Section: .. / Last 50 Advisory Files /
| /// File Name: | 2008-002-lenovornr.txt | Description:
| Lenovo Rescue and Recovery version 4.20 suffers from a heap overflow in the file system filter kernel driver which could allow an attacker to overwrite kernel memory leading to elevation of privilege. | | Author: | Chris Clark, Rachel Engel | | Homepage: | http://www.isecpartners.com/ | | File Size: | 2214 | | Last Modified: | Oct 13 14:38:59 2008 | | MD5 Checksum: | 1e60fcf21ad455858572ae40fe5ab8d4 |
|
| /// File Name: | dsa-1650-1.txt | Description:
| Debian Security Advisory 1650-1 - Cameron Hotchkies discovered that the OpenLDAP server slapd, a free implementation of the Lightweight Directory Access Protocol, could be crashed by sending malformed ASN1 requests. | | Homepage: | http://www.debian.org/security | | File Size: | 8711 | | Related CVE(s): | CVE-2008-2952 | | Last Modified: | Oct 12 16:19:25 2008 | | MD5 Checksum: | 548a3c635a49653c55dcc7248955421f |
|
| /// File Name: | MDVSA-2008-210-1.txt | Description:
| Mandriva Linux Security Advisory - CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. This update was too late for inclusion in Mandriva Linux 2009, so it is being released now for that version. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5953 | | Related CVE(s): | CVE-2008-3906 | | Last Modified: | Oct 11 15:02:13 2008 | | MD5 Checksum: | 06dd87708ce37a3441979abe0dfdb2c1 |
|
| /// File Name: | MDVSA-2008-211.txt | Description:
| Mandriva Linux Security Advisory - A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An attacker could create malicious SGI image files that could possibly execute arbitrary code if the file was printed. An integer overflow flaw leading to a heap buffer overflow was found in the Text-to-PostScript texttops filter. An attacker could create a malicious text file that could possibly execute arbitrary code if the file was printed. Finally, an insufficient buffer bounds checking flaw was found in the HP-GL/2-to-PostScript hpgltops filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code if the file was printed. The updated packages have been patched to prevent this issue; for Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided that corrects these issues and also provides other bug fixes. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10694 | | Related CVE(s): | CVE-2008-3639, CVE-2008-3640, CVE-2008-3641 | | Last Modified: | Oct 11 15:00:49 2008 | | MD5 Checksum: | 869230af219e9221f53868047fa06838 |
|
| /// File Name: | dsa-1646-2.txt | Description:
| Debian Security Advisory 1646-2 - In DSA 1646-1, an update was announced for a denial of service vulnerability in squid, a caching proxy server. Due to an error in packaging and in testing, the updated packages did not correct the weakness. An updated release is available which corrects the error. A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid. | | Homepage: | http://www.debian.org/security | | File Size: | 8925 | | Related CVE(s): | CVE-2008-1612 | | Last Modified: | Oct 11 15:00:34 2008 | | MD5 Checksum: | db72af7c11346b839c9aaceb342e2df5 |
|
| /// File Name: | ZDI-08-067.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple CUPS. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Hewlett-Packard Graphics Language filter. Inadequate bounds checking on the pen width and pen color opcodes result in an arbitrary memory overwrite allowing for the execution of arbitrary code as the "hgltops" process uid. | | Author: | regenrecht | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3091 | | Related CVE(s): | CVE-2008-3641 | | Last Modified: | Oct 11 14:39:14 2008 | | MD5 Checksum: | 9926adae42bd4b463869d0112262dd6b |
|
| /// File Name: | FSC20081009-11.txt | Description:
| A vulnerability has been discovered in the Tape Engine component of CA ARCserve Backup. Insufficient input validation when processing remote procedure call (RPC) requests is the cause of this vulnerability. | | Homepage: | http://www.assurent.com/ | | File Size: | 2161 | | Related CVE(s): | CVE-2008-4398 | | Last Modified: | Oct 10 21:32:38 2008 | | MD5 Checksum: | 628af77713856e077db65ab767d82779 |
|
| /// File Name: | FSC20081009-12.txt | Description:
| A vulnerability has been discovered in the DB Engine component of CA ARCserve Backup. Insufficient input validation when processing remote procedure call (RPC) requests is the cause of this vulnerability. | | Homepage: | http://www.assurent.com/ | | File Size: | 2128 | | Related CVE(s): | CVE-2008-4399 | | Last Modified: | Oct 10 21:31:29 2008 | | MD5 Checksum: | 244cf771a1069b5574ae72a7a89d427e |
|
| /// File Name: | caarcserve-dos.txt | Description:
| CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability occurs due to insufficient validation of certain RPC call parameters by the message engine service. An attacker can exploit a directory traversal vulnerability to execute arbitrary commands. The second vulnerability occurs due to insufficient validation by the tape engine service. An attacker can make a request that will crash the service. The third vulnerability occurs due to insufficient validation by the database engine service. An attacker can make a request that will crash the service. The fourth vulnerability occurs due to insufficient validation of authentication credentials. An attacker can make a request that will crash multiple services. Note that these issues only affect the base product. | | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 6325 | | Related CVE(s): | CVE-2008-4397, CVE-2008-4398, CVE-2008-4399, CVE-2008-4400 | | Last Modified: | Oct 9 18:54:03 2008 | | MD5 Checksum: | 3d3a5ef9e28febb30c8e338d187c076a |
|
| /// File Name: | glsa-200810-02.txt | Description:
| Gentoo Linux Security Advisory GLSA 200810-02 - A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories. The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python code using python -c, which includes the current working directory in Python's module search path. For several ebuild functions, Portage did not change the working directory from emerge's working directory. Versions less than 2.1.4.5 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 3143 | | Related CVE(s): | CVE-2008-4394 | | Last Modified: | Oct 9 18:50:17 2008 | | MD5 Checksum: | 8b3fc0142e706b0bc424bf0de635b50a |
|
| /// File Name: | SSRT080099.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could by exploited remotely to allow cross site scripting (XSS). | | Homepage: | http://www.hp.com/ | | File Size: | 6336 | | Related CVE(s): | CVE-2008-4411 | | Last Modified: | Oct 9 18:27:04 2008 | | MD5 Checksum: | e41a3e41c12ed4aacb9e65ddbc1a2496 |
|
| /// File Name: | SSRT080046.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS). | | Homepage: | http://www.hp.com/ | | File Size: | 9501 | | Related CVE(s): | CVE-2008-3545 | | Last Modified: | Oct 9 18:26:34 2008 | | MD5 Checksum: | 2c42be5796f5be939d3a7312bce7f855 |
|
| /// File Name: | ZDI-08-066.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x24 via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an under-allocated heap buffer. This fault can be leveraged to result in arbitrary code execution. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3426 | | Related CVE(s): | CVE-2008-4480 | | Last Modified: | Oct 9 02:11:57 2008 | | MD5 Checksum: | 790b589691739a22d568d3f8cff2837c |
|
| /// File Name: | ZDI-08-065.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x0F via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an integer overflow that will be used to copy into a heap buffer. This fault can be leveraged to result in arbitrary code execution. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3460 | | Related CVE(s): | CVE-2008-4478 | | Last Modified: | Oct 9 02:10:51 2008 | | MD5 Checksum: | 1022b2e1574faf9e1fb4e47cd4adc33a |
|
| /// File Name: | ZDI-08-064.txt | Description:
| A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The server exposes a web interface and accepts SOAP connections. The service copies the contents of the Accept-Language header within a SOAP request into a fixed-length buffer without any bounds checking. If an attacker sends a specially crafted request it will trigger an overflow during a memory copy operation leading to arbitrary code execution under the context of the SYSTEM user. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3472 | | Related CVE(s): | CVE-2008-4479 | | Last Modified: | Oct 9 02:10:02 2008 | | MD5 Checksum: | 424cbdd3ba7f5b2e1149ba96e69d5355 |
|
| /// File Name: | ZDI-08-063.txt | Description:
| A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The server exposes a web interface and accepts SOAP connections. While parsing the Content-Length header within a SOAP request an integer overflow can occur. This integer overflow triggers a subsequent overflow during a memory copy operation leading to arbitrary code execution under the context of the SYSTEM user. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3400 | | Related CVE(s): | CVE-2008-4478 | | Last Modified: | Oct 9 02:08:58 2008 | | MD5 Checksum: | b5bd70f449849cc7f79a158d7d2476ba |
|
| /// File Name: | dsa-1649-1.txt | Description:
| Debian Security Advisory 1649-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. | | Homepage: | http://www.debian.org/security | | File Size: | 11583 | | Related CVE(s): | CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069 | | Last Modified: | Oct 9 02:07:30 2008 | | MD5 Checksum: | de994baacd30c719fd3c122572aac0ba |
|
| /// File Name: | dsa-1648-1.txt | Description:
| Debian Security Advisory 1648-1 - Dmitry E. Oboukhov discovered that the test.alert script used in one of the alert functions in mon, a system to monitor hosts or services and alert about problems, creates temporary files insecurely, which may lead to a local denial of service through symlink attacks. | | Homepage: | http://www.debian.org/security | | File Size: | 5010 | | Related CVE(s): | CVE-2008-4477 | | Last Modified: | Oct 9 02:05:54 2008 | | MD5 Checksum: | eff079919b84da8bf8550b76282317c2 |
|
| /// File Name: | graphviz-overflow.txt | Description:
| A vulnerability exists in Graphviz's parsing engine which makes it possible to overflow a globally allocated array and corrupt memory by doing so. Version 2.20.2 is affected. | | Author: | Roee Hay | | File Size: | 2084 | | Last Modified: | Oct 9 02:05:33 2008 | | MD5 Checksum: | f0a4b70321287389f5f51e6a368aeb51 |
|
| /// File Name: | cisco-sa-20081008-unity.txt | Description:
| Cisco Security Advisory - A vulnerability exists in Cisco Unity that could allow an unauthenticated user to view or modify some of the configuration parameters of the Cisco Unity server. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. | | Homepage: | http://www.cisco.com/ | | File Size: | 11205 | | Related CVE(s): | CVE-2008-3814 | | Last Modified: | Oct 9 01:44:13 2008 | | MD5 Checksum: | 4e943339baab177bbe32d6930c37358d |
|
| /// File Name: | advisory_W021008.txt | Description:
| Microsoft Windows Kernel is prone to a local privilege escalation due to an integer overflow error within the IopfCompleteRequest function. This vulnerability may allow attackers to execute arbitrary code in the kernel context, thus allowing to escalate privileges to SYSTEM. | | Author: | Ruben Santamarta | | File Size: | 13557 | | Last Modified: | Oct 9 01:33:00 2008 | | MD5 Checksum: | e490214eb95d7caee876f060c592f734 |
|
| /// File Name: | SSRT080122.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could be exploited remotely to create a Denial of Service (DoS). | | Homepage: | http://www.hp.com/ | | File Size: | 6463 | | Related CVE(s): | CVE-2008-3543 | | Last Modified: | Oct 7 22:05:31 2008 | | MD5 Checksum: | 9cf9544b2507acc6211fa9850b7ca520 |
|
| /// File Name: | OPENX-SA-2008-002.txt | Description:
| OpenX versions 2.6.1 and below and versions 2.4.8 and below suffer from a blind remote SQL injection vulnerability in ac.php. | | Author: | Matteo Beccati | | File Size: | 1970 | | Last Modified: | Oct 7 22:04:55 2008 | | MD5 Checksum: | 6f13f7bb5547834ad9a269e36edb1412 |
|
| /// File Name: | glsa-200810-01.txt | Description:
| Gentoo Linux Security Advisory GLSA 200810-01 - Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code. Versions less than 3.0-r2 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 3993 | | Related CVE(s): | CVE-2008-2149, CVE-2008-3908 | | Last Modified: | Oct 7 22:00:31 2008 | | MD5 Checksum: | 547905300ed3e6f108e4b728585eb32e |
|
| /// File Name: | dsa-1646-1.txt | Description:
| Debian Security Advisory 1646-1 - A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid. | | Homepage: | http://www.debian.org/security | | File Size: | 8404 | | Related CVE(s): | CVE-2008-1612 | | Last Modified: | Oct 7 12:29:43 2008 | | MD5 Checksum: | 6ef54cd10cf22b7a45cecb2af95702d0 |
|
| /// File Name: | apple-store.txt | Description:
| Apple's Mail.app does not store S/MIME encrypted emails securely in the Drafts directory on server. Version 3.5 is affected. | | Homepage: | http://www.enablesecurity.com/ | | File Size: | 3346 | | Last Modified: | Oct 6 22:29:52 2008 | | MD5 Checksum: | d4bd986357144dbbc77a2f924357767a |
|
| /// File Name: | dsa-1644-1.txt | Description:
| Debian Security Advisory 1644-1 - Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially the execution of arbitrary code by supplying a maliciously crafted video file. | | Homepage: | http://www.debian.org/security | | File Size: | 5232 | | Related CVE(s): | CVE-2008-3827 | | Last Modified: | Oct 6 22:14:49 2008 | | MD5 Checksum: | 63d8bdd15952341d8b15445ba1e16b00 |
|
| /// File Name: | dsa-1643-1.txt | Description:
| Debian Security Advisory 1643-1 - Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks. | | Homepage: | http://www.debian.org/security | | File Size: | 2832 | | Related CVE(s): | CVE-2008-4440 | | Last Modified: | Oct 6 22:14:33 2008 | | MD5 Checksum: | 5117ac099afbaf76d8ba3f92087f33f1 |
|
| /// File Name: | vmware-emulation.txt | Description:
| By exploiting the VMware flaw described in this document, user-mode code executing in a virtual machine may gain kernel privileges within the virtual machine, dependent upon the guest operating system. The flaw has been proven exploitable on x64 versions of Windows, and it has produced potentially exploitable crashes on x64 versions of *BSD. The Linux kernel does not allow exploitation of the flaws on x64 versions of Linux. | | Author: | Derek Soeder | | File Size: | 20674 | | Related CVE(s): | CVE-2008-4279, CVE-2008-3890 | | Last Modified: | Oct 6 18:43:37 2008 | | MD5 Checksum: | 9d308b99f74f10aaccfde19943b9cbc4 |
|
| /// File Name: | VMSA-2008-0016.txt | Description:
| VMware Security Advisory - VMware addresses an in-guest privilege escalation on 64-bit guest operating systems in ESX, ESXi, and previously released versions of our hosted product line. Updated VMware VirtualCenter Update 3 addresses potential information disclosure and updates Java JRE packages. | | Homepage: | http://www.vmware.com/ | | File Size: | 16144 | | Related CVE(s): | CVE-2008-4279, CVE-2008-4278, CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115 | | Last Modified: | Oct 6 18:39:57 2008 | | MD5 Checksum: | 6d2cadbdc3aa8d8b14781c8f7a10e20e |
|
| /// File Name: | MDVSA-2008-210.txt | Description:
| Mandriva Linux Security Advisory - CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13068 | | Related CVE(s): | CVE-2008-3906 | | Last Modified: | Oct 6 18:36:47 2008 | | MD5 Checksum: | 68b4e4fdd62c729cba03aa357003d366 |
|
| /// File Name: | MDVSA-2008-209.txt | Description:
| Mandriva Linux Security Advisory - Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user's credential cache. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3263 | | Related CVE(s): | CVE-2008-3825 | | Last Modified: | Oct 6 18:36:25 2008 | | MD5 Checksum: | 6c8c02e04058c8e9e9b7b397c121754e |
|
| /// File Name: | secunia-trendtraverse.txt | Description:
| Secunia Research has discovered a vulnerability in Trend Micro OfficeScan, which can be exploited by malicious people to gain knowledge of sensitive information. The vulnerability is caused by an input validation error in TmListen.exe when a client is configured to be an update agent. This can be exploited to retrieve arbitrary files from the system via directory traversal attacks. Affected is Trend Micro OfficeScan 7.3 patch 4 build 1367. | | Homepage: | http://secunia.com/ | | File Size: | 4246 | | Related CVE(s): | CVE-2008-2439 | | Last Modified: | Oct 3 14:08:29 2008 | | MD5 Checksum: | cd3bd7717ea3e9d76584427b2039083a |
|
| /// File Name: | USN-650-1.txt | Description:
| Ubuntu Security Notice 650-1 - A buffer overflow was discovered in cpio. If a user were tricked into opening a crafted cpio archive, an attacker could cause a denial of service via application crash, or possibly execute code with the privileges of the user invoking the program. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 5038 | | Related CVE(s): | CVE-2007-4476 | | Last Modified: | Oct 2 20:47:08 2008 | | MD5 Checksum: | 327a931e102a05f6cb3e829727a90e1a |
|
| /// File Name: | juniper-xss.txt | Description:
| Layered Defense Research Advisory - The Juniper Netscreen firewall NetOS version 5.4.0r9.0 suffers from a cross site scripting vulnerability. | | Author: | Deral Heiland | | Homepage: | http://www.layereddefense.com/ | | File Size: | 2156 | | Last Modified: | Oct 2 17:39:33 2008 | | MD5 Checksum: | 980859c903b74880d278edecfa19fc6c |
|
| /// File Name: | flash9-dereference.txt | Description:
| Flash 9 appears to suffer from a null pointer dereferencing in versions 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10. | | Author: | Matthew Dempsky | | Homepage: | http://www.mochimedia.com/ | | File Size: | 1259 | | Last Modified: | Oct 2 17:37:07 2008 | | MD5 Checksum: | 0c0bc484451003d874ae888ba3a01584 |
|
| /// File Name: | FreeBSD-SA-08.10.nd6.txt | Description:
| FreeBSD Security Advisory - IPv6 routers may allow "on-link" IPv6 nodes to create and update the router's neighbor cache and forwarding information. A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowing it to update router information for the victim node. | | Homepage: | http://security.freebsd.org/ | | File Size: | 5904 | | Related CVE(s): | CVE-2008-2476 | | Last Modified: | Oct 2 17:27:21 2008 | | MD5 Checksum: | 64e0b075d9702e72377ce9003d10ea78 |
|
| /// File Name: | USN-649-1.txt | Description:
| Ubuntu Security Notice 649-1 - It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious ~/.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixes for this issue were incomplete. A remote attacker could attempt multiple logins, filling all available connection slots, leading to a denial of service. This only affected Ubuntu 6.06 and 7.04. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 14795 | | Related CVE(s): | CVE-2008-1657, CVE-2008-4109 | | Last Modified: | Oct 1 22:51:55 2008 | | MD5 Checksum: | 58000d9dd0f2929fcc69919a75c30afe |
|
| /// File Name: | phpmyid-inject.txt | Description:
| phpMyID can act as a redirector and allows for header injection. Version 0.9 is affected. | | Author: | Raphael Geissert | | File Size: | 1274 | | Last Modified: | Oct 1 17:00:02 2008 | | MD5 Checksum: | 5abdc42df08402afe804c833a6b41859 |
|
| /// File Name: | USN-648-1.txt | Description:
| Ubuntu Security Notice 648-1 - Philipp Thomas discovered that the ppscan function of nasm contained an off-by-one error. If a user or automated system were tricked into assembling a specially crafted ASM file, a remote attacker could execute arbitrary commands with user privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 2349 | | Related CVE(s): | CVE-2008-2719 | | Last Modified: | Sep 30 20:34:06 2008 | | MD5 Checksum: | 02ceb93e6d6e71fbeecd6efcbed25e43 |
|
| /// File Name: | MDVSA-2008-208.txt | Description:
| Mandriva Linux Security Advisory - pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4216 | | Related CVE(s): | CVE-2008-3970 | | Last Modified: | Sep 30 19:50:24 2008 | | MD5 Checksum: | a210fc8fdfa941c74dbe873f705be559 |
|
| /// File Name: | MDVSA-2008-207.txt | Description:
| Mandriva Linux Security Advisory - A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4947 | | Related CVE(s): | CVE-2007-6559 | | Last Modified: | Sep 30 19:49:50 2008 | | MD5 Checksum: | 3d067fbb36dc5e7ad9fdda237e66b1c8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
