Section: .. / 0701-advisories /
| /// File Name: |
USN-401-1.txt |
Description:
|
Ubuntu Security Notice 401-1 - It was discovered that local users could delete other users' D-Bus match rules. Applications would stop receiving D-Bus messages, resulting in a local denial of service, and potential data loss for applications that depended on D-Bus for storing information.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18018 | | Related CVE(s): | CVE-2006-6107 | | Last Modified: | Jan 5 03:08:12 2007 |
| MD5 Checksum: | e45cabfacad3e7e35cec768cbb4a9b97 |
|
| /// File Name: |
sa23611.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for dbus. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23611/ | | File Size: | 17741 | | Last Modified: | Jan 5 18:44:16 2007 |
| MD5 Checksum: | 9ec629e282f9b508b8277f3d9d6f7b23 |
|
| /// File Name: |
LS-20061102.pdf |
Description:
|
LSsec has discovered a vulnerability in Business Objects Crystal Reports XI Professional, which could be exploited by an attacker in order to execute arbitrary code on an affected system. Exploitation requires that the attacker coerce the target user into opening a malicious .RPT file.
| | Homepage: | http://www.lssec.com/ | | Related Exploit: | LS-20061102.rar | | File Size: | 17597 | | Last Modified: | Jan 5 02:22:38 2007 |
| MD5 Checksum: | fb382ee64fb9b1d4a0314fc038312ca6 |
|
| /// File Name: |
SUSE-SA-2007-013.txt |
Description:
|
SUSE Security Announcement - This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. Since SUSE Linux version 10.1 format string bugs are not exploitable anymore.
| | Homepage: | http://www.suse.com | | File Size: | 17564 | | Related CVE(s): | CVE-2007-0017 | | Last Modified: | Jan 26 21:01:11 2007 |
| MD5 Checksum: | 61793c69535f7c4dfdcc2f5623e2654a |
|
| /// File Name: |
USN-408-1.txt |
Description:
|
Ubuntu Security Notice 408-1 - The server-side portion of Kerberos' RPC library had a memory management flaw which allowed users of that library to call a function pointer located in unallocated memory. By doing specially crafted calls to the kadmind server, a remote attacker could exploit this to execute arbitrary code with root privileges on the target computer.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15937 | | Related CVE(s): | CVE-2006-6143 | | Last Modified: | Jan 15 22:18:37 2007 |
| MD5 Checksum: | 1b38828773836a9965daa3b17771775f |
|
| /// File Name: |
SUSE-SA-2007-012.txt |
Description:
|
SUSE Security Announcement - This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// URLs. Additionally the 10.2 package needed a fix for another DoS bug and for max_user_ip handling in ntlm_auth.
| | Homepage: | http://www.suse.com | | File Size: | 15758 | | Related CVE(s): | CVE-2007-0247, CVE-2007-0248 | | Last Modified: | Jan 24 01:43:50 2007 |
| MD5 Checksum: | 1a75a6823f4c2dac88eca047c2e5e9a3 |
|
| /// File Name: |
sa23772.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes a vulnerability, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23772/ | | File Size: | 15754 | | Last Modified: | Jan 18 03:44:32 2007 |
| MD5 Checksum: | ad5d432eb9a783d02a13fd933db8b8d9 |
|
| /// File Name: |
sa23597.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for mono. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/23597/ | | File Size: | 15323 | | Last Modified: | Jan 5 18:44:16 2007 |
| MD5 Checksum: | 8861d722d0657ab961c9dc6dbdad009b |
|
| /// File Name: |
cisco-sa-20070118-certs.txt |
Description:
|
Cisco Security Advisory - The Cisco Security Monitoring, Analysis and Response System (CS-MARS) and the Cisco Adaptive Security Device Manager (ASDM) do not validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or Secure Shell (SSH) public keys presented by devices they are configured to connect to. Malicious users may be able to use this lack of certificate or public key validation to impersonate the devices that these affected products connect to, which could then be used to obtain sensitive information or misreport information.
| | Homepage: | http://www.cisco.com/ | | File Size: | 14521 | | Last Modified: | Jan 19 22:31:36 2007 |
| MD5 Checksum: | ded5a9321e1e23fedac2ad04811a8e2f |
|
| /// File Name: |
dsa-1246-1.txt |
Description:
|
Debian Security Advisory 1246-1 - John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 14360 | | Related CVE(s): | CVE-2006-5870 | | Last Modified: | Jan 13 17:01:32 2007 |
| MD5 Checksum: | 15d589a34d9d20238ba439285fb487b2 |
|
| /// File Name: |
cisco-sa-20070110-jtapi.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Hosted, Cisco IP Contact Center Enterprise, and Cisco IP Contact Center Hosted editions are affected by a vulnerability that may result in the restart of JTapi Gateway process. Until this process restarts, no new connections can be processed. Existing connections will continue to work.
| | Homepage: | http://www.cisco.com/ | | File Size: | 14002 | | Last Modified: | Jan 13 18:29:05 2007 |
| MD5 Checksum: | 7e1ee10e8abb4c318cb3cfa23893781b |
|
| /// File Name: |
MDKSA-2007-022.txt |
Description:
|
Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13298 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:41:46 2007 |
| MD5 Checksum: | 2b10bfbfa6780f14a32f6897c897bad2 |
|
| /// File Name: |
dsa-1245-1.txt |
Description:
|
Debian Security Advisory 1245-1 - Martin Loewer discovered that the proftpd FTP daemon is vulnerable to denial of service if the addon module for Radius authentication is enabled.
| | Homepage: | http://www.debian.org/security | | File Size: | 13148 | | Related CVE(s): | CVE-2005-4816 | | Last Modified: | Jan 13 16:32:05 2007 |
| MD5 Checksum: | 0e47566d7a11419e70add2fccdfc8c77 |
|
| /// File Name: |
sa23650.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for Sun Java. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23650/ | | File Size: | 12878 | | Last Modified: | Jan 10 13:19:08 2007 |
| MD5 Checksum: | 3df5bdeb351fdef8eca0ebcd928310c3 |
|
| /// File Name: |
USN-400-1.txt |
Description:
|
Ubuntu Security Notice 400-1 - Georgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges or bypass internal XSS protections by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12838 | | Related CVE(s): | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505 | | Last Modified: | Jan 5 03:09:37 2007 |
| MD5 Checksum: | 585c084b6cac9f09a0225c147620205f |
|
| /// File Name: |
sa23591.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23591/ | | File Size: | 12572 | | Last Modified: | Jan 5 18:44:16 2007 |
| MD5 Checksum: | c391c033947d0457d6cd26e6e7a86ced |
|
| /// File Name: |
cisco-sa-20070103-CleanAccess.txt |
Description:
|
Cisco Security Advisory - The Cisco Clean Access Manager (CAM) and Cisco Clean Access Server (CAS) suffer from an unchangeable shared secret vulnerability. Also, manual backups of the database ('snapshots') taken on the CAM are susceptible to brute force download attacks. A malicious user can guess the file name and download it without authentication. The file itself is not encrypted or otherwise protected.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml | | File Size: | 12404 | | Last Modified: | Jan 4 02:34:40 2007 |
| MD5 Checksum: | 7f66a5ebe174302dc13434323da64b53 |
|
| /// File Name: |
sa23750.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities and security issues have been reported in BEA Weblogic, which can be exploited by malicious people or malicious users to gain knowledge of sensitive information, bypass certain security restrictions, conduct spoofing attacks, cause a DoS (Denial Of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23750/ | | File Size: | 10946 | | Last Modified: | Jan 18 03:44:32 2007 |
| MD5 Checksum: | 9fd5efef78c052f8327c43d34ba057c7 |
|
| /// File Name: |
dsa-1253-1.txt |
Description:
|
Debian Security Advisory 1253-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. A bug in the js_dtoa function allows remote attackers to cause a denial of service. "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code.
| | Homepage: | http://www.debian.org/security | | File Size: | 10927 | | Related CVE(s): | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503 | | Last Modified: | Jan 29 11:32:11 2007 |
| MD5 Checksum: | 71853013fa9f3eebef5078c94aff5f90 |
|
| /// File Name: |
LS-20061002.pdf |
Description:
|
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup version 11.5, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system.
| | Homepage: | http://www.lssec.com/ | | File Size: | 10892 | | Last Modified: | Jan 13 19:42:59 2007 |
| MD5 Checksum: | 2a88fd2c9cc44efd2cf38e86bd71bb0f |
|
| /// File Name: |
USN-404-1.txt |
Description:
|
Ubuntu Security Notice 404-1 - Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the MadWifi wireless driver did not correctly check packet contents when receiving scan replies. A remote attacker could send a specially crafted packet and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10637 | | Related CVE(s): | CVE-2006-6332 | | Last Modified: | Jan 13 18:16:48 2007 |
| MD5 Checksum: | a683bf299b92824f24c8165e6899dd2a |
|
| /// File Name: |
MDKSA-2007-009.txt |
Description:
|
Mandriva Linux Security Advisory - KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10596 | | Related CVE(s): | CVE-2006-6811 | | Last Modified: | Jan 13 18:48:52 2007 |
| MD5 Checksum: | d1b3c2f9ac91203b9ba59ea85e04b482 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
