Secunia Security Advisory - Bernhard Mueller has reported a vulnerability in Perdition, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
4cb6006f1fac6e8f6a30b6cf1389f8dddd23a9d1e19ca5bac6924b4eecd36938Secunia Security Advisory - Duncan Gilmore has discovered a vulnerability in yarssr, which can be exploited by malicious people to compromise a user's system.
d97f17986e1d34179964985b4da70b2c44705a1348ea0e5048d677e1da76f79aIt appears that the firewall on the new Mac OS X Leopard system is a bit botched.
efa50c2ac1cc5fbec32db0b5e76f7437fc458042c3a85e3b25136a6246f482e1SEC Consult Security Advisory 20071031-0 - The Perdition Mail Retrieval Proxy versions 1.17 and below suffer from a format string vulnerability.
4efe9018c77b580c8c0bdf7897b14f170b94aec142d3cc6dc57eb1e1f9e4d1f1Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ippReadIO()" function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags.
ff66b477e49a4a9b5d88d1542d5cee03ef01f2f4ca231988e62038f76d3f78fdSecunia Research has discovered a vulnerability in McAfee E-Business Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets. Affected is McAfee E-Business Server for Linux version 8.1.1.
48d4afec2f5d9ccb7c0a2dfc502a2ae72692c50ed8690518870a45beb34c756dGentoo Linux Security Advisory GLSA 200710-30:02 - Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified off-by-one error within the DTLS implementation. Versions greater than or equal to 0.9.8f are affected.
0d73f5bba0849e1ddcfad464c93bbf52c3b793bef96268a80458eb993f14cef2Gentoo Linux Security Advisory GLSA 200710-31 - Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly enforced. Versions less than 9.24 are affected.
5de4d869f192fec6d1b11761c3c219e64fa4c2a60bc85eb35ea929e7ffea4dd1iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the bellmail program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within sendrmt function. This function is called when a user tries to send mail using the "m" command. Within this function, several sprintf calls are made to concatenate user-supplied input with static strings. No bounds checking is performed to ensure that the resulting string will fit in the destination buffer located on the stack. By supplying a long parameter, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability within AIX version 5.3 (5300-06) and 5.2. Previous versions are suspected to be vulnerable.
1a95829422936a89bd9887255c30ff92f350d73e274073408ed62d53ae1c4d5fiDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the ftp client of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the domacro() function. This function is called when executing a macro via the '$' command within the ftp program. When executing a macro, the parameter is copied to a fixed size stack buffer using an unbounded call to strcpy(). By specifying a long argument, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 (5300-06). Previous versions are suspected to be vulnerable.
3dec465fdd656832a851c313df9dd10488b2e285927b610249519c54c3cf6f7eiDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-V' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
1152160dd4f6457dc8644941e7cf9fd4d5b9fa651d55372dea033af1fc1e7361iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-p' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
eb8cc170ed6bb2ea346bb5e6132e53f58af5bec2acd833b04f0b10e62fb9c848iDefense Security Advisory 10.30.07 - Local exploitation of an integer underflow vulnerability in the dig program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within dns_name_fromtext function within the libdns.a library. This function is called when processing the '-y' command line parameter to the dig program. By supplying a specially crafted TSIG key parameter, an attacker is able to cause an integer underflow, resulting in potentially exploitable heap corruption. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 is not vulnerable since the dig command is no longer installed set-uid root.
ec26bd7b077f967aa8a68f926d03462460aa6ced38d18b3c6d83bfa3e540affeiDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the crontab program of IBM Corp.'s AIX 5.2 operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the main function. While processing command line arguments, the crontab program will copy a user-supplied argument to a fixed size BSS (data segment) buffer. Since no bounds checking is performed, it's possible to overwrite a large portion of the data stored in the BSS memory area. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 does not appear to be vulnerable.
bf2bf7ab5d98550fc89a5faddb98bd4109429208cc010b3c2097a31ab31c0e91iDefense Security Advisory 10.30.07 - Local exploitation of a file access vulnerability in the swcons command included in multiple versions of IBM Corp.'s AIX could allow for the creation or modification of arbitrary files anywhere on the system. The vulnerability specifically exists due to a lack of sanity checking when using the -p option. If a user specifies a file with the -p option, the contents of that file will be overwritten with 65,535 bytes of uncontrolled data. If the file doesn't exist, it will be created. In both cases, the file will also be converted to mode 222, which allows all users on the system to modify it. By specifying a system file, users can cause a denial of service condition or elevate privileges. iDefense has confirmed the existence of this vulnerability on IBM AIX version 5.2. It is suspected that previous versions are also vulnerable.
137f1cad4a41d7bcbdb4f9ae9c4cf56ffb3ca54059b49a1b60264399bd6c42f0Secunia Security Advisory - A security issue has been reported in Liferea, which can be exploited by malicious, local users to disclose sensitive information.
c45892a67321ca0fda774d36067af6f0cb866bd402a336be15ad352fe5a3e46eSecunia Security Advisory - Secunia Research has discovered a vulnerability in the IMail Client, which potentially can be exploited by malicious people to compromise a user's system.
d90e0e574f1a26be3de62b51e0f769d4c64bb9d1af1fedcdc6742e17f0092a08Secunia Security Advisory - Fatih Ozavci and Caglar Cakici have reported some vulnerabilities in RSA KEON Registration Authority, which can be exploited by malicious people to conduct cross-site scripting attacks.
2a78f18e1de140d32f2b878fcd997505ecb3af1c092a4cb6fb1ded04361aeb3fSecunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
59cf61227907084b9441ce6c855e66bd4b2943ed71f734804249efc09efe4488Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious people to conduct cross-site scripting attacks and compromise a user's system.
b6434f871c6a2219d2951540714048beb09bc9730d855a6a46b86799d663141dSecunia Security Advisory - Janek Vind has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
4ffdc6a0e0547f79cf7ed236db00d31cfd0133303f8b86e54be47dfa0606ab08Secunia Security Advisory - A vulnerability has been reported in Sun Fire X2100 M2 and X2200 M2, which can be exploited by malicious people to compromise a vulnerable system.
9e7baccbff28851235fa660fa87fd238e4ddfdcb29d390915d4ff6d23e9e9c40Secunia Security Advisory - rgod has discovered a vulnerability in GOM Player, which can be exploited by malicious people to compromise a user's system.
8423a7a19569b1ffe40ceb834dbee3d6fabd64c8f95fa87430594e264faf6622Secunia Security Advisory - 0x90 has reported a vulnerability in PHP-AGTC membership system, which can be exploited by malicious people to bypass certain security restrictions.
21b91a27815844d3d76a7fd6f5de522fc4783137e182523d9ce916b6907650c9Secunia Security Advisory - Fedora has issued an update for ruby. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
3bc780fe13bbae50641cf16a68252ab25f805b94d581587923450571713074c0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed