OrzHTTPD remote format string exploit.
6dba0af58e8c2b36162a84d70b04be390a5cd60b643597c4d644a6872effe278Core Security Technologies Advisory - DAZ Studio is a 3D figure illustration/animation application released by DAZ 3D Inc. DAZ Studio can be accessed via a scripting language which allows for quite a bit of diversity in tool creation. DAZ Studio does not ask for any confirmation from the user prior to executing a scripting file with any of the following extensions: .ds, .dsa, .dse, .dsb. An attacker could abuse the scripting interface by enticing an unsuspecting user to open a malicious scripting file, thus obtaining remote code execution. Proof of concept code included.
bc2f5464386e3be721cdbc8b583c0470e0611c6c6ed620163db7b5157d15915bUbuntu Security Notice 863-1 - It was discovered that QEMU did not properly setup the virtio networking features available to its guests. A remote attacker could exploit this to crash QEMU guests which use virtio networking on Linux kernels earlier than 2.6.26.
d718ab3b40e66576dfc8b22a4d3385387c8f8dcc007a154a5dddd7e6974ca042FreeBSD Security Advisory - A local user can read files which have been updated by freebsd-update(8), even if those files have permissions which would normally not allow users to read them. In particular, on systems which have been upgraded using 'freebsd-update upgrade', local users can read freebsd-update's backed-up copy of the master password file.
ded36262fd7c099273370d8e7b7df7dcd74a6ee0b857538117b791ae99da12b6FreeBSD Security Advisory - The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. It also allows users to explicitly load libraries via various LD_ environmental variables.
43cd0a5c752f6ee28c98c000a73357ee02baaf6cfca10e1ff8d34ae1cd5fecd1FreeBSD Security Advisory - The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters.
83f0097f23e71e96656c550bd67180eab9bdaff2b8488afde19399d0ccd4562dMandriva Linux Security Advisory 2009-310 - Multiple security vulnerabilities has been identified and fixed in OpenSSL.
0dacbc11230717ec843f94df0a14966959ed125db03db8ada5edb5032c784039Mandriva Linux Security Advisory 2009-309 - Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd. Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to prevent this.
569d44718c363b879165cccc2876ddae82c144ec8ac5703c54ea660ec473034eMandriva Linux Security Advisory 2009-308 - gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability.
bcab65810e1df1bbd34d0446f0107046e9266266308d7551d40416e63d8ef9f3Mandriva Linux Security Advisory 2009-113 - Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.
21fbbd4a48f81f37d84b4f2776bc6bb2121cf2d05871288600049d4f47db34abMandriva Linux Security Advisory 2009-112 - racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. Updated packages are available that brings ipsec-tools to version 0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous bugfixes over the previous 0.7.1 version, and also corrects this issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been patched to address this issue. Additionally the flex package required for building ipsec-tools has been fixed due to ipsec-tools build problems and is also available with this update. Packages for 2008.0 are being provided due to extended support for Corporate products.
69793353b8d7b35aec80d72ee1d6a92d682557bc220b3f9e674385ecead7cf16Mandriva Linux Security Advisory 2009-108 - A stack-based buffer overflow was found in the zsh command interpreter. An attacker could use this flaw to cause a denial of service (zsh crash), when providing a specially-crafted string as input to the zsh shell. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.
6cbc76f65146a3b8effc80987d46edcf43bda5f3ea280d051ee04d94629da92aMandriva Linux Security Advisory 2009-107 - The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.
a62d99de81c69b522787773310efe6c650118ee757b7f86bc21089f418655dc8Mandriva Linux Security Advisory 2009-106 - Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.
5cb44f12c77908cfbf9ca906f929f9aea4dee9928984eed0e19f2d787203cd4aMandriva Linux Security Advisory 2009-103 - Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.
38de169c54c1efda77134db6247a0bf49fc5eaef401aae8c03d5516972c6e537Mandriva Linux Security Advisory 2009-197 - Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate and md2 algorithm flaws, and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate. This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Packages for 2008.0 are being provided due to extended support for Corporate products.
ecd423cda5abf43a8f153f67b66965b14d04a924ca31a32378cc5c2e7e74b029Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.
042df619289149414468593fc222a4e12bebd8929de0148ed365c11a1e535552Running DISA SRR scripts against your server can get you easily rooted. They run arbitrary binaries discovered on the filesystem as root. They apparently need another Security Readiness Review script to first audit their own Security Readiness Review scripts.
13c50db414a49c32d5f4758f05426bdffeba0664c8c8b172b8b141a84fe10206Adobe Illustrator CS4 version 14.0.0 encapsulated postscript (.eps) overlong DSC comment buffer overflow exploit.
2dbc0e700b5a622ea3f8e6e9580fd2b2dab0e7bf9d96f236cb3d6ceaa60cf7a8Debian Linux Security Advisory 1945-1 - Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files.
1383da289d3e1996965ea6534d01b05ec42891bd1298683faf3e32106bdfce5bDebian Linux Security Advisory 1944-1 - Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user's RT session.
b8afd96299c13b8d33964b4f08810dbf33d994f708756d1d83ce5007438b0fc6Debian Linux Security Advisory 1943-1 - It was discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
51089e82cdb37535b632168d923a1d7d96c2ea14a23c7475f565b440dedd4510Secunia Security Advisory - A weakness and some vulnerabilities have been reported in IBM WebSphere Application Server for z/OS, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), or compromise a vulnerable system.
2148ba504faf3803721a44b8acf827ea27d99475088809de87bc7836819e2209Secunia Security Advisory - Some vulnerabilities have been reported in Sun Java System Portal Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
02845c05c852bc15454609631c8b5b2a2c800f0f04caeef5deb4d8970d08b99aSecunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris and Sun Java Enterprise System, which can be exploited by malicious people to manipulate certain data.
9eb16fb207fb36596949feadcba4f38a36d92df9590050a9822ee98f8eced587
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed