last Modified: | Jun 21 15:42:35 2007 |
| MD5 Checksum: | aa58f0981590abade668fda77947ee5a |
|
| /// File Name: |
MDKSA-2007-122.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6165 | | Related CVE(s): | CVE-2007-2756 | | Last Modified: | Jun 14 01:02:56 2007 |
| MD5 Checksum: | e89299e4416279f2b4893e51810b958f |
|
| /// File Name: |
SSRT071334.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux. This vulnerability could be exploited remotely to gain privileged access.
| | Homepage: | http://www.hp.com | | File Size: | 5809 | | Last Modified: | Jun 20 01:27:47 2007 |
| MD5 Checksum: | 411daf4a727f6fa49a41b959c4a3db4b |
|
| /// File Name: |
glsa-200706-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-06 - Mozilla developers fixed several bugs involving memory corruption through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, several errors leading to crash, memory exhaustion or CPU consumption were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and spoofing prevention (CVE-2007-2871) were fixed. Versions less than 2.0.0.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5791 | | Related CVE(s): | CVE-2007-1362, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871 | | Last Modified: | Jun 21 14:33:48 2007 |
| MD5 Checksum: | 5a300a1b7e16245de39560d40541fd2f |
|
| /// File Name: |
MDKSA-2007-125.txt |
Description:
|
Mandriva Linux Security Advisory - SpamAssassin 3.1.x, when running as root with unusual configuration options using vpopmail or virtual users, could allow local users to cause a denial of service (via corrupting arbitrary files) using a symlink attack on a file used by spamd.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5779 | | Related CVE(s): | CVE-2007-2873 | | Last Modified: | Jun 14 23:13:38 2007 |
| MD5 Checksum: | 28c7a96678bd21e0c6515908d42d8a19 |
|
| /// File Name: |
MDKSA-2007-123.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Libwmf uses an embedded copy of the gd source and may also be affected by this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5559 | | Related CVE(s): | CVE-2007-2756 | | Last Modified: | Jun 14 01:12:31 2007 |
| MD5 Checksum: | 64610f58ede948763eb5c90cb91a1571 |
|
| /// File Name: |
MDKSA-2007-111.txt |
Description:
|
Mandriva Linux Security Advisory - login in util-linux-2.12a (and later versions) skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5545 | | Related CVE(s): | CVE-2006-7108 | | Last Modified: | Jun 7 01:05:10 2007 |
| MD5 Checksum: | 1525838457cd13c0565a4cdee3d87c97 |
|
| /// File Name: |
MDKSA-2007-116.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5491 | | Related CVE(s): | CVE-2007-2445 | | Last Modified: | Jun 7 02:18:46 2007 |
| MD5 Checksum: | 6ce6e06e41a0642ff41b2db091ad2d4a |
|
| /// File Name: |
dsa-1314-1.txt |
Description:
|
Debian Security Advisory 1314-1 - Several local and remote vulnerabilities have been discovered in open-iscsi, a transport-independent iSCSI implementation. Olaf Kirch discovered that due to a programming error access to the management interface socket was insufficiently protected, which allows denial of service. He also discovered that access to a semaphore used in the logging code was insufficiently protected, allowing denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 5228 | | Related CVE(s): | CVE-2007-3099, CVE-2007-3100 | | Last Modified: | Jun 20 01:10:38 2007 |
| MD5 Checksum: | ecc345e3ad4eeca7fb2d34a3c8c14dba |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
