Section: .. / 0602-advisories /
| /// File Name: |
lexmark.txt |
Description:
|
NGSSoftware has discovered a high risk vulnerability in the Lexmark Printer Sharing service which could allow a remote, unauthenticated attacker to execute arbitrary code on a Lexmark printer user's computer system with Local System privileges. A workaround is included in the advisory.
| | Author: | Peter Winter-Smith | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3393 | | Last Modified: | Feb 8 06:11:40 2006 |
| MD5 Checksum: | fbae06f8de8f7f05db51a23123ae4a1d |
|
| /// File Name: |
MDKSA-2006-028.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the session extension (aka ext/session) and the header function. Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in certain error conditions.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8090 | | Related CVE(s): | CVE-2006-0207, CVE-2006-0208 | | Last Modified: | Feb 2 20:49:07 2006 |
| MD5 Checksum: | 9ec058a64a1ce89469bbaf30fbf96254 |
|
| /// File Name: |
MDKSA-2006-029.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X argument.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2576 | | Last Modified: | Feb 3 01:02:44 2006 |
| MD5 Checksum: | e20dfcf8f1af7538146ee786259ddf3d |
|
| /// File Name: |
MDKSA-2006-030.txt |
Description:
|
Mandriva Linux Security Advisory - poppler - Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Poppler uses a copy of the xpdf code and as such has the same issues.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3091 | | Last Modified: | Feb 3 01:08:04 2006 |
| MD5 Checksum: | a672b24065a18d0c9415773f6c38b5cb |
|
| /// File Name: |
MDKSA-2006-031.txt |
Description:
|
Mandriva Linux Security Advisory - kdegraphics - Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8774 | | Last Modified: | Feb 3 01:08:36 2006 |
| MD5 Checksum: | 2e1fa230a1b248e2abc26c7ff26fc183 |
|
| /// File Name: |
MDKSA-2006-032.txt |
Description:
|
Mandriva Linux Security Advisory - xpdf - Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2806 | | Last Modified: | Feb 3 01:09:05 2006 |
| MD5 Checksum: | 6736c3bcfad6c0f8476734d7529e7d86 |
|
| /// File Name: |
MDKSA-2006-033.txt |
Description:
|
Mandriva Linux Security Advisory - OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16194 | | Last Modified: | Feb 3 01:09:36 2006 |
| MD5 Checksum: | 4d905d27c8db9c49cf629add06766d01 |
|
| /// File Name: |
MDKSA-2006-034.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8559 | | Last Modified: | Feb 7 22:45:09 2006 |
| MD5 Checksum: | 0a2b09d1ab70260df41599f152e89796 |
|
| /// File Name: |
MDKSA-2006-039.txt |
Description:
|
Mandriva Linux Security Advisory - Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4263 | | Last Modified: | Feb 15 00:20:33 2006 |
| MD5 Checksum: | 03d40811690ae364624e113e66f411bb |
|
| /// File Name: |
MDKSA-2006-040.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5562 | | Last Modified: | Feb 20 21:30:57 2006 |
| MD5 Checksum: | 250021f9ae91dda4362fb15b757a79f8 |
|
| /// File Name: |
MDKSA-2006-041.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in l2cap.c in hcidump allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3271 | | Last Modified: | Feb 20 21:31:34 2006 |
| MD5 Checksum: | dfef4d79a50aaf5d5d59c29fdd5f6264 |
|
| /// File Name: |
MDKSA-2006-042.txt |
Description:
|
Mandriva Linux Security Advisory - Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7300 | | Last Modified: | Feb 20 21:32:05 2006 |
| MD5 Checksum: | 6178602711f29d6907aa5d720b58f39a |
|
| /// File Name: |
MDKSA-2006-043.txt |
Description:
|
Mandriva Linux Security Advisory - Tavis Ormandy discovered it is possible to make gpg incorrectly return success when verifying an invalid signature file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4127 | | Last Modified: | Feb 20 21:32:53 2006 |
| MD5 Checksum: | 4ea1a6bd072313194b504121580ab1de |
|
| /// File Name: |
MDKSA-2006-044.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities have been discovered and corrected in the Linux 2.4 kernel.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6208 | | Last Modified: | Feb 22 20:39:15 2006 |
| MD5 Checksum: | 62819356af6f80bbb22be6bfc17bea7b |
|
| /// File Name: |
MDKSA-2006-047.txt |
Description:
|
Mandriva Linux Security Advisory - Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3663 | | Related CVE(s): | CVE-2006-0709 | | Last Modified: | Feb 26 04:35:22 2006 |
| MD5 Checksum: | 1a9109a15bc1ca18fe140bdd59a8162e |
|
| /// File Name: |
MDKSA-2006-048.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple integer overflows in the new_demux_packet function in demuxer.h and the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4734 | | Related CVE(s): | CVE-2006-0579 | | Last Modified: | Feb 26 05:47:56 2006 |
| MD5 Checksum: | ede7f568c8889d524e6344db2dcb4b96 |
|
| /// File Name: |
mgXSS.txt |
Description:
|
MG2 Image Gallery version 0.5.1 suffers from cross site scripting flaws.
| | Author: | Preben Nylokken | | File Size: | 362 | | Last Modified: | Feb 2 11:48:18 2006 |
| MD5 Checksum: | 917271602cd17a7793b3b747e9b1575d |
|
| /// File Name: |
MirabilizICQ.txt |
Description:
|
A bug in Mirabiliz ICQ could allow an attacker to trick users into executing files inside an uploaded directory.
| | Author: | edubp2002 | | File Size: | 2363 | | Last Modified: | Feb 20 22:12:44 2006 |
| MD5 Checksum: | 3f206b58cafc29cdbb11e29e76240871 |
|
| /// File Name: |
mozillaDoS.txt |
Description:
|
The Mozilla Thunderbird 1.5 address book allows fields of an unlimited size, allowing for a denial of service condition to be exploited.
| | Author: | DrFrancky | | File Size: | 785 | | Last Modified: | Feb 25 23:24:03 2006 |
| MD5 Checksum: | c91a10c627d9c38958f668c6b6fd0aab |
|
| /// File Name: |
mybbInclude.txt |
Description:
|
MyBB version 1.2 suffers from a local file inclusion vulnerability in plugins.php.
| | Author: | D3vil-0x1 | | File Size: | 670 | | Last Modified: | Feb 2 11:13:12 2006 |
| MD5 Checksum: | ae6356a2db2fa7a21ffc549e4a33cd82 |
|
| /// File Name: |
NSAG-198-23.02.2006.txt |
Description:
|
NSA Group Advisory - The Bat version 3.60.07 is susceptible to a buffer overflow.
| | Homepage: | http://www.nsag.ru/ | | File Size: | 1899 | | Last Modified: | Feb 26 05:19:37 2006 |
| MD5 Checksum: | 16a18e3b087b6a69e458ab08ce2d482d |
|
| /// File Name: |
OpenPKG-SA-2006.001.txt |
Description:
|
OpenPKG Security Advisory - According to a vendor security advisory [0] based on hints from the Gentoo project, a false positive signature verification bug exists in the GnuPG [1] security tool when unattended signature verification (e.g. by scripts and mail programs) is performed via "gpgv" or "gpg --verify".
| | Homepage: | http://www.openpkg.org/ | | File Size: | 2287 | | Last Modified: | Feb 20 21:36:48 2006 |
| MD5 Checksum: | 5aa5aedb0a9c4bde240e7dc1d1ed0cb8 |
|
| /// File Name: |
OpenPKG-SA-2006.002.txt |
Description:
|
OpenPKG Security Advisory - According to a vendor bug report [0], an incomplete blacklist vulnerability exists in the Sudo [1] utility which can lead to a privilege escalation. The vulnerability exists in Sudo 1.6.8 and earlier and allows local users to gain privileges via the "SHELLOPTS" and "PS4" environment variables before executing a shell script on behalf of another user.
| | Homepage: | http://www.openpkg.org/ | | File Size: | 2328 | | Last Modified: | Feb 20 21:37:32 2006 |
| MD5 Checksum: | d94daefc2e41a02ffbe46c2b9a9d8e94 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
