Section: .. / 0608-advisories /
| /// File Name: |
USN-332-1.txt |
Description:
|
Ubuntu Security Notice USN-332-1 - Evgeny Legerov discovered that gnupg did not sufficiently check the validity of the comment and a control field. Specially crafted GPG data could cause a buffer overflow. This could be exploited to execute arbitrary code with the user's privileges if an attacker can trick an user into processing a malicious encrypted/signed document with gnupg.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6498 | | Related CVE(s): | CVE-2006-3746 | | Last Modified: | Aug 17 04:27:24 2006 |
| MD5 Checksum: | c9718c74eef0f3798e83eca5f4f6b414 |
|
| /// File Name: |
USN-331-1.txt |
Description:
|
Ubuntu Security Notice USN-331-1 - A Denial of service vulnerability was reported in iptables' SCTP conntrack module. On computers which use this iptables module, a remote attacker could expoit this to trigger a kernel crash. A buffer overflow has been discovered in the dvd_read_bca() function. By inserting a specially crafted DVD, USB stick, or similar automatically mounted removable device, a local user could crash the machine or potentially even execute arbitrary code with full root privileges. The ftdi_sio driver for serial USB ports did not limit the amount of pending data to be written. A local user could exploit this to drain all available kernel memory and thus render the system unusable.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 43885 | | Related CVE(s): | CVE-2006-2934, CVE-2006-2935, CVE-2006-2936 | | Last Modified: | Aug 17 04:26:43 2006 |
| MD5 Checksum: | cff17b362b4332dec33ae3c99169ad8c |
|
| /// File Name: |
cmsimple.txt |
Description:
|
CMSimple suffers from a cross site scripting flaw.
| | Author: | OUTLAW | | Homepage: | http://www.aria-security.net | | File Size: | 812 | | Last Modified: | Aug 17 04:25:38 2006 |
| MD5 Checksum: | f68339555b91b443ef5cc3f958fa7516 |
|
| /// File Name: |
secunia-pctools.txt |
Description:
|
Secunia Research has discovered a security issue in PC Tools AntiVirus version 2.1.0.51, which can be exploited by malicious, local users to gain escalated privileges. Successful exploitation allows execution of arbitrary commands with SYSTEM privileges.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4191 | | Related CVE(s): | CVE-2006-3114 | | Last Modified: | Aug 17 04:24:12 2006 |
| MD5 Checksum: | e5c6f2efe658a81837c507849131ace7 |
|
| /// File Name: |
SSRT061159.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 9195 | | Related CVE(s): | CVE-2006-1173 | | Last Modified: | Aug 17 04:17:54 2006 |
| MD5 Checksum: | 03f132054882eea712906d6cdd6c21eb |
|
| /// File Name: |
SSRT061173.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the ProCurve Series 3500yl, 6200yl, and 5400zl Switches. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 5260 | | Last Modified: | Aug 17 04:17:22 2006 |
| MD5 Checksum: | ddba229464468383fa63f268a662c373 |
|
| /// File Name: |
TA06-214A.txt |
Description:
|
Technical Cyber Security Alert TA06-214A - Apple has released Security Update 2006-004 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, Mail, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypass of security restrictions and denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3976 | | Last Modified: | Aug 17 04:16:35 2006 |
| MD5 Checksum: | 1d3003988033ca51cbe1b4e15a3319cd |
|
| /// File Name: |
dsa-1138-1.txt |
Description:
|
Debian Security Advisory 1138-1 - Carlo Contavalli discovered an integer overflow in CFS, a cryptographic filesystem, which allows local users to crash the encryption daemon.
| | Homepage: | http://www.debian.org/security | | File Size: | 4733 | | Related CVE(s): | CVE-2006-3123 | | Last Modified: | Aug 17 04:14:06 2006 |
| MD5 Checksum: | 2c6c6a33a868b45c29be06989fe6e121 |
|
| /// File Name: |
dsa-1136-1.txt |
Description:
|
Debian Security Advisory 1136-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which are also present in gpdf, the viewer with Gtk bindings, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5016 | | Related CVE(s): | CVE-2005-2097 | | Last Modified: | Aug 17 04:04:37 2006 |
| MD5 Checksum: | b402f9581ba505f7a8a5a8eb6800db0d |
|
| /// File Name: |
secunia-jetbox.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in Jetbox CMS version 2.1 SR1, which can be exploited by malicious people to conduct session fixation attacks, disclose certain system information, conduct cross-site scripting, script insertion, and SQL injection attacks, and compromise a vulnerable system.
| | Author: | Sven Krewitt | | Homepage: | http://secunia.com/ | | File Size: | 6097 | | Related CVE(s): | CVE-2006-3583, CVE-2006-3584, CVE-2006-3585, CVE-2006-3586 | | Last Modified: | Aug 17 04:03:52 2006 |
| MD5 Checksum: | 0a709bc3fa7e5ca454487281ece81790 |
|
| /// File Name: |
cms-g3.txt |
Description:
|
The G3 Content Management Framework suffers from a cross site scripting flaw in its search functionality.
| | Author: | Stefan Friedli | | File Size: | 4152 | | Last Modified: | Aug 17 03:49:09 2006 |
| MD5 Checksum: | 81d458862f19cf944775b68f3f697ed6 |
|
| /// File Name: |
dsa-1135-1.txt |
Description:
|
Debian Security Advisory 1135-1 - Kevin Kofler discovered several stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging library, which allows remote attackers to cause a denial of service or execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 17692 | | Related CVE(s): | CVE-2006-3600 | | Last Modified: | Aug 17 03:47:28 2006 |
| MD5 Checksum: | 2db7cee67e588681418f188f1d0409d7 |
|
| /// File Name: |
simpliciti.txt |
Description:
|
The Simpliciti Locked Browser interface jail can be broken out of using simple JavaScript.
| | Author: | Adam Baldwin | | File Size: | 1742 | | Last Modified: | Aug 17 03:46:01 2006 |
| MD5 Checksum: | 4d9ca9d16641499a22cd566d75ad69ee |
|
| /// File Name: |
SUSE-SA-2006-045.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:045 - This security update fixes crashes in the PCF handling of freetype2 which might be used to crash freetype2 using applications or even to execute code in them.
| | Homepage: | http://www.suse.com | | File Size: | 17005 | | Related CVE(s): | CVE-2006-3467 | | Last Modified: | Aug 17 03:06:45 2006 |
| MD5 Checksum: | e234516d065322a0d80a7908be412297 |
|
| /// File Name: |
dsa-1130-1.txt |
Description:
|
Debian Security Advisory 1130-1 - A cross-site scripting vulnerability has been discovered in sitebar, a web based bookmark manager written in PHP, which allows remote attackers to inject arbitrary web script or HTML.
| | Homepage: | http://www.debian.org/security | | File Size: | 2891 | | Related CVE(s): | CVE-2006-3320 | | Last Modified: | Aug 17 03:02:29 2006 |
| MD5 Checksum: | 97c37250474c49d02c44d0c1ab6d5656 |
|
| /// File Name: |
dsa-1132-1.txt |
Description:
|
Debian Security Advisory 1132-1 - Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 23377 | | Related CVE(s): | CVE-2006-3747 | | Last Modified: | Aug 17 02:56:59 2006 |
| MD5 Checksum: | 3c651cf28d3daf7a9c44548c12d62ad2 |
|
| /// File Name: |
glsa-200608-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-01 - An off-by-one flaw has been found in Apache's mod_rewrite module by Mark Dowd of McAfee Avert Labs. This flaw is exploitable depending on the types of rewrite rules being used. Versions less than 2.0.58-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3011 | | Last Modified: | Aug 17 02:56:21 2006 |
| MD5 Checksum: | f5ee4aae5a11bf911201dd0610fd26b9 |
|
| /// File Name: |
dsa-1131-1.txt |
Description:
|
Debian Security Advisory 1131-1 - Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code
| | Homepage: | http://www.debian.org/security | | File Size: | 15233 | | Related CVE(s): | CVE-2006-3747 | | Last Modified: | Aug 17 02:54:39 2006 |
| MD5 Checksum: | 720c4b8d72e955f0a6941f5d82028cff |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
