Section: .. / 0602-advisories /
| /// File Name: |
02.01.06-1.txt |
Description:
|
iDefense Security Advisory 02.01.06 - It has been found that a specially crafted m3u or pls file with a target filename having the .wma extension can crash Winamp giving the attacker control over the EAX register. The vulnerability appears to have been silently fixed in Winamp 5.11.
| | Author: | b0f | | Homepage: | http://www.idefense.com | | File Size: | 3088 | | Related CVE(s): | CVE-2005-3188 | | Last Modified: | Feb 2 20:33:54 2006 |
| MD5 Checksum: | 79ed6959a0c4e0e3aeb4166d0c99e956 |
|
| /// File Name: |
02.01.06-2.txt |
Description:
|
iDefense Security Advisory 02.01.06 - It has been found that a specially crafted m3u or pls file can overwrite a stack based buffer allowing for remote code execution. This vulnerability is specific to the 5.11 version of Winamp and does not affect previous versions.
| | Author: | b0f, Ruben Santamarta | | Homepage: | http://www.idefense.com | | Related Exploit: | winamp0day.c | | File Size: | 3223 | | Related CVE(s): | CVE-2006-0476 | | Last Modified: | Feb 2 20:37:00 2006 |
| MD5 Checksum: | fdc6c8286e1eeeec703e566675b07319 |
|
| /// File Name: |
02.07.06-1.txt |
Description:
|
iDefense Security Advisory 02.07.06 - Local exploitation of a stack-based buffer overflow vulnerability in QNX Inc.'s Neutrino RTOS Operating System allows local attackers to gain root privileges. The vulnerability specifically exists due to improper handling of environment variables in the libph system library. iDefense has confirmed the existence of this vulnerability on QNX Neutrino RTOS 6.3.0. All versions are suspected vulnerable.
| | Author: | Filipe Balestra | | Homepage: | http://www.idefense.com | | File Size: | 4842 | | Last Modified: | Feb 8 06:25:07 2006 |
| MD5 Checksum: | 94a5cddb5df520fc5e6adc3c707d9a0d |
|
| /// File Name: |
02.07.06-2.txt |
Description:
|
iDefense Security Advisory 02.07.06 - Local exploitation of a race condition vulnerability in QNX Neutrino RTOS's (QNX) phfont command allows attackers to gain root privileges. QNX Neutrino RTOS is a real-time operating system designed for use in embedded systems. The problem specifically exists because phfont spawns another command, phfontphf, without proper sanity checking. iDefense has confirmed the existence of these vulnerabilities in QNX Neutrino RTOS version 6.2.1. Earlier versions are also suspected to be susceptible to exploitation.
| | Author: | Knud Hojgaard | | Homepage: | http://www.idefense.com | | File Size: | 2971 | | Last Modified: | Feb 8 06:26:41 2006 |
| MD5 Checksum: | e0bc6779d4f1d17549b26c4a6809691a |
|
| /// File Name: |
02.07.06-3.txt |
Description:
|
iDefense Security Advisory 02.07.06 - Local exploitation of a buffer overflow in QNX Neutrino RTOS's (QNX) 'phgrafx' command allows attackers to gain root privileges. iDefense has confirmed the existence of these vulnerabilities in QNX Neutrino RTOS version 6.2.1. Earlier versions are suspected to be susceptible to exploitation as well.
| | Author: | Knud Hojgaard | | Homepage: | http://www.idefense.com | | File Size: | 2883 | | Last Modified: | Feb 8 06:27:38 2006 |
| MD5 Checksum: | 0a6b5c3a37e249f27172383d9db37d35 |
|
| /// File Name: |
02.07.06-4.txt |
Description:
|
iDefense Security Advisory 02.07.06 - Local exploitation of a buffer overflow in QNX Neutrino RTOS's (QNX) 'su' command allows attackers to gain root privileges. The problem specifically exists in the parsing of a long string passed as the first argument to the set user id (setuid) binary 'su'. iDefense has confirmed the existence of these vulnerabilities in QNX Neutrino RTOS version 6.2.0. Earlier versions are suspected to be susceptible to exploitation as well.
| | Author: | Texonet | | Homepage: | http://www.idefense.com | | File Size: | 2934 | | Last Modified: | Feb 8 06:28:47 2006 |
| MD5 Checksum: | 4b68bb38a3931b8a9961642e65081d8d |
|
| /// File Name: |
02.07.06-5.txt |
Description:
|
iDefense Security Advisory 02.07.06 - Local exploitation of a denial of service vulnerability in QNX Software Systems QNX Realtime Operating System (RTOS) allows attackers to crash the operating system. iDefense has confirmed the existence of this vulnerability in QNX RTOS version 6.3.0. Version 6.0 was also tested and found to not be vulnerable.
| | Homepage: | http://www.idefense.com | | File Size: | 2675 | | Last Modified: | Feb 8 06:29:51 2006 |
| MD5 Checksum: | a74427fdc0caa66182fbf13005ce4b41 |
|
| /// File Name: |
02.07.06-6.txt |
Description:
|
iDefense Security Advisory 02.07.06 - Local exploitation of a design vulnerability in QNX Software Systems QNX Realtime Operating System (RTOS) allows attackers to execute arbitrary commands with root privileges. The problem specifically exists because QNX RTOS 6.3.0 ships with world writable permissions on the file /etc/rc.d/rc.local. iDefense has confirmed the existence of this vulnerability in QNX RTOS version 6.3.0. Version 6.0 was also tested and found to not be vulnerable.
| | Homepage: | http://www.idefense.com | | File Size: | 2969 | | Last Modified: | Feb 8 06:30:49 2006 |
| MD5 Checksum: | 5159b61548c532863f51b5a32633c3f9 |
|
| /// File Name: |
02.07.06-7.txt |
Description:
|
iDefense Security Advisory 02.07.06 - Local exploitation of a buffer overflow in QNX Neutrino RTOS's (QNX) 'passwd' command allows attackers to gain root privileges. The problem specifically exists in the parsing of a long string passed as the first argument to the set user id (setuid) binary 'passwd'. iDefense has confirmed the existence of these vulnerabilities in QNX Neutrino RTOS version 6.2.0. Earlier versions are suspected to be susceptible to exploitation as well.
| | Author: | Texonet | | Homepage: | http://www.idefense.com | | File Size: | 2902 | | Last Modified: | Feb 8 06:31:45 2006 |
| MD5 Checksum: | 5f12d0b59a4332564f7ed6f236088883 |
|
| /// File Name: |
02.10.06.txt |
Description:
|
iDEFENSE Security Advisory 02.10.06 - Remote exploitation of a denial of service vulnerability in IBM Corp.'s Lotus Domino LDAP server allows attackers to crash the service, thereby preventing legitimate access. iDEFENSE is currently unaware of exploits for this vulnerability other than those maintained by iDEFENSE Labs. iDEFENSE has confirmed the existence of this vulnerability in Lotus Domino Server version 6.5.4. It is suspected that earlier versions of Lotus Domino Server are also affected.
| | Author: | Sebastian Apelt | | Homepage: | http://www.idefense.com/ | | File Size: | 3647 | | Related CVE(s): | CAN-2005-2712 | | Last Modified: | Feb 13 07:49:12 2006 |
| MD5 Checksum: | bc8355da78cbb6e50ad03eeec11df593 |
|
| /// File Name: |
02.14.06.txt |
Description:
|
iDefense Security Advisory 02.14.06 - A vulnerability in the Windows Media Player plugin can be triggered from several popular browsers such as FireFox and Netscape. The issue specifically can be triggered when certain browsers launch it with an overly long embed src tag from a malicious html page.
| | Author: | idefense | | Homepage: | http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393 | | File Size: | 4760 | | Last Modified: | Feb 15 00:46:35 2006 |
| MD5 Checksum: | bef52940d5c05ff95c6cddb584db5c5e |
|
| /// File Name: |
02.24.06.txt |
Description:
|
iDefense Security Advisory 02.24.06 - Local exploitation of an access validation error in SCO Unixware allows attackers to gain root privileges. The vulnerability specifically exists due to a failure to check permissions on traced executables. The ptrace() system call provides an interface for debugging other processes on the system. SCO Unixware's implementation of the ptrace system call fails to check for setuid permissions on binaries before attaching to the process. This results in the complete control of memory and execution for the traced process with root privileges. Attackers can inject data into the running setuid process and execute arbitrary code with root permissions. iDefense has confirmed the existence of this vulnerability in SCO Unixware versions 7.1.3 and 7.1.4. All previous versions of SCO Unixware are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com | | File Size: | 3163 | | Related CVE(s): | CAN-2005-2934 | | Last Modified: | Feb 26 05:45:37 2006 |
| MD5 Checksum: | 759036ff55d21839246e3a04d35ca7bb |
|
| /// File Name: |
AD20060216.txt |
Description:
|
Winamp versions up to and including 5.13 suffer from a .m3u buffer overflow vulnerability
| | Homepage: | http://secway.org/advisory/AD20060216.txt | | File Size: | 1024 | | Last Modified: | Feb 20 22:58:36 2006 |
| MD5 Checksum: | 6ce8097aa8fb6b01da815588d5251346 |
|
| /// File Name: |
Advisory-16.txt |
Description:
|
Invision Power Board 2.1.4 Multiple Full Path Disclosure Vulnerabilities.
| | Author: | Paisterist | | Homepage: | http://neosecurityteam.net | | File Size: | 3720 | | Last Modified: | Feb 22 21:10:38 2006 |
| MD5 Checksum: | 8e90337ff1f8286a3e838ee96d19f244 |
|
| /// File Name: |
aimOverflow.txt |
Description:
|
It appears that there may be a buffer overflow in AIM when supplied a large username to obtain buddy info.
| | Author: | Shell | | File Size: | 436 | | Last Modified: | Feb 2 11:12:04 2006 |
| MD5 Checksum: | 4f72fdf12607db2fa2746124edc2b77e |
|
| /// File Name: |
Archive_Zipr.txt |
Description:
|
Archive_Zipr is susceptible to a directory traversal attack when fed a malicious ZIP file. Version 1.1 has been found vulnerable.
| | Author: | Hamid Ebadi | | Homepage: | http://hamid.ir/security | | File Size: | 1585 | | Last Modified: | Feb 26 05:30:13 2006 |
| MD5 Checksum: | 2eff05fc4a4bee2a4f1edfe2a8f43c4a |
|
| /// File Name: |
blackberryWord.txt |
Description:
|
A corrupt Microsoft Word (.doc) file opened on a BlackBerry wireless device could potentially provide a means to execute arbitrary code on the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.
| | Author: | lukew | | File Size: | 1037 | | Last Modified: | Feb 14 05:32:03 2006 |
| MD5 Checksum: | 779b01c99b39b590a7c5239d36b3b9ad |
|
| /// File Name: |
bugzillaMultiple.txt |
Description:
|
Bugzilla versions 2.17.1 and above suffer from SQL injection flaws. Versions 2.20rc1 through 2.20 and 2.21.1 suffer from cross site scripting flaws. Versions 2.19.3 and above suffer from sensitive data exposure flaws.
| | Homepage: | http://www.bugzilla.org/ | | File Size: | 3851 | | Last Modified: | Feb 25 23:22:00 2006 |
| MD5 Checksum: | 9f98bb12da6919b9256102ab51db3085 |
|
| /// File Name: |
Bypass.pdf |
Description:
|
Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.
| | Author: | Mert SARICA | | File Size: | 597713 | | Last Modified: | Feb 2 20:54:52 2006 |
| MD5 Checksum: | 02f396549e367d3a97fae05d5f1e0d6d |
|
| /// File Name: |
CAID-33581.txt |
Description:
|
CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities - Summary: The following two security vulnerability issues have been identified in the CA Message Queuing (CAM / CAFT) software: 1) CAM is vulnerable to a Denial of Service (DoS) attack when a specially crafted message is received on TCP port 4105. 2) CAM is vulnerable to a Denial of Service (DoS) through the spoofing of CAM control messages.
| | Author: | Ken Williams | | Homepage: | http://ca.com/ | | File Size: | 5322 | | Last Modified: | Feb 3 01:12:55 2006 |
| MD5 Checksum: | 530d396e910f76e817041d822631f2b5 |
|
| /// File Name: |
CAID33581.txt |
Description:
|
The following two security vulnerability issues have been identified in the CA Message Queuing (CAM / CAFT) software: CAM is vulnerable to a Denial of Service (DoS) attack when a specially crafted message is received on TCP port 4105. CAM is vulnerable to a Denial of Service (DoS) through the spoofing of CAM control messages.
| | Author: | Ken Williams | | Homepage: | http://supportconnect.ca.com/ | | File Size: | 5322 | | Related OSVDB(s): | 21146,21147 | | Related CVE(s): | CVE-2006-0529, CVE-2006-0530 | | Last Modified: | Feb 2 21:05:35 2006 |
| MD5 Checksum: | 530d396e910f76e817041d822631f2b5 |
|
| /// File Name: |
cisco-SA-20060215-guard-auth.txt |
Description:
|
A vulnerability in versions 5.0(1) and 5.0(3) of the software used in Cisco Anomaly Detection and Mitigation appliances and service modules may allow unauthorized users to get unauthorized access to the devices and/or escalate their privileges if Terminal Access Controller Access Control System Plus (TACACS+) is incompletely configured.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20060215-guard.shtml | | File Size: | 16280 | | Last Modified: | Feb 20 22:17:13 2006 |
| MD5 Checksum: | 5e8c98bd203dfe6fa3933f7107b171ca |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
