Section: .. / 0611-advisories /
| /// File Name: |
dovecotOverflow.txt |
Description:
|
Versions 1.0test53 through 1.0.rc14 of the Dovecot IMAP/POP3 server are susceptible to a buffer overflow.
| | Author: | Timo Sirainen | | File Size: | 1632 | | Last Modified: | Nov 21 00:20:55 2006 |
| MD5 Checksum: | 290b6732fbb82748170ccac780d2593a |
|
| /// File Name: |
dragonflybsd-firewire.txt |
Description:
|
The Firewire device enabled by default in the GENERIC kernel for DragonFlyBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.kernelhacking.com/rodrigo | | Related File: | bsd.patch | | File Size: | 3423 | | Last Modified: | Nov 16 12:15:20 2006 |
| MD5 Checksum: | e1730287e3cb0a8eb2886226197ccde0 |
|
| /// File Name: |
dsa-1201-1.txt |
Description:
|
Debian Security Advisory 1201-1: Several remote vulnerabilities have been discovered in the Ethereal network scanner.
| | Homepage: | http://www.debian.org/security | | File Size: | 10184 | | Last Modified: | Nov 1 17:18:03 2006 |
| MD5 Checksum: | 49cfc528c40ca38b06d5c3e94c60160f |
|
| /// File Name: |
dsa-1202-1.txt |
Description:
|
Debian Security Advisory 1202-1: "cstone" and Rich Felker discovered that specially crafted UTF-8 sequences may lead an out of bands memory write when displayed inside the screen terminal multiplexer, allowing denial of service and potentially the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5168 | | Last Modified: | Nov 1 17:18:08 2006 |
| MD5 Checksum: | 3447b885b6a2db3b8b950df5e7b44d5b |
|
| /// File Name: |
dsa-1203-1.txt |
Description:
|
Debian Security Advisory 1203-1: Steve Rigler discovered that the PAM module for authentication against LDAP servers processes PasswordPolicyReponse control messages incorrectly, which might lead to an attacker being able to login into a suspended system account.
| | Homepage: | http://www.debian.org/security | | File Size: | 5066 | | Last Modified: | Nov 3 17:27:49 2006 |
| MD5 Checksum: | f08f02aa45cdfb41ca5dc772176ff0bd |
|
| /// File Name: |
dsa-1204-1.txt |
Description:
|
Debian Security Advisory 1204-1: It was discovered that the Ingo email filter rules manager performs insufficient escaping of user-provided data in created procmail rules files, which allows the execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 3063 | | Last Modified: | Nov 3 17:29:51 2006 |
| MD5 Checksum: | d7f92e70dfd583defd9d1766db2a7c6c |
|
| /// File Name: |
dsa-1205-1.txt |
Description:
|
Debian Security Advisory 1205-1: Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 7138 | | Last Modified: | Nov 3 18:04:53 2006 |
| MD5 Checksum: | 3d170dd83d52348a9de5a1ebf06ee65d |
|
| /// File Name: |
dsa-1208-1.txt |
Description:
|
Debian Security Advisory 1208-1 - Several remote vulnerabilities have been discovered in the Bugzilla bug tracking system, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 3461 | | Related CVE(s): | CVE-2005-4534, CVE-2006-5453 | | Last Modified: | Nov 14 00:38:59 2006 |
| MD5 Checksum: | 70817affb3085dabfe771ac22e8b1115 |
|
| /// File Name: |
dsa-1209-1.txt |
Description:
|
Debian Security Advisory 1209-1 - It was discovered that Trac, a wiki and issue tracking system for software development projects, performs insufficient validation against cross-site request forgery, which might lead to an attacker being able to perform manipulation of a Trac site with the privileges of the attacked Trac user.
| | Homepage: | http://www.debian.org/security | | File Size: | 2885 | | Last Modified: | Nov 14 01:06:12 2006 |
| MD5 Checksum: | 78617fbff6624b5ac420796972c577af |
|
| /// File Name: |
dsa-1211-1.txt |
Description:
|
Debian Security Advisory 1211-1 - It was discovered that malformed TCP packets may lead to denial of service and possibly the execution of arbitrary code if the PowerDNS nameserver acts as a recursive nameserver.
| | Homepage: | http://www.debian.org/security | | File Size: | 16507 | | Related CVE(s): | CVE-2006-4251 | | Last Modified: | Nov 16 11:04:18 2006 |
| MD5 Checksum: | 7951d6e360d53e1b5ddfa6467350f6c2 |
|
| /// File Name: |
dsa-1212-1.txt |
Description:
|
Debian Security Advisory 1212-1 - Two denial of service vulnerabilities have been found in the OpenSSH server. The sshd support for ssh protocol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service. A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11437 | | Related CVE(s): | CVE-2006-4924, CVE-2006-5051 | | Last Modified: | Nov 16 12:20:08 2006 |
| MD5 Checksum: | 51971b066a8eeebbdfb1d58b79d8767e |
|
| /// File Name: |
dsa-1214-1.txt |
Description:
|
Debian Security Advisory 1214-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow.
| | Homepage: | http://www.debian.org/security | | File Size: | 4877 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Nov 21 02:17:07 2006 |
| MD5 Checksum: | 43cf2d2f71ecce2b449a2911da3f44cc |
|
| /// File Name: |
dsa-1215-1.txt |
Description:
|
Debian Security Advisory 1215-1 - Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 7313 | | Related CVE(s): | CVE-2006-4799, CVE-2006-4800 | | Last Modified: | Nov 21 02:19:50 2006 |
| MD5 Checksum: | 42521e959ab7bbc8f67f929aca466303 |
|
| /// File Name: |
dsa-1216-1.txt |
Description:
|
Debian Security Advisory 1216-1 - Eric Romang discovered that the flexbackup backup tool creates temporary files in an insecure manner, which allows denial of service through a symlink attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 2956 | | Related CVE(s): | CVE-2006-4802 | | Last Modified: | Nov 21 02:18:54 2006 |
| MD5 Checksum: | a4d98f65c30a4a5a8c1a0517db5425d8 |
|
| /// File Name: |
dsa-1217-1.txt |
Description:
|
Debian Security Advisory 1217-1 - Paul Szabo discovered that the netkit ftp server switches the user id too late, which may lead to the bypass of access restrictions when running on NFS. This update also adds return value checks to setuid() calls, which may fail in some PAM configurations.
| | Homepage: | http://www.debian.org/security | | File Size: | 5073 | | Related CVE(s): | CVE-2006-5778 | | Last Modified: | Nov 21 02:20:33 2006 |
| MD5 Checksum: | af3dcf3d5702d191ed500c2a54005f81 |
|
| /// File Name: |
dsa-1218-1.txt |
Description:
|
Debian Security Advisory 1218-1 - It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 13270 | | Related CVE(s): | CVE-2006-5815 | | Last Modified: | Nov 21 21:32:27 2006 |
| MD5 Checksum: | c3381ad5319b7494c53a33d43df063b4 |
|
| /// File Name: |
dsa-1219-1.txt |
Description:
|
Debian Security Advisory 1219-1 - The GNU texinfo package has been found susceptible to insecure file handling and buffer overflow flaws.
| | Homepage: | http://www.debian.org/security | | File Size: | 7145 | | Related CVE(s): | CVE-2005-3011, CVE-2006-4810 | | Last Modified: | Nov 29 11:17:26 2006 |
| MD5 Checksum: | 4801675a34029726bda216edaa28938c |
|
| /// File Name: |
dsa-1220-1.txt |
Description:
|
Debian Security Advisory 1220-1 - Brian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 5132 | | Related CVE(s): | CVE-2006-5869 | | Last Modified: | Nov 28 21:56:18 2006 |
| MD5 Checksum: | 80450ab65824de103e20e39d5c753acf |
|
| /// File Name: |
EEYE-MSWS.txt |
Description:
|
A flaw exists in a default Windows component called the "Workstation Service" that when exploited allows for remote code execution in SYSTEM context, allowing an attacker to take complete control of affected systems. Systems affected include Windows 2000 (Remote Code Execution), Windows XP SP1 (Local Privilege Escalation).
| | Author: | JeongWook Matt Oh, Derek Soeder | | Homepage: | http://research.eeye.com/ | | File Size: | 3492 | | Last Modified: | Nov 16 11:01:48 2006 |
| MD5 Checksum: | ab5e44c09d742521217e98290229c887 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
