Section: .. / 0707-advisories /
| /// File Name: |
adv-2-mid.txt |
Description:
|
YouTube suffers from a cross site request forgery arbitrary code injection vulnerability.
| | Author: | Pepepistola | | File Size: | 2411 | | Last Modified: | Jul 10 02:47:04 2007 |
| MD5 Checksum: | 929ed33148b2c70976b0a0bada8a31a7 |
|
| /// File Name: |
AL-2007-0071.txt |
Description:
|
AUSCERT ALERT - A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. The first vulnerability affects JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier. The second vulnerability affects JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier.
| | Homepage: | http://www.auscert.org/ | | File Size: | 10693 | | Related CVE(s): | CVE-2007-2788, CVE-2007-2789 | | Last Modified: | Jul 14 00:29:19 2007 |
| MD5 Checksum: | a41671b4f430da1c16c147c82f9ed593 |
|
| /// File Name: |
areca-overflow.txt |
Description:
|
Areca CLI versions 1.72.250 and below suffer from a local buffer overflow vulnerability that may allow for privilege escalation.
| | Author: | Sebastian Wolfgarten | | Homepage: | http://www.devtarget.org/ | | File Size: | 3044 | | Last Modified: | Jul 23 06:31:57 2007 |
| MD5 Checksum: | 27cff411c3528441429097a65b6783cd |
|
| /// File Name: |
ASA-2007-014.txt |
Description:
|
Asterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable stack buffer overflow vulnerability. It occurs when chan_iax2 is passed a voice or video frame with a data payload larger than 4 kB. This is exploitable by sending a very large RTP frame to an active RTP port number used by Asterisk when the other end of the call is an IAX2 channel. Exploiting this issue can cause a crash or allow arbitrary code execution on a remote machine.
| | Author: | Russell Bryant | | Homepage: | http://www.asterisk.org/security | | File Size: | 12473 | | Related CVE(s): | CVE-2007-3762 | | Last Modified: | Jul 18 06:58:02 2007 |
| MD5 Checksum: | 174e0e345f1492e575b88202751de7ef |
|
| /// File Name: |
ASA-2007-015.txt |
Description:
|
Asterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable crash vulnerability. A NULL pointer exception can occur when Asterisk receives a LAGRQ or LAGRP frame that is part of a valid session and includes information elements. The session used to exploit this issue does not have to be authenticated. It can simply be a NEW packet sent with an invalid username. The code that parses the incoming frame correctly parses the information elements of IAX frames. It then sets a pointer to NULL to indicate that there is not a raw data payload associated with this frame. However, it does not set the variable that indicates the number of bytes in the raw payload back to zero. Since the raw data length is non-zero, the code handling LAGRQ and LAGRP frames tries to copy data from a NULL pointer, causing a crash.
| | Author: | Russell Bryant | | Homepage: | http://www.asterisk.org/security | | File Size: | 9743 | | Related CVE(s): | CVE-2007-3763 | | Last Modified: | Jul 18 07:02:38 2007 |
| MD5 Checksum: | 099b772e3a144709929f99b4de56abb1 |
|
| /// File Name: |
ASA-2007-016.txt |
Description:
|
Asterisk Project Security Advisory - The Asterisk Skinny channel driver, chan_skinny, has a remotely exploitable crash vulnerability. A segfault can occur when Asterisk receives a packet where the claimed length of the data is between 0 and 3, followed by length + 4 or more bytes, due to an overly large memcpy. The side effects of this extremely large memcpy have not been investigated.
| | Author: | Jason Parker | | Homepage: | http://www.asterisk.org/security | | File Size: | 9431 | | Related CVE(s): | CVE-2007-3764 | | Last Modified: | Jul 18 07:04:24 2007 |
| MD5 Checksum: | 7910ebeb465f0d124f401f0746e0426b |
|
| /// File Name: |
ASA-2007-017.txt |
Description:
|
Asterisk Project Security Advisory - The Asterisk STUN implementation in the RTP stack has a remotely exploitable crash vulnerability. A pointer may run past accessible memory if Asterisk receives a specially crafted STUN packet on an active RTP port. The code that parses the incoming STUN packets incorrectly checks that the length indicated in the STUN attribute and the size of the STUN attribute header does not exceed the available data. This will cause the data pointer to run past accessible memory and when accessed will cause a crash.
| | Author: | Joshua Colp | | Homepage: | http://www.asterisk.org/security | | File Size: | 8963 | | Related CVE(s): | CVE-2007-3765 | | Last Modified: | Jul 18 07:06:14 2007 |
| MD5 Checksum: | 7406ca12249f52e17bf976b8271095c2 |
|
| /// File Name: |
ASA-2007-018.txt |
Description:
|
Asterisk Project Security Advisory - The IAX2 channel driver in Asterisk is vulnerable to a denial of service attack when configured to allow unauthenticated calls.
| | Author: | Russell Bryant | | Homepage: | http://www.asterisk.org/security | | File Size: | 12583 | | Last Modified: | Jul 31 08:10:18 2007 |
| MD5 Checksum: | f10161aaa11ac16f83b440be2b06f0c7 |
|
| /// File Name: |
avg-kernel.txt |
Description:
|
The AVG Antivirus core kernel mode service driver (avg7core.sys) provides functionality that under a default install allows an unprivileged user to write arbitrary data to arbitrary addresses. This issue has been verified as affecting AVG Free 7.5.446 and AVG Antivirus 7.5.448. The version of avg7core.sys in question is 7.5.0.444.
| | Author: | Jonathan Lindsay | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3946 | | Last Modified: | Jul 12 03:32:19 2007 |
| MD5 Checksum: | 0c71d2c4e264c9ccdca1526d60432760 |
|
| /// File Name: |
blizzard-sanity.txt |
Description:
|
Blizzard.com fails to properly sanitize user supplied input allow for information disclosure attacks.
| | Author: | kefka | | File Size: | 942 | | Last Modified: | Jul 3 02:56:57 2007 |
| MD5 Checksum: | f33730885fccc5c55f09d2847a78a347 |
|
| /// File Name: |
CAID-35515.txt |
Description:
|
Multiple CA products that utilize Alert service functionality contain multiple vulnerabilities. The vulnerabilities are due to insufficient bounds checking on received data by certain RPC procedures. An attacker can exploit these buffer overflows to execute arbitrary code or cause service failure.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3485 | | Related CVE(s): | CVE-2007-3825 | | Last Modified: | Jul 20 08:31:40 2007 |
| MD5 Checksum: | ea597a900ed63173104b243d02af6b2b |
|
| /// File Name: |
CAID-35524.txt |
Description:
|
eTrust Intrusion Detection contains a vulnerability associated with the caller.dll ActiveX control. The vulnerability is due to the caller.dll ActiveX control being marked safe for scripting. An attacker, who can lure a user into visiting a malicious website, can potentially gain complete control of an affected installation.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4401 | | Related CVE(s): | CVE-2007-3302 | | Last Modified: | Jul 25 06:49:01 2007 |
| MD5 Checksum: | 0f81f87e5fb0e8acadbc9da84286310e |
|
| /// File Name: |
CAID-35525-35526.txt |
Description:
|
CA products that utilize the Arclib library contain two denial of service vulnerabilities. The first vulnerability is due to an application hang when processing a specially malformed CHM file. The second vulnerability is due to an application hang when processing a specially malformed RAR file.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 7381 | | Related CVE(s): | CVE-2007-3875, CVE-2007-5645 | | Last Modified: | Jul 25 06:50:57 2007 |
| MD5 Checksum: | 10a5665874d17a5c342ba0a0e56e4924 |
|
| /// File Name: |
CAID-35527.txt |
Description:
|
Multiple CA products that utilize CA Message Queuing (CAM / CAFT) software contain a buffer overflow vulnerability. The vulnerability is a buffer overflow that can allow a remote attacker to execute arbitrary code by sending a specially crafted message to TCP port 3104.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 5771 | | Related CVE(s): | CVE-2007-0060 | | Last Modified: | Jul 25 06:52:10 2007 |
| MD5 Checksum: | ab501b46991f1fab5eb58cd640e9f5c4 |
|
| /// File Name: |
centericq_421_bo_06_063.txt |
Description:
|
Centericq version 4.21 on FreeBSD as well as the official sources have been found vulnerable to multiple buffer overflows.
| | Author: | Nico Leidecker | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 4456 | | Last Modified: | Jul 11 10:41:46 2007 |
| MD5 Checksum: | b55568551bdb25dc83172c91c617cca3 |
|
| /// File Name: |
cisco-sa-20070711-cucm.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains two overflow vulnerabilities that could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code.
| | Homepage: | http://www.cisco.com/ | | File Size: | 17475 | | Last Modified: | Jul 12 04:03:08 2007 |
| MD5 Checksum: | 412f91f1831d634ce385a7976970fba2 |
|
| /// File Name: |
cisco-sa-20070711-voip.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, and Cisco Unified Presence Server (CUPS) contain two vulnerabilities that could allow an unauthorized administrator to activate and terminate CUCM / CUPS system services and access SNMP configuration information. This may respectively result in a denial of service (DoS) condition affecting CUCM/CUPS cluster systems and the disclosure of sensitive SNMP details, including community strings.
| | Homepage: | http://www.cisco.com/ | | File Size: | 16279 | | Last Modified: | Jul 12 04:03:48 2007 |
| MD5 Checksum: | ff511a349e03d39603d84611dd04fb3b |
|
| /// File Name: |
cisco-sa-20070718-waas.txt |
Description:
|
Cisco Security Advisory - The Cisco Wide Area Application Services (WAAS) software contains a denial of service (DoS) vulnerability that may cause some devices that run WAAS software (WAE appliance and NM-WAE-502 module) to stop processing all types of traffic, including data traffic and management traffic.
| | Homepage: | http://www.cisco.com/ | | File Size: | 16056 | | Last Modified: | Jul 19 05:12:28 2007 |
| MD5 Checksum: | 28afe455034b3a7f7e2f312140d97afb |
|
| /// File Name: |
cisco-sa-20070724-arp.txt |
Description:
|
Cisco Security Advisory - Cisco Wireless LAN Controllers (WLC) contain multiple vulnerabilities in the handling of Address Resolution Protocol (ARP) packets that could result in a denial of service (DoS) in certain environments.
| | Homepage: | http://www.cisco.com/ | | File Size: | 18281 | | Last Modified: | Jul 25 06:09:56 2007 |
| MD5 Checksum: | 410864d31569a8f43549ea0e6021d88e |
|
| /// File Name: |
CVE-2007-3383.txt |
Description:
|
Tomcat versions 4.0.0 to 4.0.6 and 4.1.0 to 4.1.36 suffer from a cross site scripting vulnerability.
| | Author: | Tomasz Kuczynski | | Homepage: | http://tomcat.apache.org/ | | File Size: | 972 | | Last Modified: | Jul 23 06:28:14 2007 |
| MD5 Checksum: | 6437db7a26ce9d7dc98afa56756dee11 |
|
| /// File Name: |
CVE-2007-3816.txt |
Description:
|
JWIG might allow context-dependent attackers to cause a denial of service via loops of references to external templates.
| | Author: | Aditya K Sood | | Homepage: | http://www.secniche.org/ | | File Size: | 555 | | Related CVE(s): | CVE-2007-3816 | | Last Modified: | Jul 23 06:18:09 2007 |
| MD5 Checksum: | cc22107a34b0f9a61e6d37de45ea58fe |
|
| /// File Name: |
cvmatik11-xss.txt |
Description:
|
ASP Cvmatik version 1.1 suffers from cross site scripting vulnerabilities.
| | Author: | GeFORC3 | | Homepage: | http://WwW.GeFORC3.Org | | File Size: | 594 | | Last Modified: | Jul 23 06:09:52 2007 |
| MD5 Checksum: | 6e1437bcd95e3a7432724f0fc406ad9a |
|
| /// File Name: |
CX-2007-05.txt |
Description:
|
Calyptix Security Advisory - Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to cross-site request forgery. The vulnerable firmwares include 3.1.20031001, 3.1.20060921, and 3.1.20070605. Other eSoft products were not tested. This vulnerability allows an attacker to run commands on the web interface if the attacker can get the eSoft user to view a hostile web page while logged into his eSoft. These actions could include opening up remote access.
| | Author: | Daniel Weber | | File Size: | 8547 | | Last Modified: | Jul 12 04:08:35 2007 |
| MD5 Checksum: | 62b1f9e4a7b2de970c0fee20d541e429 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
