Section: .. / 0609-advisories /
| /// File Name: |
TA06-256A.txt |
Description:
|
Technical Cyber Security Alert TA06-256A - Apple QuickTime version 7.1.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3779 | | Last Modified: | Sep 14 09:23:59 2006 |
| MD5 Checksum: | 4d49e77bf6ee059848432886fbc98f6d |
|
| /// File Name: |
mcafee-quicktime.txt |
Description:
|
McAfee Avert(tm) Labs Security Advisory - Seven code execution vulnerabilities are present in QuickTime support for various multimedia formats including: MOV, H.264, FLC, FPX and SGI. Exploitation could lead to execution of arbitrary code. User interaction is required for an attack to succeed. Vulnerable systems include QuickTime versions 7.1.2 and below for Mac OS X, QuickTime for Windows versions 7.1.2 and below.
| | Homepage: | http://avertlabs.com/ | | File Size: | 2919 | | Related CVE(s): | CVE-2006-4382, CVE-2006-4384, CVE-2006-4385, CVE-2006-4386, CVE-2006-4388, CVE-2006-4389 | | Last Modified: | Sep 14 09:22:52 2006 |
| MD5 Checksum: | 1befd55214b87925a67aae529d0c751f |
|
| /// File Name: |
dsa-1175-1.txt |
Description:
|
Debian Security Advisory 1175-1 - A flaw has been found in isakmpd, OpenBSD's implementation of the Internet Key Exchange protocol, that caused Security Associations to be created with a replay window of 0 when isakmpd was acting as the responder during SA negotiation. This could allow an attacker to re-inject sniffed IPsec packets, which would not be checked against the replay counter.
| | Homepage: | http://www.debian.org/security | | File Size: | 5137 | | Related CVE(s): | CVE-2006-4436 | | Last Modified: | Sep 14 09:19:48 2006 |
| MD5 Checksum: | 4119654b6969600800227f22a32ac549 |
|
| /// File Name: |
CiscoVTP.txt |
Description:
|
Phenoelit Advisory - Cisco Systems IOS contains bugs when handling the VLAN Trunking Protocol (VTP). Specially crafted packets may cause denial of service conditions, confusion of the network operator and a heap overflow with the possibility for arbitrary code execution.
| | Author: | FX | | Homepage: | http://www.phenoelit.de/ | | File Size: | 6768 | | Last Modified: | Sep 14 08:45:33 2006 |
| MD5 Checksum: | b8a3f27492d23e7b9594e53bc2864839 |
|
| /// File Name: |
USN-345-1.txt |
Description:
|
Ubuntu Security Notice USN-345-1 - Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. Various cross site scripting vulnerabilities have been reported by Barry Warsaw. By using specially crafted email addresses, names, and similar arbitrary user-defined strings, a remote attacker could exploit this to run web script code in the list administrator's web browser. URLs logged to the error log file are now checked for invalid characters. Before, specially crafted URLs could inject arbitrary messages into the log.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5228 | | Related CVE(s): | CVE-2006-2941, CVE-2006-3636 | | Last Modified: | Sep 14 08:41:52 2006 |
| MD5 Checksum: | e61bbd575ca9cddc45e9577dd417edcb |
|
| /// File Name: |
sa21904.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for xorg-x11. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21904/ | | File Size: | 2251 | | Last Modified: | Sep 13 19:04:12 2006 |
| MD5 Checksum: | c9c08850d0669c35e3af2d001f5d01ee |
|
| /// File Name: |
sa21900.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for XFree86. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21900/ | | File Size: | 2510 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 7b3b94617a9e373263b45d40db3dea31 |
|
| /// File Name: |
sa21899.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Moodle, which can be exploited by malicious people to disclose potentially sensitive information, and conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/21899/ | | File Size: | 2802 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 717d8b704ca31fe8a00bdd5b1555a70f |
|
| /// File Name: |
sa21895.txt |
Description:
|
Secunia Security Advisory - NR Nandini has reported some vulnerabilities in PHP Event Calendar, which can be exploited by certain malicious users to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/21895/ | | File Size: | 2584 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | ca5f4ab360bf0962d0f46cf5fdd0d9dd |
|
| /// File Name: |
sa21894.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued updates for libxfont / xorg. These fix some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21894/ | | File Size: | 67448 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 9a70f2ade45bb15c7b6f8332551f11d8 |
|
| /// File Name: |
sa21893.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21893/ | | File Size: | 3425 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 2c3f9f869d3c35dd6712f9f89233f561 |
|
| /// File Name: |
sa21891.txt |
Description:
|
Secunia Security Advisory - SHiKaA has reported a vulnerability in p4CMS, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21891/ | | File Size: | 2370 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 110c91b2b5aadad6081f217bc045cae9 |
|
| /// File Name: |
sa21890.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in XFree86, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21890/ | | File Size: | 2751 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 42a58e984205ed36698fc1311c0b5340 |
|
| /// File Name: |
sa21889.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for xorg-x11. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21889/ | | File Size: | 2239 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | b47ed20c1b00130f6824860cdd2c16ad |
|
| /// File Name: |
sa21882.txt |
Description:
|
Secunia Security Advisory - CeNGiZ-HaN has reported a vulnerability in Vitrax Premodded, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21882/ | | File Size: | 2409 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 0c720b083e4f1f4fa7e06fd010dc6322 |
|
| /// File Name: |
sa21881.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in webSPELL, which can be exploited to by malicious people to disclose certain sensitive information and conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/21881/ | | File Size: | 2873 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | dd88ee901f015c84c2ec1a2558466418 |
|
| /// File Name: |
sa21879.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mailman. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21879/ | | File Size: | 5608 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 9e9124b747f12ef7c2e9bfb882286ed5 |
|
| /// File Name: |
sa21871.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in AlphaMail, which can be exploited by malicious, local users to disclose certain sensitive information.
| | Homepage: | http://secunia.com/advisories/21871/ | | File Size: | 2246 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 546fa5574a609eb083fce270611ee6bb |
|
| /// File Name: |
sa21864.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in libXfont, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21864/ | | File Size: | 3254 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | d4e272c85526a46a0d1c41a7e4849e79 |
|
| /// File Name: |
sa21866.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in ColdFusion, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21866/ | | File Size: | 2785 | | Last Modified: | Sep 13 11:48:09 2006 |
| MD5 Checksum: | 72208a3f757fbb828a17f0b9f4607021 |
|
| /// File Name: |
EEYEB-20080824.txt |
Description:
|
eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.
| | Author: | Derek Soeder | | Homepage: | http://research.eeye.com/ | | File Size: | 5688 | | Last Modified: | Sep 13 11:40:14 2006 |
| MD5 Checksum: | cde17359bf4c467d199b4a6c7253525b |
|
| /// File Name: |
sa21858.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in ColdFusion, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/21858/ | | File Size: | 2543 | | Last Modified: | Sep 13 11:37:11 2006 |
| MD5 Checksum: | 9fbf3d9e164eedfb2e939c1dd91e5d48 |
|
| /// File Name: |
09.12.06-3.txt |
Description:
|
iDefense Security Advisory 09.12.06 - Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability specifically exists in the 'CIDAFM()' function of the code responsible for handling AFM (Adobe Font Metrics) files. The number of character metrics is obtained from the "StartCharMetrics" line of an AFM file and that value is then multiplied by the size of a single character metric record in order to calculate the space required to store the metrics. If the result of the multiplication is larger than the largest value that can be held in an integer, the amount actually allocated will be much smaller. Following this, the function attempts to read as many metric records as were specified on the line into that memory. As the contents of the file can be specified by a local user, and as the function will stop reading if an error is detected in the input, a controlled heap overflow may occur which may allow the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in the X.org server version 6.8.2. Analysis of the source code for the current versions of the X.org and XFree86 servers indicates that current versions of both are vulnerable. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4644 | | Related CVE(s): | CAN-2006-3740 | | Last Modified: | Sep 13 11:36:58 2006 |
| MD5 Checksum: | 97c66e62c52c4ccea06aaf8bd119ac58 |
|
| /// File Name: |
09.12.06-2.txt |
Description:
|
iDefense Security Advisory 09.12.06 - Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability specifically exists in the handling of 'CMap' and 'CIDFont' font data. When parsing this information no checks are made that the count of items for the 'begincodespacerange', 'cidrange' and 'notdefrange' sections. In addition to a 'standard' integer overflow, the implementation of 'vm_alloc()' makes it possible to overwrite memory before the allocated region. iDefense has confirmed the existence of this vulnerability in the X.org server version 6.8.2. Analysis of the source code for the current versions of the X.org and XFree86 servers indicates that current versions of both are vulnerable. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4171 | | Related CVE(s): | CAN-2006-3740 | | Last Modified: | Sep 13 11:35:26 2006 |
| MD5 Checksum: | ab930cf9c2914748e6770fb45f293a80 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
