Section: .. / 0806-advisories /
| /// File Name: |
06.03.08-1.txt |
Description:
|
iDefense Security Advisory 06.03.08 - Remote exploitation of a file creation vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to execute arbitrary code with root privileges. The vulnerability exists within a file included by several ASP applications. This file provides a function that will write the contents contained within its first parameter to a file specified by its second parameter. Several ASP applications allow an attacker to control both the content and the location of the file written. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3408 | | Related CVE(s): | CVE-2008-2401 | | Last Modified: | Jun 4 14:49:12 2008 |
| MD5 Checksum: | 8dbf267595467d2d9798b14b7fc67199 |
|
| /// File Name: |
06.03.08-2.txt |
Description:
|
iDefense Security Advisory 06.03.08 - Remote exploitation of an information disclosure vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to obtain sensitive information. This vulnerability exists due to the placement of the password and configuration data within the application server root directory. By making requests for specific, sensitive documents an attacker could obtain the configuration or password hashes of allowed users. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3230 | | Related CVE(s): | CVE-2008-2402 | | Last Modified: | Jun 4 14:50:13 2008 |
| MD5 Checksum: | 6bff91311fa22d98ea6598945ac2cb60 |
|
| /// File Name: |
06.03.08-3.txt |
Description:
|
iDefense Security Advisory 06.03.08 - Remote exploitation of multiple directory traversal vulnerabilities in Sun Microsystem's Java System Active Server Pages allows attackers to obtain the contents of, and delete, sensitive files on the system. Both vulnerabilities exist within ASP applications included with the product. When accessed via the administration server, the ASP engine does not prevent directory traversal using the "../" construct. By supplying a specially crafted HTTP request to one of the affected ASP applications, an attacker is able to read from arbitrary files. One of the applications will disclose only the first and third lines of the file. Once the application is finished processing the file, it will delete it. iDefense has confirmed the existence of these vulnerabilities within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4053 | | Related CVE(s): | CVE-2008-2403 | | Last Modified: | Jun 4 21:26:19 2008 |
| MD5 Checksum: | f6c07a3ad5196b0dfa7d7cdccbef8eff |
|
| /// File Name: |
06.03.08-4.txt |
Description:
|
iDefense Security Advisory 06.03.08 - Remote exploitation of a buffer overflow vulnerability in Sun Microsystem's Java System Active Server Pages allows attackers to execute arbitrary code in the context of the ASP server. The vulnerability exists within the request handling code within the ASP server. An attacker supplied string is copied into a fixed size stack buffer without first validating that there is sufficient space available. By supplying a specially crafted request, an attacker can cause a stack-based buffer overflow. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3639 | | Related CVE(s): | CVE-2008-2404 | | Last Modified: | Jun 4 21:33:07 2008 |
| MD5 Checksum: | 77b760295083e4a9980f478a113f9930 |
|
| /// File Name: |
06.03.08-5.txt |
Description:
|
iDefense Security Advisory 06.03.08 - Remote exploitation of multiple command injection vulnerabilities in Sun Microsystem's Java System Active Server Pages allows attackers to execute arbitrary code with root privileges. These vulnerabilities exist within several ASP applications that execute shell commands. The problem lies in the fact that these applications do not filter or escape the parameters passed to these commands. By inserting shell meta-characters into an HTTP request, an attacker is able to execute arbitrary shell commands. iDefense has confirmed the existence of these vulnerabilities within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3729 | | Related CVE(s): | CVE-2008-2405 | | Last Modified: | Jun 4 21:36:15 2008 |
| MD5 Checksum: | 19beb26a54b11c3b19321dec1eb1418c |
|
| /// File Name: |
06.03.08-6.txt |
Description:
|
iDefense Security Advisory 06.03.08 - Remote exploitation of design error in Sun Microsystem's Java System Active Server Pages allows attackers to bypass administration server authentication mechanisms. The vulnerability exists due to improper design of the ASP application server. The administration application server exists as a stand-alone service that listens on TCP port 5102. By connecting directly to this service and making requests, attackers are able to bypass authentication mechanisms introduce by the administration HTTP server. iDefense has confirmed the existence of this vulnerability within version 4.0.2 of Sun Microsystems Inc.'s Java System Active Server Pages. Older versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3363 | | Related CVE(s): | CVE-2008-2406 | | Last Modified: | Jun 4 21:37:44 2008 |
| MD5 Checksum: | 8d89ab4e57cd2ebc50bd512391243cf8 |
|
| /// File Name: |
06.04.08-1.txt |
Description:
|
iDefense Security Advisory 06.04.08 - Local exploitation of a stack-based buffer overflow in Kaspersky Lab's Internet Security could allow an attacker to execute arbitrary code in the context of the kernel. The kl1.sys kernel driver distributed with Internet Security contains a stack-based buffer overflow in the handling of IOCTL 0x800520e8. This issue is caused by a failure to properly perform bounds checks on user-supplied data that is passed to the swprintf function as a source buffer. The destination buffer in this case is a 2,000 element wide-character array. If the source buffer exceeds 2,000 characters, a buffer overflow will occur leading to the execution of arbitrary code. Kaspersky Lab's Internet Security version 7.0.1.325 is confirmed to be vulnerable to this issue. Previous versions are also suspected to be vulnerable.
| | Author: | Tobias Klein | | Homepage: | http://www.idefense.com/ | | File Size: | 3142 | | Related CVE(s): | CVE-2008-1518 | | Last Modified: | Jun 4 21:39:36 2008 |
| MD5 Checksum: | 5e05be0651869f51e15ae78dbb77294b |
|
| /// File Name: |
06.04.08-2.txt |
Description:
|
iDefense Security Advisory 06.04.08 - Remote exploitation of a security policy bypass in Skype could allow an attacker to execute arbitrary code in the context of the user. The "file:" URI handler in Skype performs checks upon the URL to verify that the link does not contain certain file extensions related to executable file formats. If the link is found to contain a blacklisted file extension, a security warning dialog is shown to the user. The following file extensions are checked and considered dangerous by Skype; .ade, .adp, .asd, .bas, .bat, .cab, .chm, .cmd, .com, .cpl, .crt, .dll, .eml, .exe, .hlp, .hta, .inf, .ins, .isp, .js. Due to improper logic when performing these checks, it is possible to bypass the security warning and execute the program. iDefense confirmed version 3.6.0.248 of Skype to be vulnerable. Previous versions are also suspected to be vulnerable.
| | Author: | Ismael Briones | | Homepage: | http://www.idefense.com/ | | File Size: | 3583 | | Related CVE(s): | CVE-2008-1805 | | Last Modified: | Jun 4 21:41:57 2008 |
| MD5 Checksum: | 35239d73f67f3df8ac52618e6641b13a |
|
| /// File Name: |
06.04.08-3.txt |
Description:
|
iDefense Security Advisory 06.04.08 - Local exploitation of a input validation vulnerability within VMware's Hgfs.sys driver could allow an unprivileged attacker to execute arbitrary code within the kernel of a Windows guest operating system. When a VMware guest operating system has the VMware Tools package installed, the hgfs.sys driver is loaded on the machine. This driver allows any user to open the device "\\.\hgfs" and issue IOCTLs with a buffering mode of METHOD_NEITHER. This allows untrusted user mode code to pass kernel addresses as arguments to the driver. iDefense confirmed the existence of this vulnerability in hgfs.sys as included with VMware Workstation 5.5.4. Other versions are suspected vulnerable as well.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3921 | | Related CVE(s): | CVE-2008-5671 | | Last Modified: | Jun 6 18:50:32 2008 |
| MD5 Checksum: | 20c213b8be2a663119c92bebefe0f3b0 |
|
| /// File Name: |
06.04.08-4.txt |
Description:
|
iDefense Security Advisory 06.04.08 - Local exploitation of an untrusted library path vulnerability in multiple products distributed by VMware Inc. could allow an attacker to execute arbitrary code with root privileges. The Linux version of VMware products include a program called 'vmware-authd', which is installed set-uid root. When this program is executed, it reads configuration options from the executing user's VMware configuration file. One such option allows the user to specify the directory in which to look for shared library modules needed by the program. By loading a specially crafted library, an attacker can execute arbitrary code with elevated privileges. iDefense confirmed the existence of this vulnerability in the following VMware products: VMware Workstation 6.0.2.59824 for Linux, VMware GSX Server 3.2.1.14497 for Linux, and VMware ESX Server 3.0.1.32039.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3725 | | Related CVE(s): | CVE-2008-0967 | | Last Modified: | Jun 5 15:24:06 2008 |
| MD5 Checksum: | 2a3b23e6378730d10e8b9d874a596767 |
|
| /// File Name: |
06.10.08-1.txt |
Description:
|
iDefense Security Advisory 06.10.08 - Remote exploitation of an integer overflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists due to the rtl_allocateMemory() function rounding up allocation requests to be aligned on an 8 byte boundary without checking if this rounding results in an integer overflow condition. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.4. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4761 | | Related CVE(s): | CVE-2008-2152 | | Last Modified: | Jun 10 12:27:51 2008 |
| MD5 Checksum: | 5435a52afd90be836d76a10f86e292ce |
|
| /// File Name: |
06.10.08-2.txt |
Description:
|
iDefense Security Advisory 06.10.08 - Remote exploitation of an integer overflow vulnerability in the FreeType2 library, as included in various vendors' operating systems, could allow an attacker to execute arbitrary code with the privileges of the affected application. iDefense has confirmed the existence of this vulnerability in FreeType2 version 2.3.5. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3596 | | Related CVE(s): | CVE-2008-1806 | | Last Modified: | Jun 10 22:38:42 2008 |
| MD5 Checksum: | a9e65b1a3c2fffb39794edb554b9a803 |
|
| /// File Name: |
06.10.08-3.txt |
Description:
|
iDefense Security Advisory 06.10.08 - Remote exploitation of a memory corruption vulnerability in the FreeType2 library, as included in various vendors' operating systems, could allow an attacker to execute arbitrary code with the privileges of the affected application. iDefense has confirmed the existence of this vulnerability in FreeType2 version 2.3.5. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3472 | | Related CVE(s): | CVE-2008-1807 | | Last Modified: | Jun 10 22:39:31 2008 |
| MD5 Checksum: | ffadea1dac3d6b9c991c4408037734ea |
|
| /// File Name: |
06.10.08-4.txt |
Description:
|
iDefense Security Advisory 06.10.08 - Remote exploitation of multiple heap overflow vulnerabilities in the FreeType2 library, as included in various vendors' operating systems, could allow an attacker to execute arbitrary code with the privileges of the affected application. iDefense has confirmed the existence of these vulnerabilities in FreeType2 version 2.3.5. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3992 | | Related CVE(s): | CVE-2008-1808 | | Last Modified: | Jun 10 22:40:34 2008 |
| MD5 Checksum: | 46e074a304e454aa5adcdae2c8b6a925 |
|
| /// File Name: |
06.11.08-1.txt |
Description:
|
iDefense Security Advisory 06.11.08 - Local exploitation of an integer overflow vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. The vulnerability exists within the AllocateGlyph() function, which is called from several request handlers in the render extension. This function takes several values from the request, and multiplies them together to calculate how much memory to allocate for a heap buffer. This calculation can overflow, which leads to a heap overflow. iDefense has confirmed the existence of this vulnerability in X server 1.4 included with X.org X11R7.3, with all patches as of 03/01/08 applied. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4135 | | Related CVE(s): | CVE-2008-2360 | | Last Modified: | Jun 11 18:22:26 2008 |
| MD5 Checksum: | 0c8278845aad04aaa0cbb9f6e4722696 |
|
| /// File Name: |
06.11.08-2.txt |
Description:
|
iDefense Security Advisory 06.11.08 - Local exploitation of an integer overflow vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to create a denial of service (DoS) condition on the affected X server. The vulnerability exists within the ProcRenderCreateCursor() function. When parsing a client request, values are taken from the request and used in an arithmetic operation that calculates the size of a dynamic buffer. This calculation can overflow, which results in an undersized buffer being allocated. This leads to an invalid memory access, which crashes the X server. iDefense has confirmed the existence of these this vulnerability in X.org X11 version R7.3, with all patches as of 03/01/08 applied. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4023 | | Related CVE(s): | CVE-2008-2361 | | Last Modified: | Jun 11 18:23:34 2008 |
| MD5 Checksum: | 1aac731a1df26bc92016e8603a765815 |
|
| /// File Name: |
06.11.08-3.txt |
Description:
|
iDefense Security Advisory 06.11.08 - Local exploitation of an integer overflow vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. iDefense has confirmed the existence of this vulnerability in X.org X11 version R7.3, with all patches as of 03/01/08 applied. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4248 | | Related CVE(s): | CVE-2008-2362 | | Last Modified: | Jun 11 18:24:21 2008 |
| MD5 Checksum: | 6fcefa2590859e0359151b323865f5f4 |
|
| /// File Name: |
06.11.08-4.txt |
Description:
|
iDefense Security Advisory 06.11.08 - Local exploitation of multiple memory corruption vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. iDefense has confirmed the existence of these vulnerabilities in X server 1.4 included with X.org X11R7.3, with all patches as of 03/01/08 applied. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4164 | | Related CVE(s): | CVE-2008-1377 | | Last Modified: | Jun 11 18:25:41 2008 |
| MD5 Checksum: | 84d5bbe99f8952f376797d89c1dba252 |
|
| /// File Name: |
06.11.08-5.txt |
Description:
|
iDefense Security Advisory 06.11.08 - Local exploitation of an information disclosure vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to gain access to sensitive information stored in server memory. The vulnerability exists when creating a Pixmap in the fbShmPutImage() function. The width and height of the Pixmap, which are controlled by the user, are not properly validated to ensure that the Pixmap they define are within the bounds of the shared memory segment. This allows an attacker to read arbitrary areas of memory in the X server process. iDefense has confirmed the existence of this vulnerability in X server 1.4 included with X.org X11R7.3, with all patches as of 03/01/08 applied. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3891 | | Related CVE(s): | CVE-2008-1379 | | Last Modified: | Jun 11 18:26:27 2008 |
| MD5 Checksum: | b97be81b56db7c21a2c2ce11144f8ca3 |
|
| /// File Name: |
200806-msiexec.txt |
Description:
|
Microsoft's Windows Installer (msiexec.exe) suffers from a stack overflow vulnerability in versions 4.5.6001.22159 and 3.1.4000.1823.
