Section: .. / Last 20 Advisory Files /
| /// File Name: | vmware-emulation.txt | Description:
| By exploiting the VMware flaw described in this document, user-mode code executing in a virtual machine may gain kernel privileges within the virtual machine, dependent upon the guest operating system. The flaw has been proven exploitable on x64 versions of Windows, and it has produced potentially exploitable crashes on x64 versions of *BSD. The Linux kernel does not allow exploitation of the flaws on x64 versions of Linux. | | Author: | Derek Soeder | | File Size: | 20674 | | Related CVE(s): | CVE-2008-4279, CVE-2008-3890 | | Last Modified: | Oct 6 18:43:37 2008 | | MD5 Checksum: | 9d308b99f74f10aaccfde19943b9cbc4 |
|
| /// File Name: | VMSA-2008-0016.txt | Description:
| VMware Security Advisory - VMware addresses an in-guest privilege escalation on 64-bit guest operating systems in ESX, ESXi, and previously released versions of our hosted product line. Updated VMware VirtualCenter Update 3 addresses potential information disclosure and updates Java JRE packages. | | Homepage: | http://www.vmware.com/ | | File Size: | 16144 | | Related CVE(s): | CVE-2008-4279, CVE-2008-4278, CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115 | | Last Modified: | Oct 6 18:39:57 2008 | | MD5 Checksum: | 6d2cadbdc3aa8d8b14781c8f7a10e20e |
|
| /// File Name: | MDVSA-2008-210.txt | Description:
| Mandriva Linux Security Advisory - CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13068 | | Related CVE(s): | CVE-2008-3906 | | Last Modified: | Oct 6 18:36:47 2008 | | MD5 Checksum: | 68b4e4fdd62c729cba03aa357003d366 |
|
| /// File Name: | MDVSA-2008-209.txt | Description:
| Mandriva Linux Security Advisory - Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user's credential cache. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3263 | | Related CVE(s): | CVE-2008-3825 | | Last Modified: | Oct 6 18:36:25 2008 | | MD5 Checksum: | 6c8c02e04058c8e9e9b7b397c121754e |
|
| /// File Name: | secunia-trendtraverse.txt | Description:
| Secunia Research has discovered a vulnerability in Trend Micro OfficeScan, which can be exploited by malicious people to gain knowledge of sensitive information. The vulnerability is caused by an input validation error in TmListen.exe when a client is configured to be an update agent. This can be exploited to retrieve arbitrary files from the system via directory traversal attacks. Affected is Trend Micro OfficeScan 7.3 patch 4 build 1367. | | Homepage: | http://secunia.com/ | | File Size: | 4246 | | Related CVE(s): | CVE-2008-2439 | | Last Modified: | Oct 3 14:08:29 2008 | | MD5 Checksum: | cd3bd7717ea3e9d76584427b2039083a |
|
| /// File Name: | USN-650-1.txt | Description:
| Ubuntu Security Notice 650-1 - A buffer overflow was discovered in cpio. If a user were tricked into opening a crafted cpio archive, an attacker could cause a denial of service via application crash, or possibly execute code with the privileges of the user invoking the program. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 5038 | | Related CVE(s): | CVE-2007-4476 | | Last Modified: | Oct 2 20:47:08 2008 | | MD5 Checksum: | 327a931e102a05f6cb3e829727a90e1a |
|
| /// File Name: | juniper-xss.txt | Description:
| Layered Defense Research Advisory - The Juniper Netscreen firewall NetOS version 5.4.0r9.0 suffers from a cross site scripting vulnerability. | | Author: | Deral Heiland | | Homepage: | http://www.layereddefense.com/ | | File Size: | 2156 | | Last Modified: | Oct 2 17:39:33 2008 | | MD5 Checksum: | 980859c903b74880d278edecfa19fc6c |
|
| /// File Name: | flash9-dereference.txt | Description:
| Flash 9 appears to suffer from a null pointer dereferencing in versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10. | | Author: | Matthew Dempsky | | Homepage: | http://www.mochimedia.com/ | | File Size: | 1259 | | Last Modified: | Oct 2 17:37:07 2008 | | MD5 Checksum: | 0c0bc484451003d874ae888ba3a01584 |
|
| /// File Name: | FreeBSD-SA-08.10.nd6.txt | Description:
| FreeBSD Security Advisory - IPv6 routers may allow "on-link" IPv6 nodes to create and update the router's neighbor cache and forwarding information. A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowing it to update router information for the victim node. | | Homepage: | http://security.freebsd.org/ | | File Size: | 5904 | | Related CVE(s): | CVE-2008-2476 | | Last Modified: | Oct 2 17:27:21 2008 | | MD5 Checksum: | 64e0b075d9702e72377ce9003d10ea78 |
|
| /// File Name: | USN-649-1.txt | Description:
| Ubuntu Security Notice 649-1 - It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious ~/.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixes for this issue were incomplete. A remote attacker could attempt multiple logins, filling all available connection slots, leading to a denial of service. This only affected Ubuntu 6.06 and 7.04. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 14795 | | Related CVE(s): | CVE-2008-1657, CVE-2008-4109 | | Last Modified: | Oct 1 22:51:55 2008 | | MD5 Checksum: | 58000d9dd0f2929fcc69919a75c30afe |
|
| /// File Name: | phpmyid-inject.txt | Description:
| phpMyID can act as a redirector and allows for header injection. Version 0.9 is affected. | | Author: | Raphael Geissert | | File Size: | 1274 | | Last Modified: | Oct 1 17:00:02 2008 | | MD5 Checksum: | 5abdc42df08402afe804c833a6b41859 |
|
| /// File Name: | USN-648-1.txt | Description:
| Ubuntu Security Notice 648-1 - Philipp Thomas discovered that the ppscan function of nasm contained an off-by-one error. If a user or automated system were tricked into assembling a specially crafted ASM file, a remote attacker could execute arbitrary commands with user privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 2349 | | Related CVE(s): | CVE-2008-2719 | | Last Modified: | Sep 30 20:34:06 2008 | | MD5 Checksum: | 02ceb93e6d6e71fbeecd6efcbed25e43 |
|
| /// File Name: | MDVSA-2008-208.txt | Description:
| Mandriva Linux Security Advisory - pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4216 | | Related CVE(s): | CVE-2008-3970 | | Last Modified: | Sep 30 19:50:24 2008 | | MD5 Checksum: | a210fc8fdfa941c74dbe873f705be559 |
|
| /// File Name: | MDVSA-2008-207.txt | Description:
| Mandriva Linux Security Advisory - A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4947 | | Related CVE(s): | CVE-2007-6559 | | Last Modified: | Sep 30 19:49:50 2008 | | MD5 Checksum: | 3d067fbb36dc5e7ad9fdda237e66b1c8 |
|
| /// File Name: | SSRT071467.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Diagnostics. The vulnerability could be remotely exploited to gain unauthorized access to files. | | Homepage: | http://www.hp.com/ | | File Size: | 5641 | | Related CVE(s): | CVE-2008-3542 | | Last Modified: | Sep 29 16:19:56 2008 | | MD5 Checksum: | 95ff7010c1e7f8b057909c0d64853f50 |
|
| /// File Name: | oCERT-2008-013.txt | Description:
| The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video file can be crafted in order to make the stream_read function reading or writing arbitrary amounts of memory. Versions 1.0 RC2 and below are affected. | | Author: | Andrea Barisani | | Homepage: | http://www.ocert.org/ | | File Size: | 1527 | | Related CVE(s): | CVE-2008-3827 | | Last Modified: | Sep 29 16:17:37 2008 | | MD5 Checksum: | 04fb49b9dd2a1bde22ac15f7a216ba41 |
|
| /// File Name: | MDVSA-2008-206.txt | Description:
| Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.17. This update provides the latest Thunderbird to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 50095 | | Related CVE(s): | CVE-2008-0016, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070 | | Last Modified: | Sep 26 20:40:56 2008 | | MD5 Checksum: | 008bd816f8a26f2fbd4aae2f98e81804 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
