Section: .. / 0707-advisories /
| /// File Name: |
NGS-asterisk.txt |
Description:
|
Two closely related stack based buffer overflows exist in the SIP/SDP handler of Asterisk versions below 1.4.3. The vulnerabilities are very similar but exist as two separate unsafe function calls.
| | Author: | Barrie Dempster | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 8146 | | Last Modified: | Jul 7 06:25:05 2007 |
| MD5 Checksum: | 54f4b8909d5f8fafd35f99df3d4562db |
|
| /// File Name: |
n.runs-SA-2007.021.txt |
Description:
|
All Norman Antivirus solutions suffer from code execution vulnerabilities in the file parsing engine.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 7617 | | Last Modified: | Jul 24 06:04:17 2007 |
| MD5 Checksum: | 235b27c1a366c0c56d5ce3449a0ae836 |
|
| /// File Name: |
sa25932.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for libexif. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25932/ | | File Size: | 7610 | | Last Modified: | Jul 6 04:01:35 2007 |
| MD5 Checksum: | c69eeae4656fdfb3f377b43578fcee69 |
|
| /// File Name: |
n.runs-SA-2007.022.txt |
Description:
|
All Norman Antivirus solutions suffer from a detection bypass vulnerability in the .DOC OLE2 file parsing functionality.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 7590 | | Last Modified: | Jul 24 06:05:10 2007 |
| MD5 Checksum: | 9c9843a19bca58bc2492162d88b11833 |
|
| /// File Name: |
n.runs-SA-2007.020.txt |
Description:
|
All Norman Antivirus solutions suffer from a buffer overflow vulnerability via its .ACE file parsing functionality.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 7580 | | Last Modified: | Jul 24 06:13:43 2007 |
| MD5 Checksum: | 2c807fc9d60a5107cffa60335452a6e4 |
|
| /// File Name: |
07.19.07-2.txt |
Description:
|
iDefense Security Advisory 07.19.07 - Remote exploitation of an input handling vulnerability within multiple browsers on the Microsoft Windows platform allows code execution as the local user. This vulnerability is due to interaction between programs. The most commonly used Microsoft Windows URL protocol handling code doesn't provide a way for the URI handling application to distinguish the end of one argument from the start of another. The problem is caused by the fact that browsers do not pct-encode certain characters in some URIs, which does not comply with the behavior that RFC3986 (also known as IETF STD 66) requires. As a result, a specially constructed link could be interpreted as multiple arguments by a URI protocol handler.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 7577 | | Related CVE(s): | CVE-2007-3670 | | Last Modified: | Jul 20 08:29:46 2007 |
| MD5 Checksum: | 401f50546fb7a6ac0740d19ed3abeec5 |
|
| /// File Name: |
sa25808.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25808/ | | File Size: | 7571 | | Last Modified: | Jul 6 04:01:35 2007 |
| MD5 Checksum: | 8d1ce3bfe579eca08767f09cf9d8df1c |
|
| /// File Name: |
n.runs-SA-2007.023.txt |
Description:
|
All Norman Antivirus solutions suffer from a divide by zero vulnerability in the .DOC OLE2 file parsing functionality.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 7569 | | Last Modified: | Jul 24 06:08:41 2007 |
| MD5 Checksum: | 3f6bb068a735b6fe29741ad3f8388cc4 |
|
| /// File Name: |
CAID-35525-35526.txt |
Description:
|
CA products that utilize the Arclib library contain two denial of service vulnerabilities. The first vulnerability is due to an application hang when processing a specially malformed CHM file. The second vulnerability is due to an application hang when processing a specially malformed RAR file.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 7381 | | Related CVE(s): | CVE-2007-3875, CVE-2007-5645 | | Last Modified: | Jul 25 06:50:57 2007 |
| MD5 Checksum: | 10a5665874d17a5c342ba0a0e56e4924 |
|
| /// File Name: |
MDKSA-2007-141.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7372 | | Related CVE(s): | CVE-2006-5752, CVE-2007-1863 | | Last Modified: | Jul 7 06:30:58 2007 |
| MD5 Checksum: | 1625eeb14a6ab25bc1b01e377f2742f1 |
|
| /// File Name: |
MDKSA-2007-147.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities were discovered in how ImageMagick handles DCM and XWD image files. If a user were tricked into processing a specially crafted image file with an application that uses ImageMagick, an attacker could cause a heap-based buffer overflow and possibly execute arbitrary code with the user's privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7334 | | Related CVE(s): | CVE-2007-1667, CVE-2007-1797 | | Last Modified: | Jul 23 06:15:42 2007 |
| MD5 Checksum: | f3216450ce9dcbd1a1a9233c58a6e106 |
|
| /// File Name: |
sa26053.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26053/ | | File Size: | 7248 | | Last Modified: | Jul 13 02:55:11 2007 |
| MD5 Checksum: | 6b1b0d0df920adb4d764218843a3b22d |
|
| /// File Name: |
SYMSA-2007-005.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-005 - Due to an implementation issue, the Windows Firewall does not apply firewall rules correctly on the Teredo Interface. This allows a level of remote access to TCP and UDP ports and services that exceeds what Microsoft expected and what an administrator would expect.
| | Author: | Jim Hoagland, Ollie Whitehouse | | Homepage: | http://www.symantec.com/research | | File Size: | 7139 | | Related CVE(s): | CVE-2007-3038 | | Last Modified: | Jul 11 08:08:12 2007 |
| MD5 Checksum: | eae03b3c9a9fce0f86440a00133e2842 |
|
| /// File Name: |
sa25911.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25911/ | | File Size: | 6918 | | Last Modified: | Jul 6 04:01:35 2007 |
| MD5 Checksum: | fb1330568ec7a7d059fc3a792e932455 |
|
| /// File Name: |
sa25920.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for apache. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25920/ | | File Size: | 6519 | | Last Modified: | Jul 6 04:01:35 2007 |
| MD5 Checksum: | cf5fee48184c262f85a2946d3296de04 |
|
| /// File Name: |
SSRT071435.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Serviceguard for Linux. The vulnerability could be exploited to allow local unauthorized access or to increase privilege.
| | Homepage: | http://www.hp.com/ | | File Size: | 6502 | | Last Modified: | Jul 17 09:33:04 2007 |
| MD5 Checksum: | d92949bba66c79c4205e176e791036a1 |
|
| /// File Name: |
sa26003.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to disclose potentially sensitive information or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26003/ | | File Size: | 6473 | | Last Modified: | Jul 11 06:37:19 2007 |
| MD5 Checksum: | 6b8b7451e2a6607b604b1903a0fb2f1c |
|
| /// File Name: |
EEYE-mp2007.txt |
Description:
|
eEye Digital Security has discovered a critical vulnerability in PUBCONV.DLL (version 12.0.4518.1014) included with Microsoft's Publisher 2007. PUBCONV.DLL is the Publisher conversion library used by Publisher to translate previous Publisher version files to be "properly" rendered in Publisher 2007. However, when attempting to load a malformed legacy Publisher document (i.e. Publisher 98), PUBCONV.DLL can be forced to call an arbitrary function pointer resulting in the execution of attacker supplied code in the context the of logged-in user.
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | File Size: | 6428 | | Last Modified: | Jul 11 10:58:58 2007 |
| MD5 Checksum: | c32e70dbed9a4380b6d1e9b83f68649a |
|
| /// File Name: |
TA07-200A.txt |
Description:
|
Technical Cyber Security Alert TA07-200A - Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 6224 | | Last Modified: | Jul 20 08:45:05 2007 |
| MD5 Checksum: | 7ec017aab5d0e9b1e0fe583299f1275b |
|
| /// File Name: |
SSRT071424-1.txt |
Description:
|
HP Security Bulletin - Potential vulnerabilities have been identified with Samba provided with HP Internet Express for Tru64 UNIX (IX) v 6.6. The potential vulnerabilities could be exploited by a remote, unauthenticated user to execute arbitrary commands or by a local, unauthorized user to gain privilege elevation.
| | Homepage: | http://www.hp.com/ | | File Size: | 6153 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | Jul 11 09:05:36 2007 |
| MD5 Checksum: | 0991bc3f4f0c48427f55531db4ac65ea |
|
| /// File Name: |
sa25931.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for file. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25931/ | | File Size: | 6112 | | Last Modified: | Jul 6 04:01:35 2007 |
| MD5 Checksum: | 9918e76548793351c070eee64c3a3eac |
|
| /// File Name: |
sa25958.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for evolution and evolution-data-server. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25958/ | | File Size: | 6109 | | Last Modified: | Jul 7 06:48:49 2007 |
| MD5 Checksum: | 5a495b07c6a6f85193ead4defa0113b2 |
|
| /// File Name: |
SSRT071404.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with an ActiveX control in HP Instant Support - Driver Check running on Microsoft Windows. The vulnerability could be remotely exploited to allow unauthorized access to the system.
| | Homepage: | http://www.hp.com | | File Size: | 5974 | | Last Modified: | Jul 7 06:46:00 2007 |
| MD5 Checksum: | 5a58a8137d152ef755d359053c0b857c |
|
| /// File Name: |
MDKSA-2007-149.txt |
Description:
|
Mandriva Linux Security Advisory - The DNS query id generation code in BIND9 is vulnerable to cryptographic analysis which provides a 1-in-8 change of guessing the next query ID for 50% of the query IDs, which could be used by a remote attacker to perform cache poisoning by an attacker. As well, in BIND9 9.4.x, the default ACLs were note being correctly set, which could allow anyone to make recursive queries and/or query the cache contents.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5800 | | Related CVE(s): | CVE-2007-2926, CVE-2007-2925 | | Last Modified: | Jul 26 07:28:34 2007 |
| MD5 Checksum: | 281cfc23213cded6c7feace0a16b696f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