| | Author: | Patrick Webster | | Homepage: | http://www.aushack.com/ | | File Size: | 1241 | | Last Modified: | Jun 3 14:22:27 2008 |
| MD5 Checksum: | b6fb5a36d1ea5141585210b6e447a3ae |
|
| /// File Name: |
akamai-client.txt |
Description:
|
Akamai has become aware of a security vulnerability within the Akamai Client Software which can be exploited to conduct cross-site request forgery attacks. This vulnerability exists only in the Akamai Client Software and does not affect Akamai's other services in any way. Akamai has no evidence to date that any attempt has been made to exploit this vulnerability. Versions up to and including 3322 are affected.
| | Author: | Dyon Balding | | Homepage: | http://www.akamai.com/ | | File Size: | 2644 | | Related CVE(s): | CVE-2008-1106 | | Last Modified: | Jun 6 19:00:08 2008 |
| MD5 Checksum: | fc326243c69b4d4e830d7859c4a406d6 |
|
| /// File Name: |
akamai-download.txt |
Description:
|
Akamai has become aware of a security vulnerability within the Akamai Download Manager up to and including version 2.2.3.5 of the ActiveX control.
| | Author: | FortiNet | | Homepage: | http://www.akamai.com/ | | File Size: | 4229 | | Related CVE(s): | CVE-2008-1770 | | Last Modified: | Jun 4 21:51:46 2008 |
| MD5 Checksum: | f391244bfc4310cfc809629189dfd989 |
|
| /// File Name: |
akamai-downloadmanager.txt |
Description:
|
A parameter injection vulnerability exists in Akamai Download Manager. By exploiting this vulnerability, the remote attacker can make the users to download arbitrary file, and save it to arbitrary location while they are visiting a vicious web page. It means an attacker who successfully exploits this vulnerability can run arbitrary code on the affected system. Akamai Download Manager ActiveX control version 2.2.3.5 is affected.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 4086 | | Related CVE(s): | CVE-2008-1770 | | Last Modified: | Jun 4 22:30:23 2008 |
| MD5 Checksum: | 972939a7a53ae8769b81b22a6fa4dffc |
|
| /// File Name: |
AST-2008-008.txt |
Description:
|
Asterisk Project Security Advisory - During pedantic SIP processing the From header value is passed to the ast_uri_decode function to be decoded. In two instances it is possible for the code to cause a crash as the From header value is not checked to be non-NULL before being passed to the function.
| | Author: | Hooi Ng | | Homepage: | http://www.asterisk.org/security | | File Size: | 7903 | | Related CVE(s): | CVE-2008-2119 | | Last Modified: | Jun 3 20:44:47 2008 |
| MD5 Checksum: | 274a39a6408e05bdf7e297519d6d7c24 |
|
| /// File Name: |
AST-2008-009.txt |
Description:
|
Asterisk Project Security Advisory - The ooh323 channel driver provided in Asterisk Addons used a TCP connection to pass commands internally. The payload of these packets included addresses of memory which were to be freed after the command was processed. By sending arbitrary data to the listening TCP socket, one could cause an almost certain crash since the command handler would attempt to free invalid memory. This problem was made worse by the fact that the listening TCP socket was bound to whatever IP address was specified by the "bindaddr" option in ooh323.conf.
| | Author: | Tzafrir Cohen | | Homepage: | http://www.asterisk.org/security | | File Size: | 8573 | | Related CVE(s): | CVE-2008-2543 | | Last Modified: | Jun 4 22:28:15 2008 |
| MD5 Checksum: | 08de5b8e2e15b1b9e7da7a41667b223e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
