Section: .. / 0804-advisories /
| /// File Name: |
sa29856.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29856/ | | File Size: | 2425 | | Last Modified: | Apr 17 18:36:32 2008 |
| MD5 Checksum: | 002ee6b06c857334aead0e52ac6a0037 |
|
| /// File Name: |
04.17.08-4.txt |
Description:
|
iDefense Security Advisory 04.17.08 - Remote exploitation of an integer underflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the code responsible for converting the QPRO file into an internal representation used by OpenOffice. A 16-bit integer is read in from the file, and later used as a loop counter that controls how many values are stored into local stack buffers. When verifying the value of this counter, the code decrements the counter without checking to see if this operation will underflow. This results in the loop running for many iterations, which leads to a stack based buffer overflow. This allows for the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.3. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3946 | | Related CVE(s): | CVE-2007-5747 | | Last Modified: | Apr 17 18:36:05 2008 |
| MD5 Checksum: | bb8c108060a98986dc60dc8fba35eb6a |
|
| /// File Name: |
04.17.08-2.txt |
Description:
|
iDefense Security Advisory 04.17.08 - Remote exploitation of an integer overflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the code responsible for parsing the EMR_STRETCHBLT record in an EMF file. This code reads in two 32-bit integers from the file, and then uses them in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This calculation can overflow, resulting in an insufficiently sized buffer being allocated. Subsequently, this buffer is overflowed with data from the file. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3470 | | Related CVE(s): | CVE-2007-5746 | | Last Modified: | Apr 17 18:32:20 2008 |
| MD5 Checksum: | 89042174d6abaa20543881003162702f |
|
| /// File Name: |
04.17.08-1.txt |
Description:
|
iDefense Security Advisory 04.17.08 - Remote exploitation of a heap based buffer overflow vulnerability in OpenOffice.org's OpenOffice, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the importer for files stored using the OLE format. When parsing the "DocumentSummaryInformation" stream, the vulnerable code does not correctly verify the size of a destination buffer before copying data from the file into it. This results in an exploitable heap overflow. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3.1. Other versions may also be affected.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 3409 | | Related CVE(s): | CVE-2008-0320 | | Last Modified: | Apr 17 18:31:05 2008 |
| MD5 Checksum: | 624877933491e6bd0d3012daf6ac2b07 |
|
| /// File Name: |
USN-603-2.txt |
Description:
|
Ubuntu Security Notice 603-2 - USN-603-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for KWord, part of KOffice. It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 48008 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 18:29:25 2008 |
| MD5 Checksum: | d868647294c24941511fa277eac06e2e |
|
| /// File Name: |
USN-603-1.txt |
Description:
|
Ubuntu Security Notice 603-1 - It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25543 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 18:28:39 2008 |
| MD5 Checksum: | ab602d084ad7a129d3846b95f49c622a |
|
| /// File Name: |
adc_advisories_oracle-dbms.txt |
Description:
|
Oracle provides database export functionality in various modes. One of the export modes is called Direct Path. This mode uses a special protocol message to extract table data rather than SQL queries. Using this special protocol message an attacker can extract information from tables and views to which she has not been granted access. Oracle 9 and 10 versions prior to April 2008 CPU are affected.
| | Homepage: | http://www.imperva.com/adc/ | | File Size: | 3054 | | Last Modified: | Apr 17 18:26:19 2008 |
| MD5 Checksum: | f9051714595d68f50665356d5693d9f1 |
|
| /// File Name: |
dsa-1550-1.txt |
Description:
|
Debian Security Advisory 1550-1 - It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users.
| | Homepage: | http://www.debian.org/security | | File Size: | 7859 | | Related CVE(s): | CVE-2008-1614 | | Last Modified: | Apr 17 18:18:54 2008 |
| MD5 Checksum: | bef82248dd7413e9a01bf8798566936a |
|
| /// File Name: |
dsa-1548-1.txt |
Description:
|
Debian Security Advisory 1548-1 - Kees Cook discovered a vulnerability in xpdf, set set of tools for display and conversion of Portable Document Format (PDF) files.
| | Homepage: | http://www.debian.org/security | | File Size: | 6400 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 18:17:03 2008 |
| MD5 Checksum: | 29c28e6cbf2659b22b137b48473c334b |
|
| /// File Name: |
sa29789.txt |
Description:
|
Secunia Security Advisory - S@BUN has reported a vulnerability in Koobi, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29789/ | | File Size: | 2493 | | Last Modified: | Apr 17 18:12:38 2008 |
| MD5 Checksum: | b1719706f37a094aee825898bb70fbd8 |
|
| /// File Name: |
sa29804.txt |
Description:
|
Secunia Security Advisory - Sebastien gioria has reported a vulnerability in BusinessObjects XI, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29804/ | | File Size: | 2675 | | Last Modified: | Apr 17 18:12:38 2008 |
| MD5 Checksum: | 312d41646f53e293d295ed53e6d53dc7 |
|
| /// File Name: |
sa29835.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for speex. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/29835/ | | File Size: | 2646 | | Last Modified: | Apr 17 18:12:38 2008 |
| MD5 Checksum: | a2470a2dec98e34d7ee987263f4c3170 |
|
| /// File Name: |
sa29850.txt |
Description:
|
Secunia Security Advisory - Guido Landi has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29850/ | | File Size: | 2442 | | Last Modified: | Apr 17 18:12:38 2008 |
| MD5 Checksum: | 30148ae404f7d30010958ff824f7bcf4 |
|
| /// File Name: |
sa29854.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for speex. This fixes a security issue, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/29854/ | | File Size: | 2552 | | Last Modified: | Apr 17 18:12:38 2008 |
| MD5 Checksum: | ef41d90e12e6f73dfac7e62fc820395f |
|
| /// File Name: |
sa29859.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for otrs. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29859/ | | File Size: | 2252 | | Last Modified: | Apr 17 18:12:38 2008 |
| MD5 Checksum: | 88176bc2beff898843f3c559d81b9f53 |
|
| /// File Name: |
sa29863.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Kolab Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29863/ | | File Size: | 2282 | | Last Modified: | Apr 17 18:12:38 2008 |
| MD5 Checksum: | 3d917edd4cfdf48c042e4f105ebfb62d |
|
| /// File Name: |
sa29864.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29864/ | | File Size: | 48832 | | Last Modified: | Apr 17 18:12:38 2008 |
| MD5 Checksum: | 2d7f6487a1d52af2175a83e0b8fbfbc5 |
|
| /// File Name: |
SSRT080048.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 10980 | | Last Modified: | Apr 17 13:01:33 2008 |
| MD5 Checksum: | 398f6b021079c9b1e4a851b6c27b2f22 |
|
| /// File Name: |
sa29827.txt |
Description:
|
Secunia Security Advisory - AmnPardaz Security Research Team have reported a vulnerability in Carbon Communities, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29827/ | | File Size: | 2906 | | Last Modified: | Apr 17 13:00:31 2008 |
| MD5 Checksum: | d74ec2eb3bb150bb75768f1f22c1f3ff |
|
| /// File Name: |
sa29861.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29861/ | | File Size: | 2265 | | Last Modified: | Apr 17 13:00:31 2008 |
| MD5 Checksum: | 77553ee23a6a17e3ab74073a0ec88a56 |
|
| /// File Name: |
glsa-200804-18-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-18:02 - Kees Cook from the Ubuntu Security Team reported that the CairoFont::create() function in the file CairoFontEngine.cc does not verify the type of an embedded font object inside a PDF file before dereferencing a function pointer from it. Versions less than 0.6.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2767 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 13:00:06 2008 |
| MD5 Checksum: | 612bdd38fe87f5366161e2398640c274 |
|
| /// File Name: |
glsa-200804-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-17 - oCERT reported that the Speex library does not properly validate the mode value it derives from Speex streams, allowing for array indexing vulnerabilities inside multiple player applications. Within Gentoo, xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins, vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found to be vulnerable. Versions less than 1.2_beta3_p2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2862 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | Apr 17 12:59:49 2008 |
| MD5 Checksum: | ee288931bf1cd9a812264b858cb2b855 |
|
| /// File Name: |
glsa-200804-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-16 - Sebastian Krahmer of SUSE reported an integer overflow in the expand_item_list() function in the file util.c which might lead to a heap-based buffer overflow when extended attribute (xattr) support is enabled. Versions less than 2.6.9-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3082 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 17 12:59:36 2008 |
| MD5 Checksum: | 98c38477401727430caa10b51ec9bb66 |
|
| /// File Name: |
dsa-1547-1.txt |
Description:
|
Debian Security Advisory 1547-1 - Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the heap potentially leading to the execution of arbitrary code. Specially crafted EMF files can trigger a buffer overflow in the heap that may lead to the execution of arbitrary code. A bug has been discovered in the processing of OLE files that can cause a buffer overflow in the heap potentially leading to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 52522 | | Related CVE(s): | CVE-2008-0320, CVE-2007-5746, CVE-2007-5745, CVE-2007-5747 | | Last Modified: | Apr 17 12:59:27 2008 |
| MD5 Checksum: | 3e602f9510435bd086117c6f3188a51f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
