Section: .. / 0804-advisories /
| /// File Name: |
04.09.08-5.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Local exploitation of a buffer overflow vulnerability in the db2dasrrm program, as included with IBM Corp.'s DB2 Universal Database, allows attackers to elevate privileges to root. This vulnerability exists due to insufficient validation of the length of the attacker-supplied "DASPROF" environment variable contents. By setting the variable to a specially crafted string, an attacker can cause a buffer overflow when the string is copied into a static-sized buffer stored on the stack. By overflowing the buffer, the attacker can overwrite execution control structures stored on the stack and execute arbitrary code. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 with Fix Pack 4 installed on a Linux system. Versions for other supported UNIX-like systems should also be considered vulnerable. All previously released versions are suspected vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4062 | | Related CVE(s): | CVE-2007-5758 | | Last Modified: | Apr 15 22:16:23 2008 |
| MD5 Checksum: | 707b582fccd117b5532fac441a0b1f86 |
|
| /// File Name: |
04.09.08-4.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Local exploitation of a file creation vulnerability in the Administration Server of IBM Corp.'s DB2 Universal Database allows attackers to elevate privileges to root. This vulnerability exists due to unsafe file access from within the db2dasrrm program. When a user starts the DAS, the "db2dasrrm" process is started with root privileges. As part of the initialization, the "dasRecoveryIndex", "dasRecoveryIndex.tmp", ".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" files are created with root privileges. By removing and re-creating these files as symbolic links, an attacker can create arbitrary files as root. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 release with Fix Pack 3 installed on Linux. Other versions are also suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 4008 | | Related CVE(s): | CVE-2007-5664 | | Last Modified: | Apr 15 22:15:20 2008 |
| MD5 Checksum: | 12426a5c9832c9d2997923db61030702 |
|
| /// File Name: |
dsa-1540-2.txt |
Description:
|
Debian Security Advisory 1540-2 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, did not correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections. This security update fixes a regression in the previous one, which caused SSL failures.
| | Homepage: | http://www.debian.org/security | | File Size: | 11091 | | Related CVE(s): | CVE-2008-1531 | | Last Modified: | Apr 15 22:03:04 2008 |
| MD5 Checksum: | 092f75b80afc4f0cec9c33d9c65b5be9 |
|
| /// File Name: |
sa29758.txt |
Description:
|
Secunia Security Advisory - shinnai has discovered a vulnerability in IBiz E-Banking Integrator, which can be exploited by malicious people to overwrite arbitrary files.
| | Homepage: | http://secunia.com/advisories/29758/ | | File Size: | 2711 | | Last Modified: | Apr 15 22:00:15 2008 |
| MD5 Checksum: | 28ab7ce66aa054ed7d65f396cc674aba |
|
| /// File Name: |
sa29636.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for lighttpd. This fixes a security issue and a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29636/ | | File Size: | 2372 | | Last Modified: | Apr 15 21:46:04 2008 |
| MD5 Checksum: | cdd8eb74433af151abe1681893957833 |
|
| /// File Name: |
sa29668.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in rsync, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29668/ | | File Size: | 2860 | | Last Modified: | Apr 15 21:46:04 2008 |
| MD5 Checksum: | be4d67de31b0aefc1e02ba675670be2b |
|
| /// File Name: |
sa29675.txt |
Description:
|
Secunia Security Advisory - poplix has reported some vulnerabilities in Parallels VZPP, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29675/ | | File Size: | 2763 | | Last Modified: | Apr 15 21:46:04 2008 |
| MD5 Checksum: | a9468ce7cd053f4ff5a027330dc92641 |
|
| /// File Name: |
sa29694.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for am-utils. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/29694/ | | File Size: | 2218 | | Last Modified: | Apr 15 21:46:04 2008 |
| MD5 Checksum: | dc2d7d1fa54c3bd078b66b1307799e42 |
|
| /// File Name: |
sa29711.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for tomcat. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users to disclose potentially sensitive information, and by malicious people to manipulate certain data or to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29711/ | | File Size: | 2710 | | Last Modified: | Apr 15 21:46:04 2008 |
| MD5 Checksum: | b707f31babf7e7741ac6144f0fb87c81 |
|
| /// File Name: |
sa29771.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Symantec Altiris Deployment Solution, which can be exploited by malicious, local users to disclose sensitive information and potentially gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/29771/ | | File Size: | 2888 | | Last Modified: | Apr 15 21:46:04 2008 |
| MD5 Checksum: | 03bb507f1a76674506c0c524c9fb653e |
|
| /// File Name: |
sa29777.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29777/ | | File Size: | 4698 | | Last Modified: | Apr 15 21:46:04 2008 |
| MD5 Checksum: | 84b55457c08ab86f97cb550fc0f396c1 |
|
| /// File Name: |
sa29781.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29781/ | | File Size: | 4598 | | Last Modified: | Apr 15 21:46:04 2008 |
| MD5 Checksum: | cd503cfc78227777d28929e0df588350 |
|
| /// File Name: |
sa29783.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29783/ | | File Size: | 2897 | | Last Modified: | Apr 15 21:46:04 2008 |
| MD5 Checksum: | d67f4dafc1a43a1822996d77c30b05f0 |
|
| /// File Name: |
sa29672.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in xine-lib, which can potentially be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29672/ | | File Size: | 2237 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | 510345631b889bf1c277b348eb24e4eb |
|
| /// File Name: |
sa29678.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/29678/ | | File Size: | 2362 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | 260d58ba74e280b854980c73b29b4365 |
|
| /// File Name: |
sa29679.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for opera. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29679/ | | File Size: | 2218 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | 92c47e67a9542602f07d9244b3b84788 |
|
| /// File Name: |
sa29743.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29743/ | | File Size: | 2503 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | cf0861d0a534776a46a1e76f2d431e68 |
|
| /// File Name: |
sa29757.txt |
Description:
|
Secunia Security Advisory - __GiReX__ has reported a security issue in LightNEasy, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29757/ | | File Size: | 2486 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | e51850d081b295bd54b531fbd322bf22 |
|
| /// File Name: |
sa29779.txt |
Description:
|
Secunia Security Advisory - José Luís Zayas has reported some vulnerabilities in OSI Affiliate, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29779/ | | File Size: | 2501 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | fd62004c8d523d722da68ac4e3b5cb26 |
|
| /// File Name: |
sa29782.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for asterisk. This fixes a security issue and some vulnerabilities, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29782/ | | File Size: | 2434 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | 3f3c7455ae96fdbce330cd338c1ba832 |
|
| /// File Name: |
sa29801.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in phpBB, which can be exploited by malicious users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29801/ | | File Size: | 2936 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | 0a4b44486f6bc18d6df1e23ba74cffc5 |
|
| /// File Name: |
sa29809.txt |
Description:
|
Secunia Security Advisory - Thomas Pollet has reported a vulnerability in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29809/ | | File Size: | 2541 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | fa41bb3f5b5970724fbcfafba71510a2 |
|
| /// File Name: |
sa29813.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29813/ | | File Size: | 12359 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | 2a99fb796cb8fe8ff941d964c333b5d4 |
|
| /// File Name: |
sa29823.txt |
Description:
|
Secunia Security Advisory - Russ McRee has discovered some vulnerabilities in WORK system e-commerce, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29823/ | | File Size: | 2502 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | a314aa3a604b7a2ec8fe7a117d6e4314 |
|
| /// File Name: |
sa29825.txt |
Description:
|
Secunia Security Advisory - The-0utl4w has reported a vulnerability in phpHotResources, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29825/ | | File Size: | 2376 | | Last Modified: | Apr 15 19:22:47 2008 |
| MD5 Checksum: | 53dfe067897379a287a23a6e4f483632 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
