Section: .. / 0803-advisories /
| /// File Name: |
cisco-sa-20080326-pptp.txt |
Description:
|
Cisco Security Advisory - Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
| | Homepage: | http://www.cisco.com/ | | File Size: | 55004 | | Related CVE(s): | CVE-2008-1151, CVE-2008-1150 | | Last Modified: | Mar 26 18:26:39 2008 |
| MD5 Checksum: | f7a50af3ec20c59e5ab5ff3dc4993ae6 |
|
| /// File Name: |
cisco-sa-20080326-mvpn.txt |
Description:
|
Cisco Security Advisory - A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
| | Homepage: | http://www.cisco.com/ | | File Size: | 55614 | | Related CVE(s): | CVE-2008-1156 | | Last Modified: | Mar 26 18:25:39 2008 |
| MD5 Checksum: | b6b22521b835b52b20c91e549abbb8ed |
|
| /// File Name: |
cisco-sa-20080326-IPv4IPv6.txt |
Description:
|
Cisco Security Advisory - A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
| | Homepage: | http://www.cisco.com/ | | File Size: | 68014 | | Related CVE(s): | CVE-2008-1153 | | Last Modified: | Mar 26 18:24:56 2008 |
| MD5 Checksum: | 497441b74e0004aa9688a6d78b55fdac |
|
| /// File Name: |
cisco-sa-20080326-queue.txt |
Description:
|
Cisco Security Advisory - Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.
| | Homepage: | http://www.cisco.com/ | | File Size: | 39760 | | Related CVE(s): | CVE-2008-0057 | | Last Modified: | Mar 26 18:24:02 2008 |
| MD5 Checksum: | 5c74aa992cd5ee8cef86af771b355b71 |
|
| /// File Name: |
cisco-sa-20080326-dlsw.txt |
Description:
|
Cisco Security Advisory - Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 76852 | | Related CVE(s): | CVE-2008-1152 | | Last Modified: | Mar 26 18:23:13 2008 |
| MD5 Checksum: | 4996d1c7db9a231f201e973caff24acd |
|
| /// File Name: |
MDVSA-2008-076.txt |
Description:
|
Mandriva Linux Security Advisory - Two vulnerabilities were found in the Website META Language (WML) package that allowed local users to overwrite arbitrary files via symlink attacks.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2748 | | Related CVE(s): | CVE-2008-0665, CVE-2008-0666 | | Last Modified: | Mar 26 18:21:33 2008 |
| MD5 Checksum: | 8635c05f2b3a0be9d4fa9a4dc214b51b |
|
| /// File Name: |
ZDI-08-013.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack overflow occurs overwriting a function pointer. This results in a situation allowing the execution of arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3185 | | Related CVE(s): | CVE-2008-0924 | | Last Modified: | Mar 26 18:20:54 2008 |
| MD5 Checksum: | e35e7ad52a9e2a0a6d71048d250a4a7b |
|
| /// File Name: |
soliduro.txt |
Description:
|
IBM solidDB versions 6.00.1018 and below suffer from format string, crash, NULL pointer, and server termination vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | soliduro.zip | | File Size: | 2920 | | Last Modified: | Mar 26 18:18:59 2008 |
| MD5 Checksum: | 06638a5eb857c1968c60370c919a7eca |
|
| /// File Name: |
sa29480.txt |
Description:
|
Secunia Security Advisory - Digital Security Research Group has discovered a vulnerability in PowerBook, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29480/ | | File Size: | 2456 | | Last Modified: | Mar 26 18:03:06 2008 |
| MD5 Checksum: | 1145ad2a630ad9682ebcfade207fed47 |
|
| /// File Name: |
sa29509.txt |
Description:
|
Secunia Security Advisory - Daniel Papasian has reported a vulnerability in the PECL Alternative PHP Cache (APC) extension, which can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29509/ | | File Size: | 2626 | | Last Modified: | Mar 26 18:03:06 2008 |
| MD5 Checksum: | 6da1389bbd3a47271c1ead3df22fef8b |
|
| /// File Name: |
USN-596-1.txt |
Description:
|
Ubuntu Security Notice 596-1 - Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby applications. It was discovered that Ruby's FTPTLS, telnets, and IMAPS modules did not check the commonName when performing SSL certificate checks. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to eavesdrop on encrypted communications from Ruby applications using these protocols.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31030 | | Related CVE(s): | CVE-2007-5162, CVE-2007-5770 | | Last Modified: | Mar 26 18:02:56 2008 |
| MD5 Checksum: | a46d0b7c1d5e53f0d8ea29f86db14854 |
|
| /// File Name: |
USN-595-1.txt |
Description:
|
Ubuntu Security Notice 595-1 - Michael Skladnikiewicz discovered that SDL_image did not correctly load GIF images. If a user or automated system were tricked into processing a specially crafted GIF, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service. David Raulo discovered that SDL_image did not correctly load ILBM images. If a user or automated system were tricked into processing a specially crafted ILBM, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9803 | | Related CVE(s): | CVE-2008-0544, CVE-2007-6697 | | Last Modified: | Mar 26 18:02:04 2008 |
| MD5 Checksum: | 56a5c4510b1bed524cff5c00ce259ee5 |
|
| /// File Name: |
USN-594-1.txt |
Description:
|
Ubuntu Security Notice 594-1 - It was discovered that Net::DNS did not correctly validate the size of DNS replies. A remote attacker could send a specially crafted DNS response and cause applications using Net::DNS to abort, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3821 | | Related CVE(s): | CVE-2007-6341 | | Last Modified: | Mar 26 18:00:59 2008 |
| MD5 Checksum: | e7eaa3c8cfc9df83a00033734478e816 |
|
| /// File Name: |
USN-593-1.txt |
Description:
|
Ubuntu Security Notice 593-1 - It was discovered that the default configuration of dovecot could allow access to any email files with group "mail" without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12819 | | Related CVE(s): | CVE-2008-1199, CVE-2008-1218 | | Last Modified: | Mar 26 18:00:16 2008 |
| MD5 Checksum: | 4a2fd40b872bf6b94fc599b98e0f26b3 |
|
| /// File Name: |
USN-592-1.txt |
Description:
|
Ubuntu Security Notice 592-1 - A ridiculous amount of vulnerabilities in Firefox have been addressed in this advisory for Ubuntu.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 30883 | | Related CVE(s): | CVE-2007-4879, CVE-2008-0416, CVE-2008-1195, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241 | | Last Modified: | Mar 26 17:56:51 2008 |
| MD5 Checksum: | aeed7a8b0cc4c145af558bade514732b |
|
| /// File Name: |
SSRT080011.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the SFTP Server (sftp-server) component of SSH version 3.2.0 and earlier running on HP Tru64 UNIX. The vulnerability could be exploited by a remote user to execute arbitrary code or cause a Denial of Service (DoS). Yes, this is from 2006. Yes, HP is just notifying people now.
| | Homepage: | http://www.hp.com/ | | File Size: | 6728 | | Related CVE(s): | CVE-2006-0705 | | Last Modified: | Mar 26 16:29:50 2008 |
| MD5 Checksum: | ff783e16ea6d5ea497e199cd8890a3a2 |
|
| /// File Name: |
sa28203.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Orb, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28203/ | | File Size: | 2395 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | b2cd9878b0b8a996f5db6ff4c311f4c4 |
|
| /// File Name: |
sa29237.txt |
Description:
|
Secunia Security Advisory - Pranav Joshi has reported a security issue in ZyXEL ZyWALL 1050, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29237/ | | File Size: | 2272 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | f31a4208e8b21f4a6a26b5928384ac2d |
|
| /// File Name: |
sa29294.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for libicu. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/29294/ | | File Size: | 9807 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | 6f802f1be02976217f8218ee4825e6d0 |
|
| /// File Name: |
sa29475.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29475/ | | File Size: | 2738 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | e472f97aac0e929389a5d7a6ca905657 |
|
| /// File Name: |
sa29479.txt |
Description:
|
Secunia Security Advisory - c0ndemned has reported a vulnerability in XLPortal, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29479/ | | File Size: | 2404 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | 10f6a7ba08ff6953b09da9a2bab9ab07 |
|
| /// File Name: |
sa29490.txt |
Description:
|
Secunia Security Advisory - Russ McRee has reported a vulnerability in Photo Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29490/ | | File Size: | 2293 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | 524def9a4430fcc6b389d737f6d5d975 |
|
| /// File Name: |
sa29493.txt |
Description:
|
Secunia Security Advisory - Jerome Athias has discovered a vulnerability in the my_gallery plugin for e107, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29493/ | | File Size: | 2317 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | 6ce00330e5aa0980d6d4cc4b09750534 |
|
| /// File Name: |
sa29502.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for serendipity. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and script-insertion attacks or to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29502/ | | File Size: | 3023 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | 843f5201e1243c69c94de0a9bab68203 |
|
| /// File Name: |
sa29506.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29506/ | | File Size: | 15896 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | 1bce3206f382a7b5d40d057c15645357 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
