Asterisk Project Security Advisory - The Asterisk STUN implementation in the RTP stack has a remotely exploitable crash vulnerability. A pointer may run past accessible memory if Asterisk receives a specially crafted STUN packet on an active RTP port. The code that parses the incoming STUN packets incorrectly checks that the length indicated in the STUN attribute and the size of the STUN attribute header does not exceed the available data. This will cause the data pointer to run past accessible memory and when accessed will cause a crash.
bc0c39530df4dd18a6dbdcdc793f1561ba085d70afb011dfde1d4bdcb5f322afAsterisk Project Security Advisory - The Asterisk Skinny channel driver, chan_skinny, has a remotely exploitable crash vulnerability. A segfault can occur when Asterisk receives a packet where the claimed length of the data is between 0 and 3, followed by length + 4 or more bytes, due to an overly large memcpy. The side effects of this extremely large memcpy have not been investigated.
950ae078a58d7241a19dc7a251b19e77edd52fcfa03de8eed1f658bf4850424bAsterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable crash vulnerability. A NULL pointer exception can occur when Asterisk receives a LAGRQ or LAGRP frame that is part of a valid session and includes information elements. The session used to exploit this issue does not have to be authenticated. It can simply be a NEW packet sent with an invalid username. The code that parses the incoming frame correctly parses the information elements of IAX frames. It then sets a pointer to NULL to indicate that there is not a raw data payload associated with this frame. However, it does not set the variable that indicates the number of bytes in the raw payload back to zero. Since the raw data length is non-zero, the code handling LAGRQ and LAGRP frames tries to copy data from a NULL pointer, causing a crash.
82005035f0af5942ecb9961ae6e9407bfeadba79e2de888767b6b9905cdf838fAsterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable stack buffer overflow vulnerability. It occurs when chan_iax2 is passed a voice or video frame with a data payload larger than 4 kB. This is exploitable by sending a very large RTP frame to an active RTP port number used by Asterisk when the other end of the call is an IAX2 channel. Exploiting this issue can cause a crash or allow arbitrary code execution on a remote machine.
e4dc71a2fe12119c9e203636d801c336673cd5417bd25d738fda712d34d52222OpenSC consists of a SmartCard library that uses any common transport API (e.g. PC/SC, CT-API, OpenCT) as its backend and applications that use the library. It has been tested extensively on Finnish Electronic Identity (FINEID) cards, but a number of other PKCS #15 and ISO 7816 compatible cards work too. Also implemented are a PKCS #11 module (e.g. for Mozilla Web/email usage), a PAM module, somewhat working OpenSSH support, an OpenSSL engine, a few basic tools, and a PKCS #15 structure generation tool for supported cards.
4ef75dee81a71470911eaca0e0fd3a761c8a16cb53759e443f835137d530f197OpenCT is a library for accessing smart card terminals. It provides a rich set of functions for driver writers, protocol drivers for T=0 and T=1, serial and USB functionality, including USB hotplugging. The main user of OpenCT is the OpenSC smart card framework, but OpenCT can of course be used by other applications as well. OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an OpenCT ifdhandler resource manager.
21ce1c8c53f21ecb807cfd6a9bef0a10ea60506a6b6cb2be9e1cf79049e43e5fPam_p11 is a pluggable authentication module (PAM) package for using cryptographic tokens such as smart cards and USB crypto tokens for authentication. Pam_p11 is very simple, as it has no config file, no options other than the PKCS#11 module file, and does not know about certificate chains, certificate authorities, revocation lists, or OCSP. There is one module that uses the $HOME/.eid/authorized_certificates file (like the old pam_opensc did) and one module that uses the $HOME/.ssh/authorized_keys file (like ssh does).
cb5d1d7e79fb3775ddbe85f7023645e26424a18264e1a5e0894734e1fca4e25aLibp11 is a library that implements a small layer on top of the PKCS#11 API to make using PKCS#11 implementations easier.
aa8051f8a2b0eda71a3e6b3e0890fecd7b5b8f1d202c4e90330bfaac03a960edEngine_pkcs11 is an implementation of an engine for OpenSSL. It can be loaded using code, config file, or command line and will pass any function call by openssl to a PKCS#11 module. Engine_pkcs11 is meant to be used with smart cards and software for using smart cards in PKCS#11 format, such as OpenSC. Originally this engine was a part of OpenSC, until OpenSC was split into several small projects for improved flexibility.
3a361968c608abc6079bd6a55ac6152ff71828e35dede33aa438314fbd377198iDefense Security Advisory 07.17.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.'s (CA) Threat Manager allows attackers to execute arbitrary code with SYSTEM privileges. When Computer Associates Threat Manager is installed, it also installs the Alert Notification Server (alert.exe) which registers an RPC interface with the GUID 3d742890-397c-11cf-9bf1-00805f88cb72. This interface contains stack-based buffer overflow vulnerabilities within the handling code for several RPC operation codes. iDefense confirmed that the Alert Notification Server included with Computer Associates International Inc.'s eTrust Integrated Threat Management r8 for Windows is vulnerable.
