Section: .. / 0608-advisories /
| /// File Name: |
MDKSA-2006-150.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-150 - A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 7888 | | Related CVE(s): | CVE-2006-0554, CVE-2006-0744, CVE-2006-1343, CVE-2006-1857, CVE-2006-1858, CVE-2006-1863, CVE-2006-1864, CVE-2006-2274, CVE-2006-2935, CVE-2006-2936, CVE-2006-3468, CVE-2006-3745 | | Last Modified: | Aug 28 01:07:36 2006 |
| MD5 Checksum: | ea246ab274c940198e585ce3597c3775 |
|
| /// File Name: |
MDKSA-2006-153.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-153 - A stack-based buffer overflow in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. A buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format record in which the length character is not a valid hexadecimal character.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4407 | | Related CVE(s): | CVE-2005-4807, CVE-2006-2362 | | Last Modified: | Aug 29 12:58:56 2006 |
| MD5 Checksum: | db71ffc94da6ff91a51660da2b149cd4 |
|
| /// File Name: |
MDKSA-2006-154.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-154 - The libXm library in LessTif versions 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4833 | | Related CVE(s): | CVE-2006-4124 | | Last Modified: | Aug 29 13:00:05 2006 |
| MD5 Checksum: | 2173c0f4d5d32c1a6073bad6c3fc4a30 |
|
| /// File Name: |
MDKSA-2006-155.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-155 - Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. An integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large bytes_per_pixel, columns, and rows values, which trigger a heap-based buffer overflow.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5285 | | Related CVE(s): | CVE-2006-3743, CVE-2006-3744, CVE-2006-4144 | | Last Modified: | Aug 29 13:09:43 2006 |
| MD5 Checksum: | e512f9d3613621def450aad30b76ea2d |
|
| /// File Name: |
MITKRB-SA-2006-001.txt |
Description:
|
MIT krb5 Security Advisory 2006-001 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation.
| | Homepage: | http://web.mit.edu/ | | File Size: | 6121 | | Related CVE(s): | CVE-2006-3083, CVE-2006-3084 | | Last Modified: | Aug 18 02:15:54 2006 |
| MD5 Checksum: | 0c1c5ebbbd9d2f09b63d67ad70fcacd1 |
|
| /// File Name: |
modrewrite.txt |
Description:
|
Mod_rewrite is an Apache module that can be used to remap requests based on regular expression matches of the requested URI. A buffer overflow vulnerability exists when dealing with rewritten URI's that are prefixed with the LDAP protocol scheme.
| | Author: | Mark Dowd | | Homepage: | http://www.avertlabs.com/ | | File Size: | 2945 | | Related CVE(s): | CVE-2006-3747 | | Last Modified: | Aug 3 00:53:35 2006 |
| MD5 Checksum: | 7771959086da058fc8bcfb0c2e59cf43 |
|
| /// File Name: |
mptho.txt |
Description:
|
OpenMPT versions 1.17.02.43 and below suffer from various buffer and heap overflows.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org | | Related Exploit: | mptho.zip | | File Size: | 3973 | | Last Modified: | Aug 26 21:05:15 2006 |
| MD5 Checksum: | fec3f50ed2e3e2dea43391fc0504b170 |
|
| /// File Name: |
mshelpExec.txt |
Description:
|
Multiple remote code execution and denial of service vulnerabilities exist in Microsoft Help (WINHLP32.EXE) due to a file handling issue.
| | Author: | Benjamin Tobias Franz | | File Size: | 1264 | | Last Modified: | Aug 26 23:05:52 2006 |
| MD5 Checksum: | ffe5b850b153c0a263d1d7d760c62c92 |
|
| /// File Name: |
msterminal.txt |
Description:
|
There is a vulnerability in Microsoft Terminal Server when an application is specified for the user instead of a full Windows Desktop. It is possible to easily cause an error in explorer.exe and to gain access to a full Desktop. This is an issue for anyone publishing applications through TS to domain users who also logon to full desktops either on the TS or on another machine.
| | Author: | Bill Littlejohn | | File Size: | 1253 | | Last Modified: | Aug 27 13:45:19 2006 |
| MD5 Checksum: | 1fc1123097f5a7d14867a71a6c53b5a2 |
|
| /// File Name: |
MU-200608-01.txt |
Description:
|
A remote stack buffer overflow condition in Asterisk's MGCP implementation could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed AUEP (audit endpoint) response message. A second issue exists in the handling of file names sent to the Record() application which could lead to arbitrary code execution via a format string attack or arbitrary file-overwrite via directory traversal techniques. The impact of this vulnerability is minimal, however, as it requires an administrator to use a client-controlled variable as part of the filename. Asterisk versions 1.0.0 through 1.2.10 are affected.
| | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 2849 | | Last Modified: | Aug 27 19:59:09 2006 |
| MD5 Checksum: | 3405904e50aa9f70f1d70da48e2cecd0 |
|
| /// File Name: |
myspace.txt |
Description:
|
Myspace.com appears to have a worm propagating via user pages.
| | Author: | Matthew Wollenweber | | File Size: | 4173 | | Last Modified: | Aug 28 23:02:42 2006 |
| MD5 Checksum: | 5dc702af1a82b665f4cf519e20f3c8d5 |
|
| /// File Name: |
NISR02082006A.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - When an Informix server logs on a user it copies the username to a 260 byte stack based buffer without first verifying its length. An attacker can exploit this by overflowing this buffer to overwrite the saved return address on the stack and thus redirect the process' path of execution to a location of their choosing. Versions 9.40.xC6 and below are affected. Versions 10.00.xC2 and below are affected.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2348 | | Related CVE(s): | CVE-2006-3853 | | Last Modified: | Aug 27 00:32:48 2006 |
| MD5 Checksum: | 2a1610a31726c9d9726e8f05d201102c |
|
| /// File Name: |
NISR02082006B.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. When IBM released a patch for the overly long username buffer overflow (CVE-2006-3853) it was discovered that the patch introduced a new buffer overflow vulnerability. Versions affected include 9.40.xC7 and xC8, 10.00.xC3 and xC4.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2267 | | Related CVE(s): | CVE-2006-3853, CVE-2006-3854 | | Last Modified: | Aug 27 00:34:28 2006 |
| MD5 Checksum: | 0d741bc614c48dd1b99de79937d95136 |
|
| /// File Name: |
NISR02082006C.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. An attacker can force to the database server to load an arbitrary library and thus execute arbitrary code. The ifx_load_internal SQL function can be used to load an arbitrary library into the address space of the database server process. By placing code in the DllMain() function on Windows or _init() on Linux an attacker can have this code execute automatically when the library is loaded. In conjunction with exploiting other flaws it is possible to remotely create a library over SQL, dump this to the server disk and then load it. All versions are affected.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2188 | | Related CVE(s): | CVE-2006-3855 | | Last Modified: | Aug 27 00:35:45 2006 |
| MD5 Checksum: | b8d173ad4c04f94ba83b3cd3ce98f140 |
|
| /// File Name: |
NISR02082006D.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple buffer overflow vulnerabilities were discovered that could be exploited via SQL or the protocol. All versions are affected.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2543 | | Related CVE(s): | CVE-2006-3857 | | Last Modified: | Aug 27 00:36:34 2006 |
| MD5 Checksum: | 8875427912f012a55b6338d61b48cb0d |
|
| /// File Name: |
NISR02082006E.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple password exposure flaws were discovered. When a user logs on to an Informix server their cleartext password can be found in a shared memory section. On Windows "everyone" can open the section and read the contents and thus gain access to the passwords for every logged on user. On both Linux and Windows, in the event of a crash the share memory is dumped in a log file which is world readable. All versions are affected.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2005 | | Related CVE(s): | CVE-2006-3858 | | Last Modified: | Aug 27 00:37:52 2006 |
| MD5 Checksum: | a61d36800c1b28ff381005ac203e1e33 |
|
| /// File Name: |
NISR02082006F.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple arbitrary command execution flaws were found. It is possible to inject arbitrary operating system commands into the SET DEBUG FILE SQL statement and the start_onpload and dbexp procedures. Any commands injected into SET DEBUG FILE will execute with the privileges of the informix user; any command injected into dbexp or start_onpload will execute with the privileges of the logged on user. All versions are affected.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2021 | | Related CVE(s): | CVE-2006-3860 | | Last Modified: | Aug 27 00:38:50 2006 |
| MD5 Checksum: | 74ea9745c14f2d2c36c2c7fb96ee99a4 |
|
| /// File Name: |
NISR02082006G.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that an overflow could be triggered in a shared library with the SQLIDEBUG environment variable. This can be triggered to gain root privileges by accessing one of the setuid root binaries such as onmode. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2144 | | Related CVE(s): | CVE-2006-3862 | | Last Modified: | Aug 27 00:40:15 2006 |
| MD5 Checksum: | 7f64285bcca453df2f6588f93dc4db6e |
|
| /// File Name: |
NISR02082006H.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that any user can create a database and thus gain DBA privileges. On Informix public has the connect privilege; thus anyone with a login may connect. Public can also issue the create database command. When the database is created, the user that created the database is made a DBA of that database. A DBA can execute code as the informix user and trivially gain root privileges. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2192 | | Related CVE(s): | CVE-2006-3861 | | Last Modified: | Aug 27 00:41:54 2006 |
| MD5 Checksum: | a9a996c792c7d57a32ccd09ac3c50373 |
|
| /// File Name: |
NISR02082006I.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple file creation/write/read issues were discovered. The LOTOFILE function and rlt_tracefile_set functions can be used to create and write to files. The SET DEBUG FILE can also be used to create and write to files. All versions are affected.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 1977 | | Related CVE(s): | CVE-2006-3859 | | Last Modified: | Aug 27 00:42:54 2006 |
| MD5 Checksum: | 08bb6092c587cd407c6e7391d131de93 |
|
| /// File Name: |
NSFOCUS-SA2006-08.txt |
Description:
|
The NSFocus Security Team has discovered a buffer overflow in Internet Explorer 6.0SP1 which allows for remote code execution via an overly-long URL.
| | Author: | Hu Qianwei | | Homepage: | http://www.nsfocus.com/ | | File Size: | 3157 | | Related CVE(s): | CVE-2006-3869 | | Last Modified: | Aug 28 01:01:42 2006 |
| MD5 Checksum: | 940734e3bcea00d99a804120cf1a3161 |
|
| /// File Name: |
ocpbof.txt |
Description:
|
Open Cuber Player versions 2.6.0pre6 and below on DOS/Windows and versions 0.1.10_rc5 and below on Linux and *BSD suffer from buffer overflows.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org | | Related Exploit: | ocpbof.zip | | File Size: | 4530 | | Last Modified: | Aug 17 01:56:16 2006 |
| MD5 Checksum: | b439a9d96a0628fa0e476123d348d45e |
|
| /// File Name: |
OpenPKG-SA-2006.015.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.015 - According to a vendor announcement, a vulnerability exists in the mod_rewrite module of the Apache HTTP Server. Depending on the manner in which the Apache HTTP Server was compiled, the software defect may result in a vulnerability which, in combination with certain types of "RewriteRule" directives in the server configuration files, could be triggered remotely.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 3050 | | Related CVE(s): | CVE-2006-3747 | | Last Modified: | Aug 3 00:41:38 2006 |
| MD5 Checksum: | 4f82467e78a3854e9693eb086c360e63 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
