Section: .. / 0801-advisories /
| /// File Name: |
CORE-2007-1119.txt |
Description:
|
Core Security Technologies Advisory - Locally exploitable kernel buffer overflow vulnerabilities and improperly validated input arguments have been found in CORE FORCE Firewall and Registry modules. The vulnerabilities allow unprivileged logged on users to crash the system (denial of service), and they also may lead to a privilege escalation or even a local root exploit. Versions 0.95.167 and below are affected.
| | Author: | Sebastian Gottschalk | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7267 | | Last Modified: | Jan 18 05:36:14 2008 |
| MD5 Checksum: | bcb349a094c8d4b1163b33bdcee0b3c9 |
|
| /// File Name: |
corsaire-jre.txt |
Description:
|
Corsaire Security Advisory - The Sun JRE product has a denial of service issue that may cause Internet Explorer to fail. Versions 5.0 prior to update 14 are affected.
| | Author: | Martin O'Neal | | Homepage: | http://www.corsaire.com/ | | File Size: | 3386 | | Related CVE(s): | CVE-2007-0012 | | Last Modified: | Jan 8 12:07:11 2008 |
| MD5 Checksum: | ef98ecad87ed7979150791bd253c8c52 |
|
| /// File Name: |
deans-xsrf.txt |
Description:
|
Dean's Permalinks Migration version 1.0 suffers from a cross site request forgery vulnerability.
| | Author: | g30rg3_x | | File Size: | 1544 | | Last Modified: | Jan 22 18:59:47 2008 |
| MD5 Checksum: | 6a8bccf5d20bbd0b6bfc06cb04b768e3 |
|
| /// File Name: |
dsa-1443-1.txt |
Description:
|
Debian Security Advisory 1443-1 - It was discovered that several buffer overflows in tcpreen, a tool for monitoring a TCP connection may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 4794 | | Related CVE(s): | CVE-2007-6562 | | Last Modified: | Jan 3 18:18:01 2008 |
| MD5 Checksum: | 33e26018b52eb44936b573395fdbc433 |
|
| /// File Name: |
dsa-1444-1.txt |
Description:
|
Debian Security Advisory 1444-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language.
| | Homepage: | http://www.debian.org/security | | File Size: | 80692 | | Related CVE(s): | CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4659, CVE-2007-4660, CVE-2007-4662, CVE-2007-5898, CVE-2007-5899 | | Last Modified: | Jan 3 18:20:29 2008 |
| MD5 Checksum: | 4019a53a8d939e22537ba8bbfc2ac5fd |
|
| /// File Name: |
dsa-1444-2.txt |
Description:
|
Debian Security Advisory 1444-2 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA.
| | Homepage: | http://www.debian.org/security | | File Size: | 45049 | | Related CVE(s): | CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4662, CVE-2007-5898, CVE-2007-5899 | | Last Modified: | Jan 24 00:18:43 2008 |
| MD5 Checksum: | 823471db4321b65f0f2a84ab52ac56a9 |
|
| /// File Name: |
dsa-1445-1.txt |
Description:
|
Debian Security Advisory 1445-1 - Michael Krieger and Sam Trenholme discovered a programming error in MaraDNS, a simple security-aware Domain Name Service server, which might to denial of service through malformed DNS packets.
| | Homepage: | http://www.debian.org/security | | File Size: | 7609 | | Related CVE(s): | CVE-2008-0061 | | Last Modified: | Jan 3 18:21:15 2008 |
| MD5 Checksum: | 46c76a00d8f4e407c0baf86ab8a448f5 |
|
| /// File Name: |
dsa-1446-1.txt |
Description:
|
Debian Security Advisory 1446-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 26531 | | Related CVE(s): | CVE-2007-6450, CVE-2007-6451 | | Last Modified: | Jan 3 18:22:04 2008 |
| MD5 Checksum: | 12b9c7171db1b9468244834d09ebb9f2 |
|
| /// File Name: |
dsa-1448-1.txt |
Description:
|
Debian Security Advisory 1448-1 - It was discovered that eggdrop, an advanced IRC robot, was vulnerable to a buffer overflow which could result in a remote user executing arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 7993 | | Related CVE(s): | CVE-2007-2807 | | Last Modified: | Jan 5 19:12:01 2008 |
| MD5 Checksum: | 0637d6fa895dbbdf779e2ab4334177fc |
|
| /// File Name: |
dsa-1449-1.txt |
Description:
|
Debian Security Advisory 1449-1 - It was discovered that loop-aes-utils, tools for mounting and manipulating filesystems, didn't drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges.
| | Homepage: | http://www.debian.org/security | | File Size: | 9717 | | Related CVE(s): | CVE-2007-5191 | | Last Modified: | Jan 5 19:15:25 2008 |
| MD5 Checksum: | b9555a32859ef7f171d1e26868c1dd25 |
|
| /// File Name: |
dsa-1450-1.txt |
Description:
|
Debian Security Advisory 1450-1 - It was discovered that util-linux, Miscellaneous system utilities, did not drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges.
| | Homepage: | http://www.debian.org/security | | File Size: | 19668 | | Related CVE(s): | CVE-2007-5191 | | Last Modified: | Jan 5 19:29:38 2008 |
| MD5 Checksum: | 3238a602809e0f2262812808b4387eb2 |
|
| /// File Name: |
dsa-1452-1.txt |
Description:
|
Debian Security Advisory 1452-1 - "k1tk4t" discovered that wzdftpd, a portable, modular, small and efficient ftp server, did not correctly handle the receipt of long usernames. This could allow remote users to cause the daemon to exit.
| | Homepage: | http://www.debian.org/security | | File Size: | 25526 | | Related CVE(s): | CVE-2007-5300 | | Last Modified: | Jan 6 19:45:17 2008 |
| MD5 Checksum: | d6c13cde33b0d40a18f5455d6c886036 |
|
| /// File Name: |
dsa-1454-1.txt |
Description:
|
Debian Security Advisory 1454-1 - Greg MacManus discovered an integer overflow in the font handling of libfreetype, a FreeType 2 font engine, which might lead to denial of service or possibly the execution of arbitrary code if a user is tricked into opening a malformed font.
| | Homepage: | http://www.debian.org/security | | File Size: | 10589 | | Related CVE(s): | CVE-2007-1351 | | Last Modified: | Jan 7 14:39:25 2008 |
| MD5 Checksum: | 4ee5fe3148d201173f7fa250eddb14e3 |
|
| /// File Name: |
dsa-1456-1.txt |
Description:
|
Debian Security Advisory 1456-1 - Daniel B. Cid discovered that fail2ban, a tool to block IP addresses that cause login failures, is too liberal about parsing SSH log files, allowing an attacker to block any IP address.
| | Homepage: | http://www.debian.org/security | | File Size: | 2948 | | Related CVE(s): | CVE-2007-4321 | | Last Modified: | Jan 10 03:56:22 2008 |
| MD5 Checksum: | 357bf1534b3a8974f4f11f7a453f6ab9 |
|
| /// File Name: |
dsa-1457-1.txt |
Description:
|
Debian Security Advisory 1457-1 - It was discovered that Dovecot, a POP3 and IMAP server, only when used with LDAP authentication and a base that contains variables, could allow a user to log in to the account of another user with the same password.
| | Homepage: | http://www.debian.org/security | | File Size: | 9314 | | Related CVE(s): | CVE-2007-6598 | | Last Modified: | Jan 10 03:56:56 2008 |
| MD5 Checksum: | 4ebef8ae0a51ae1198b6ccd0c34bb63a |
|
| /// File Name: |
dsa-1458-1.txt |
Description:
|
Debian Security Advisory 1458-1 - A race condition in the OpenAFS fileserver allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
| | Homepage: | http://www.debian.org/security | | File Size: | 22781 | | Related CVE(s): | CVE-2007-6599 | | Last Modified: | Jan 10 18:05:14 2008 |
| MD5 Checksum: | d7721b5e98ac6d83fadecc5ea627fa4e |
|
| /// File Name: |
dsa-1459-1.txt |
Description:
|
Debian Security Advisory 1459-1 - It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports.
| | Homepage: | http://www.debian.org/security | | File Size: | 8144 | | Related CVE(s): | CVE-2008-0173 | | Last Modified: | Jan 14 14:10:05 2008 |
| MD5 Checksum: | 8d1500e18a1360c8c533fe09d99b9de7 |
|
| /// File Name: |
dsa-1461-1.txt |
Description:
|
Debian Security Advisory 1461-1 - Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop.
| | Homepage: | http://www.debian.org/security | | File Size: | 22986 | | Related CVE(s): | CVE-2007-6284 | | Last Modified: | Jan 14 17:11:10 2008 |
| MD5 Checksum: | 3f9f3034d66fc071725507a6f87731e3 |
|
| /// File Name: |
dsa-1462-1.txt |
Description:
|
Debian Security Advisory 1462-1 - Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user.
| | Homepage: | http://www.debian.org/security | | File Size: | 8747 | | Related CVE(s): | CVE-2007-5208 | | Last Modified: | Jan 14 17:11:40 2008 |
| MD5 Checksum: | 1910044ec3c90d531908d5056eb88251 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