45a5f1700f172a1a35fff01253f255fa6dcf41615e0701e84b3fafb7502a463fiDefense Security Advisory 07.17.07 - Remote exploitation of a denial of service vulnerability within version 5.1.0.2 of IBM Corp.'s Tivoli Provisioning Manager for OS Deployment allows attackers to deny service to all product functionality. This vulnerability specifically exists in the TFTP protocol implementation. When processing a read request (RRQ), an integer division by zero error can be triggered by supplying an invalid "blksize" argument. This exception is not handled and will result in the rembo.exe service terminating. iDefense has confirmed the existence of this vulnerability in version 5.1.0.2 of IBM Corp.'s Tivoli Provisioning Manager for OS Deployment. Version 5.1.0.116 was tested and found not to be vulnerable.
40106158ae64ead59633c78c6baab0148d5d02413668e8e71ea6cd3d961f725aQuickerSite version 1.7.2 suffers from a cross site scripting vulnerability.
9e626ddeec5cecd5713d8ec4cf48be261c28bc6092f247163342adb9a82207dcUbuntu Security Notice 488-1 - Alex Solovey discovered that mod_perl did not correctly validate certain regular expression matches. A remote attacker could send a specially crafted request to a web application using mod_perl, causing the web server to monopolize CPU resources. This could lead to a remote denial of service.
2df01f7323baf7e7291455fc97567e8c5c962f1d5a78e8ce77f77a6dec7e440aUbuntu Security Notice 487-1 - It was discovered that Dovecot, when configured to use non-system-user spools and compressed folders, would allow directory traversals in mailbox names. Remote authenticated users could potentially read email owned by other users.
ffd6e32af1d9c2c08cb7ad728e03641e3c20ff6b9bb09e074b7e53dc54643953Ubuntu Security Notice 485-1 - It was discovered that the PHP xmlrpc extension did not correctly check heap memory allocation sizes. A remote attacker could send a specially crafted request to a PHP application using xmlrpc and execute arbitrary code as the Apache user. Stefan Esser discovered a flaw in the random number initialization of the PHP SOAP extension. This could lead to remote attackers being able to predict certain elements of the authentication mechanism.
3b1aa1db8f86fd8720cd09c25870adcb7f21377c0979f21e48754ce40876a96bUbuntu Security Notice 484-1 - It was discovered that the GnuTLS certificate verification methods implemented in Curl did not check for expiration and activation dates. When performing validations, tools using libcurl3-gnutls would incorrectly allow connections to sites using expired certificates.
d8cd72466f0894221e851c1a3f9e92d698d58063134bccdf698338f21da0034cData Dynamics ActiveBar ActiveX insecure methods exploit that affects actbar3.ocx versions 3.1 and below.
f34300e894d2992641bd8f402171692932448c1e8dae1f2674c4d04740ae1dd6Expert Advisor is susceptible to a SQL injection vulnerability index.php.
9c602e05bad7bcb851cd9b723a6f5f241f69f0a91ca345ee5a5a5273c9f1451eInsane Simple Blog versions 0.5 and below suffer from cross site scripting and SQL injection vulnerabilities.
0e0ca0694a41ffd7f2d3a68dd54d0ee6efbe3dbc5f11ae9ec3e6a643acdba40bThe MailMarshal Spam Quarantine version 6.2.0.x HTTP interface password reset facility is vulnerable to a SQL buffer truncation attack. The vulnerability could be exploited to reset and retrieve any user account. The attacker would require prior knowledge of the users email address.
413e168c92dfcc339ecd500754b6e240ebd1b59e709f687e96ac02bb9c73e549Secunia Security Advisory - Daniel C. Litzenberger has reported a weakness in DAR, which can potentially be exploited by malicious people to disclose certain information.
bc3098f6a13ddee0f7e6dc601922e473226a851e49b43773d652bedf984eeddaSecunia Security Advisory - A vulnerability has been reported in Infinite Responder, which can be exploited by malicious people to conduct SQL injection attacks.
e8f1b9da2012a8f9b35f34616fb1a292acb391ab29242cc0aaca2fa98d0b59a5Secunia Security Advisory - Gary O'leary-Steele has reported a vulnerability in MailMarshal, which can be exploited by malicious people to disclose potentially sensitive information.
310217e65d90088d04123a2c196867dd7d9595fc5738b56030d9bcf7b244134bSecunia Security Advisory - A potential vulnerability has been reported in Kaspersky Anti-Virus for Check Point FireWall-1, which may be exploited to cause a DoS (Denial of Service).
c6936c98c227d185031ebb383c6801cb2050e2526a2825b78a04e0bbdf5907a9Secunia Security Advisory - m4t4d00r has discovered a vulnerability in Jasmine CMS, which can be exploited by malicious users to conduct script insertion attacks.
b46c57d04c1c670daeddb9707a04622c17ebab0510b05599f4a53f429114bb2e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed