Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
501fee417fe6ba2b16a422f5cde669441ffad8611bba304f314fbdf49e7846e3Red Hat Security Advisory 2012-1130-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain.
42dc7fc7f4242c34b5fee2c87659f3b6aa1715f04f6efce9032ba41dce31257aRed Hat Security Advisory 2012-1132-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code.
a5d84dba4b2247a80c32799c231d8fc28d3b015060f969744e150eb90894b4b2Red Hat Security Advisory 2012-1131-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the "create" privilege could use this flaw to crash kadmind.
fc644b1cb9cf0a8750b9b22679610ad70952fe4b170e2844397d3cea0bd64a5aRed Hat Security Advisory 2012-1129-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.
6c0b4a58bbe502f34d3cdba3053094775341e381fd60d5e809bd0de7e804b918Ubuntu Security Notice 1520-1 - Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
230d2bccf2e221f779ebacf8edcc34a5fd7d0176f42f3af106b6b41e010163fdRed Hat Security Advisory 2012-1125-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0 Release Notes.
b8d763d67a55bbd9739b6389ec7a18b563c208224d53204c1a9cca5f0d61037eRed Hat Security Advisory 2012-1123-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.
d67eb1d04442b76dec0ff69b83fdb0f30a725174eb0d94f934f1d7da947fb2e9Red Hat Security Advisory 2012-1122-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.
bc3bb796ff58730e45372a3e38552b96f6be5def156cd38934dca68b517bfc15Secunia Security Advisory - Two vulnerabilities have been reported in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks.
a97ca29acf0391a400db8256682379a894ac51298a22a1e4838fbd6c2fa0892fSecunia Security Advisory - Red Hat has issued an update for bind97. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
0920cbe6ef2320aa0cdc3b02f1585076e3d63f31f75ee622e6c5512995dbfcc8Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious users to bypass certain security restrictions.
fd192c27c1a662c3c39472fc60c7ce046c6de1f5d8d69b9e0bf62ba894f90934Secunia Security Advisory - Matt Andreko has discovered a vulnerability in Sysax Multi Server, which can be exploited by malicious users to compromise a vulnerable system.
71fe00730c13e486b11af93f71da030e282f264f8d07e2095ab2d8eaaf66fbbfSecunia Security Advisory - A security issue has been reported in IBM Rational Directory Server, which can be exploited by malicious people to conduct spoofing attacks.
81d8fa4b238559d713ead309f268dca7c154ced8fef132a7488b38bcd2c022daSecunia Security Advisory - Multiple vulnerabilities have been reported in Ushahidi, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and conduct SQL injection attacks.
99a8f203d06f8c164f18a7097ffea0575a473da502c270efe5c79dacfd5a7671Secunia Security Advisory - Two vulnerabilities have been reported in the PoodLL plugins for Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks.
7f928e1ef9d46da2dadab131054e85fcc473662c2453689b842054730301feddSecunia Security Advisory - Two security issues and a vulnerability have been reported in Django, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
9239fbffebc7f27da01750df0381a2801292c0c7b99ddaa8f70b612be2d18560Secunia Security Advisory - Some vulnerabilities have been reported in the Backend Localization plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
77a4086ca6f20e915785181730d0675252f56b8f6f763f25404ec336d2103498Secunia Security Advisory - A weakness has been discovered in Scrutinizer NetFlow and sFlow Analyzer, which can be exploited by malicious, local users to bypass certain security restrictions.
eb4bc7c7983fbc936d2f8fc9acc61b3ad6789d493a3111747661dfc717954d3cSecunia Security Advisory - A vulnerability has been reported in ICONICS GENESIS32 and ICONICS BizViz, which can be exploited by malicious, local users to gain escalated privileges.
a873e7efe03216b30da648df37190cfe2e7d2c76894d75aaf671a7b90ec9d078DataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a remote blind SQL injection vulnerability.
b490b61cddfb1646f4adbb097c40441e7e7963d4b9bc0f254dde7e16ee03d28fA security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.
4cd2f77e1b66b8024507a17ff8fd9246978a15c4237dcc46026b9a96ef1a1227Debian Linux Security Advisory 2517-1 - Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation.
1264cbf6ebe6d856f52045f33b4880823f6d6637579867ab6419f12fcd0c8aa0Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues. Various other security issues have also been addressed.
fc759a56d0fd0415fcdc1530461fc3a3b4be19990db69c21c30eed023857e0e8Mandriva Linux Security Advisory 2012-119 - High numbers of queries with DNSSEC validation enabled can cause an assertion failure in named, caused by using a bad cache data structure before it has been initialized. The updated packages have been upgraded to bind 9.7.6-P2 and 9.8.3-P2 which is not vulnerable to this issue.
13ac256eb5b1283087978ae8aac5de7235f982e7fb811a2395d8e53457110415
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed