Section: .. / 0701-advisories /
| /// File Name: |
MDKSA-2007-030.txt |
Description:
|
Mandriva Linux Security Advisory - The use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5936 | | Related CVE(s): | CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Jan 30 22:59:17 2007 |
| MD5 Checksum: | d06c0a7f871f388b7272710bf3a0e971 |
|
| /// File Name: |
msagent-heap.txt |
Description:
|
COSEINC Alert - A security researcher of COSEINC Vulnerability Research Lab has discovered that Microsoft Agent has a heap overflow vulnerability. This vulnerability is triggered when Microsoft Agent parses the malformed character file in its uncompressed state in memory, by having an overly large value in a length field. This will lead to an integer overflow during the allocation of buffer. Subsequently, when data is copied to the buffer, the heap overflow will occur. The result is possible remote code execution.
| | Author: | Willow | | Homepage: | http://www.coseinc.com/ | | File Size: | 4453 | | Last Modified: | Jan 30 22:57:30 2007 |
| MD5 Checksum: | 82458ffea0deef0d6dab6da244ba9b38 |
|
| /// File Name: |
DRUPAL-SA-2007-005.txt |
Description:
|
Drupal security advisory - Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. Affected include Drupal 4.7.x versions before Drupal 4.7.6 and Drupal 5.x versions before Drupal 5.1.
| | Author: | Uwe Hermann | | Homepage: | http://drupal.org/security | | File Size: | 2063 | | Last Modified: | Jan 30 22:55:27 2007 |
| MD5 Checksum: | ed1adc7b529116a1736f9a8e799514d0 |
|
| /// File Name: |
sa23892.txt |
Description:
|
Secunia Security Advisory - David Barroso Berrueta and Alfredo Andres Omella have reported a vulnerability in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23892/ | | File Size: | 2956 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 533b7e96a06c5f68c519ec64819d7c6f |
|
| /// File Name: |
sa23914.txt |
Description:
|
Secunia Security Advisory - rgod has discovered two vulnerabilities in GuppY, which can be exploited by malicious people to compromise vulnerable systems.
| | Homepage: | http://secunia.com/advisories/23914/ | | File Size: | 2381 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | ef91ded2cccc56cbd4a5c0d8a7959dec |
|
| /// File Name: |
sa23928.txt |
Description:
|
Secunia Security Advisory - Hai Nam Luke has discovered a vulnerability in Yahoo Messenger, which potentially can be exploited by malicious users to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23928/ | | File Size: | 3046 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 86a2d10f323db80fd24ccaeb6e0a16f4 |
|
| /// File Name: |
sa23940.txt |
Description:
|
Secunia Security Advisory - Ralf S. Engelschall has reported a vulnerability in CVSTrac, which can be exploited by malicious users to conduct SQL injection attacks and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23940/ | | File Size: | 2478 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | db6e0d260bddd2b0fb2ba124379fb600 |
|
| /// File Name: |
sa23943.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23943/ | | File Size: | 8895 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 4e84470b7fa14bc18514d0775b13dcda |
|
| /// File Name: |
sa23948.txt |
Description:
|
Secunia Security Advisory - adex has discovered a vulnerability in MAXdev MD-Pro, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/23948/ | | File Size: | 2420 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 1f092143b903d703fec2a421d2ac1fd0 |
|
| /// File Name: |
sa23960.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Drupal, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23960/ | | File Size: | 2814 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 03b0c53c56b1650f6c16ccdce38c4a7d |
|
| /// File Name: |
sa23968.txt |
Description:
|
Secunia Security Advisory - GolD_M has discovered a vulnerability in Webfwlog, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/23968/ | | File Size: | 2532 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 24a6e4f2e53d9f6e23dcc8ec4f7dae88 |
|
| /// File Name: |
sa23974.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23974/ | | File Size: | 4427 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | fb4dfe93ef7e48a36d923269d3e8012c |
|
| /// File Name: |
sa23976.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for libsoup. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23976/ | | File Size: | 3001 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | af9b801c25a111a9ef3548a78c30858a |
|
| /// File Name: |
sa23979.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Access Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/23979/ | | File Size: | 3344 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 37247f78537f6e826facb6a136435985 |
|
| /// File Name: |
sa23990.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in vbDrupal, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23990/ | | File Size: | 2162 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 82b11721831bdb8d313db483fd5673ee |
|
| /// File Name: |
sa23991.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability and a security issue in Avaya CMS / IR, which can be exploited by malicious, local users to disclose sensitive information or potentially gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/23991/ | | File Size: | 2660 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 7ff8bb668475ac79007578209d8fa809 |
|
| /// File Name: |
sa23992.txt |
Description:
|
Secunia Security Advisory - DeltahackingTEAM has discovered a vulnerability in phpIndexPage, which can be exploited by malicious people to compromise vulnerable systems.
| | Homepage: | http://secunia.com/advisories/23992/ | | File Size: | 2465 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 1512746090ae5cdf1f511b88b38ee148 |
|
| /// File Name: |
sa23993.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in NX Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23993/ | | File Size: | 2403 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | cc4949e46cd23403439a7f429939eff2 |
|
| /// File Name: |
OpenPKG-SA-2007.008.txt |
Description:
|
OpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 4076 | | Related CVE(s): | CVE-2007-0347 | | Last Modified: | Jan 29 21:02:50 2007 |
| MD5 Checksum: | 0b5659d03a1c3f75f54ba3f47f82e56d |
|
| /// File Name: |
phorum-xss.txt |
Description:
|
Phorum version 5.1.18 is susceptible to cross site scripting attacks.
| | Author: | Doz | | Homepage: | http://www.hackerscenter.com/ | | File Size: | 990 | | Last Modified: | Jan 29 20:39:04 2007 |
| MD5 Checksum: | aeb6051d17c3c1a7d5baac06583990e5 |
|
| /// File Name: |
OpenPKG-SA-2007.007.txt |
Description:
|
OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3272 | | Related CVE(s): | CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Jan 29 20:35:12 2007 |
| MD5 Checksum: | ef98c338e7f5a017b8877bfeaad6e259 |
|
| /// File Name: |
dsa-1254-1.txt |
Description:
|
Debian Security Advisory 1254-1 - It was discovered that the Bind name server daemon is vulnerable to denial of service by triggering an assertion through a crafted DNS query. This only affects installations which use the DNSSEC extensions. Please note that the CVE listed in this advisory is incorrect.
| | Homepage: | http://www.debian.org/security | | File Size: | 22297 | | Last Modified: | Jan 29 19:47:18 2007 |
| MD5 Checksum: | b907768273ac2898bec098b21758ca35 |
|
| /// File Name: |
glsa-200701-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-25 - Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE extension, and ProcRenderAddGlyphs() in the Render extension. Versions less than 1.1.1-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2893 | | Last Modified: | Jan 29 11:32:22 2007 |
| MD5 Checksum: | 7b32d79997096fb64e0c1d9f92b12c2b |
|
| /// File Name: |
dsa-1253-1.txt |
Description:
|
Debian Security Advisory 1253-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. A bug in the js_dtoa function allows remote attackers to cause a denial of service. "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code.
| | Homepage: | http://www.debian.org/security | | File Size: | 10927 | | Related CVE(s): | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503 | | Last Modified: | Jan 29 11:32:11 2007 |
| MD5 Checksum: | 71853013fa9f3eebef5078c94aff5f90 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
