Section: .. / 0703-advisories /
| /// File Name: |
conquest-overflow.txt |
Description:
|
Conquest versions 8.2a (svn 691) and below suffer from buffer overflow and memory corruption vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 5032 | | Last Modified: | Mar 9 03:54:06 2007 |
| MD5 Checksum: | 3da5d084d52b1e3a07f772753d604e34 |
|
| /// File Name: |
dkftpbench.txt |
Description:
|
The dkftpbench program is susceptible to a buffer overflow condition.
| | Author: | starcadi | | File Size: | 2753 | | Last Modified: | Mar 20 16:44:46 2007 |
| MD5 Checksum: | 4079b38c22fbc7abfd55ff481afa3e5f |
|
| /// File Name: |
dsa-1262-1.txt |
Description:
|
Debian Security Advisory 1262-1 - "Mu Security" discovered that a format string vulnerability in the VoIP solution GnomeMeeting allows the execution of arbitrary code
| | Homepage: | http://www.debian.org/security | | File Size: | 5117 | | Related CVE(s): | CVE-2007-1007 | | Last Modified: | Mar 8 23:45:32 2007 |
| MD5 Checksum: | ec080c4ef8b1ab53843558ca88d1b983 |
|
| /// File Name: |
dsa-1263-1.txt |
Description:
|
Debian Security Advisory 1263-1 - Several remote vulnerabilities have been discovered in in the Clam anti-virus toolkit, which may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 15695 | | Related CVE(s): | CVE-2007-0897, CVE-2007-0898 | | Last Modified: | Mar 9 01:25:28 2007 |
| MD5 Checksum: | dec08b49bd5e91f60e77ce77fe18358d |
|
| /// File Name: |
dsa-1265-1.txt |
Description:
|
Debian Security Advisory 1265-1 - Several security related problems have been discovered in Mozilla and derived products. Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. A bug in the js_dtoa function allows remote attackers to cause a denial of service. "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code. Georgi Guninski discovered several heap-based buffer overflows that allow remote attackers to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 30065 | | Related CVE(s): | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505 | | Last Modified: | Mar 14 01:58:47 2007 |
| MD5 Checksum: | 31c02d881051dd8d672d1d21b05bdedd |
|
| /// File Name: |
dsa-1266-1.txt |
Description:
|
Debian Security Advisory 1266-1 - Gerardo Richarte discovered that GnuPG, a free PGP replacement, provides insufficient user feedback if an OpenPGP message contains both unsigned and signed portions. Inserting text segments into an otherwise signed message could be exploited to forge the content of signed messages. This update prevents such attacks; the old behaviour can still be activated by passing the --allow-multiple-messages option.
| | Homepage: | http://www.debian.org/security | | File Size: | 5374 | | Related CVE(s): | CVE-2007-1263 | | Last Modified: | Mar 14 03:57:28 2007 |
| MD5 Checksum: | 8b2c522c226b2b6ee8864850a13d2b8f |
|
| /// File Name: |
dsa-1267-1.txt |
Description:
|
Debian Security Advisory 1267-1 - It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion.
| | Homepage: | http://www.debian.org/security | | File Size: | 2913 | | Related CVE(s): | CVE-2007-1343 | | Last Modified: | Mar 20 06:12:20 2007 |
| MD5 Checksum: | bb55eb5cfc33fa297c1418b6d5dd3764 |
|
| /// File Name: |
dsa-1268-1.txt |
Description:
|
Debian Security Advisory 1268-1 - iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents. Attackers were able to exploit these with carefully crafted Word Perfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 19974 | | Related CVE(s): | CVE-2007-0002 | | Last Modified: | Mar 20 16:17:55 2007 |
| MD5 Checksum: | cd81f0f25d6e0698ce913734b700463c |
|
| /// File Name: |
dsa-1269-1.txt |
Description:
|
Debian Security Advisory 1269-1 - Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
| | Homepage: | http://www.debian.org/security | | File Size: | 3033 | | Related CVE(s): | CVE-2007-0237 | | Last Modified: | Mar 20 16:23:30 2007 |
| MD5 Checksum: | e62f2f71dc14c7a754b957096c9ff821 |
|
| /// File Name: |
dsa-1270-1.txt |
Description:
|
Debian Security Advisory 1270-1 - iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents that is included in OpenOffice.org. Attackers are able to exploit these with carefully crafted WordPerfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. Next Generation Security discovered that the StarCalc parser in OpenOffice.org contains an easily exploitable stack overflow that could be used exploited by a specially crafted document to execute arbitrary code. It has been reported that OpenOffice.org does not escape shell meta characters and is hence vulnerable to execute arbitrary shell commands via a specially crafted document after the user clicked to a prepared link.
| | Homepage: | http://www.debian.org/security | | File Size: | 15242 | | Related CVE(s): | CVE-2007-0002, CVE-2007-0238, CVE-2007-0239 | | Last Modified: | Mar 21 04:10:19 2007 |
| MD5 Checksum: | 7eb058c1ee3247b7636d73e262340b08 |
|
| /// File Name: |
dsa-1270-2.txt |
Description:
|
Debian Security Advisory 1270-2 - Several security related problems have been discovered in OpenOffice.org, the free office suite. iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents that is included in OpenOffice.org. Attackers are able to exploit these with carefully crafted WordPerfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. Next Generation Security discovered that the StarCalc parser in OpenOffice.org contains an easily exploitable stack overflow that could be used exploited by a specially crafted document to execute arbitrary code. It has been reported that OpenOffice.org does not escape shell meta characters and is hence vulnerable to execute arbitrary shell commands via a specially crafted document after the user clicked to a prepared link.
| | Homepage: | http://www.debian.org/security | | File Size: | 40801 | | Related CVE(s): | CVE-2007-0002, CVE-2007-0238, CVE-2007-0239 | | Last Modified: | Mar 29 09:00:58 2007 |
| MD5 Checksum: | b6ee02a59e56836dba49bc7eb9c15c96 |
|
| /// File Name: |
dsa-1271-1.txt |
Description:
|
Debian Security Advisory 1271-1 - A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian.
| | Homepage: | http://www.debian.org/security | | File Size: | 12387 | | Related CVE(s): | CVE-2007-1507 | | Last Modified: | Mar 21 04:10:57 2007 |
| MD5 Checksum: | 53037cf5aa2791065e1690f176ea493e |
|
| /// File Name: |
dsa-1272-1.txt |
Description:
|
Debian Security Advisory 1272-1 - Moritz Jodeit discovered an off-by-one buffer overflow in tcpdump, a powerful tool for network monitoring and data acquisition, which allows denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 4935 | | Related CVE(s): | CVE-2007-1218 | | Last Modified: | Mar 24 02:50:26 2007 |
| MD5 Checksum: | 967484a637f57ff0a8471d719be2af2e |
|
| /// File Name: |
dsa-1273-1.txt |
Description:
|
Debian Security Advisory 1273-1 - Several vulnerabilities have been discovered in nas, the Network Audio System. A stack-based buffer overflow in the accept_att_local function in server/os/connection.c in nas allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. The AddResource function in server/dia/resource.c allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. Array index error allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. The ReadRequestFromClient function in server/os/io.c allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.
| | Homepage: | http://www.debian.org/security | | File Size: | 10832 | | Related CVE(s): | CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547 | | Last Modified: | Mar 28 17:57:35 2007 |
| MD5 Checksum: | 8cadded62e8d82be3b752f801c87f741 |
|
| /// File Name: |
dynaliens-xss.txt |
Description:
|
dynaliens versions 2.0 and 2.1 suffer from admin bypass and cross site scripting vulnerabilities.
| | Author: | sn0oPy | | File Size: | 1990 | | Last Modified: | Mar 9 03:58:22 2007 |
| MD5 Checksum: | dc59cafd849865443635ea2b98d3af1b |
|
| /// File Name: |
eportfolio10-multi.txt |
Description:
|
ePortfolio version 1.0 suffers from java related input validation vulnerabilities.
| | Author: | Stefan Friedli | | Homepage: | http://www.scip.ch/ | | File Size: | 3400 | | Last Modified: | Mar 9 00:22:22 2007 |
| MD5 Checksum: | f53eaf2b962ec6930e6f137e8d1d547b |
|
| /// File Name: |
fortinet-mcafee.txt |
Description:
|
Multiple remote buffer overflow vulnerabilities exist in the ActiveX Control named "SiteManager.Dll" of McAfee ePolicy Orchestrator. A remote attacker who successfully exploit these vulnerabilities can completely take control of the affected system. Affected software versions include McAfee ePolicy Orchestrator 3.6.1 and McAfee ePolicy Orchestrator 3.5 patch 6.
| | Author: | cocoruder | | Homepage: | http://www.fortinet.com/ | | File Size: | 6206 | | Last Modified: | Mar 20 03:59:23 2007 |
| MD5 Checksum: | 796dbbbee6e2d7dd23564ff29854fb73 |
|
| /// File Name: |
fsecure-format.txt |
Description:
|
A format string vulnerability was discovered within F-Secure Anti-Virus Client Security version 6.02. The vulnerability is due to improper processing of format strings when processing the Management Server name field.
| | Author: | Deral Heiland | | Homepage: | http://www.layereddefense.com/ | | File Size: | 1712 | | Last Modified: | Mar 20 16:32:21 2007 |
| MD5 Checksum: | 4c1afe8a945d7e861a2a94007a004a42 |
|
| /// File Name: |
glsa-200703-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-01 - The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Versions less than 2.6.1.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2753 | | Related CVE(s): | CVE-2006-5276 | | Last Modified: | Mar 6 07:25:25 2007 |
| MD5 Checksum: | c8daaa4b64e5525ba0b8065825d98f08 |
|
| /// File Name: |
glsa-200703-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-02 - SpamAssassin does not correctly handle very long URIs when scanning emails. Versions less than 3.1.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2418 | | Related CVE(s): | CVE-2007-0451 | | Last Modified: | Mar 6 07:25:46 2007 |
| MD5 Checksum: | d6a4dd1dc1e7c9b0900d955b0eb6c5d2 |
|
| /// File Name: |
glsa-200703-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-03 - An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the id parameter string used to create local files when parsing MIME headers. Versions less than 0.90 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2969 | | Related CVE(s): | CVE-2007-0897, CVE-2007-0898 | | Last Modified: | Mar 6 07:26:01 2007 |
| MD5 Checksum: | 33bc6d40f57da6256fc52a70e23f27ee |
|
| /// File Name: |
glsa-200703-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-04 - Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects Mozilla Firefox 2 only. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. Mozilla Firefox also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. Versions less than 2.0.0.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5477 | | Related CVE(s): | CVE-2006-6077, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0801, CVE-2007-0981, CVE-2007-0995 | | Last Modified: | Mar 6 07:26:26 2007 |
| MD5 Checksum: | 6331191602764866f36202dbe22f78c0 |
|
| /// File Name: |
glsa-200703-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-05 - Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Versions less than or equal to 1.7.13 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3685 | | Last Modified: | Mar 6 07:26:37 2007 |
| MD5 Checksum: | 9488c354f170da6e9cda12e22fed0989 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
