what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2009-12-05

Ubuntu Security Notice 864-1
Posted Dec 5, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 864-1 - Kernel packages have been updated. It was discovered that the AX.25 network subsystem did not correctly check integer signedness in certain setsockopt calls. Jan Beulich discovered that the kernel could leak register contents to 32-bit processes that were switched to 64-bit mode. Dave Jones discovered that the gdth SCSI driver did not correctly validate array indexes in certain ioctl calls. Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystems would leak kernel memory via uninitialized structure members. Earl Chew discovered race conditions in pipe handling. There are about a dozen other issues also addressed.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2009-2909, CVE-2009-2910, CVE-2009-3080, CVE-2009-3228, CVE-2009-3547, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3623, CVE-2009-3624, CVE-2009-3638, CVE-2009-3722, CVE-2009-3725, CVE-2009-3726, CVE-2009-3888, CVE-2009-3889, CVE-2009-3939
SHA-256 | 2f9e8bf3729b664a290f690db75777d46200920190578d7da876f4919fea4eae
Debian Linux Security Advisory 1946-1
Posted Dec 5, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1946-1 - It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation.

tags | advisory
systems | linux, debian
advisories | CVE-2009-0049
SHA-256 | 9a7f2da7e7d53f16ddc6e60f14bec24b160e4a7c5d4e107b5f68315938a24311
Mandriva Linux Security Advisory 2009-224
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-224 - Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-2937
SHA-256 | fa6727c03f758e0239d74a2c09cded1f47d3b8f5ad4181c778be47b4ac8b4dbf
Mandriva Linux Security Advisory 2009-223
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-223 - Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in simply nested DTD structures, as demonstrated by the Codenomicon XML fuzzing framework. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-1885
SHA-256 | ec20b3493610025eeee650a11f31954eace01b2226bdda739015618531fdcb41
Mandriva Linux Security Advisory 2009-315
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-315 - neon before 0.28.6, when OpenSSL is used, does not properly handle a '\\0' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, arbitrary, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2474
SHA-256 | cc5992738d88cb42a2452244ccf0f7315d087a69bb07f9dbedb3d1db74d96636
Mandriva Linux Security Advisory 2009-218
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-218 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 9fd0ff086bb44dc8e359fd8376d752218295138428e54a6bfa310fbfb8ce96a6
Mandriva Linux Security Advisory 2009-212
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-212 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 358cb28343b772c856a944d157b77948108a5b54631268a1ccbe541f63fe6705
Mandriva Linux Security Advisory 2009-211
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-211 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 97f13c48199e07b60361d99f2c70e6d5d028a834e4d0622e76289e5d80e2620c
Mandriva Linux Security Advisory 2009-208
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-208 - libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2008-4776
SHA-256 | cf8565317e881b1da89995fc541f9fefc4bfacd81e66ce2253b631b52f216560
Mandriva Linux Security Advisory 2009-213
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-213 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 253b9fa53a1c05a4c3ee23a4ab7f94b0ba873b10873bbb8e8329d1b7cce2f7aa
Mandriva Linux Security Advisory 2009-206
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-206 - GNU Wget before 1.12 does not properly handle a '\\0' (NUL) character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-3490
SHA-256 | 4d134cb5317746dbabde9ddcb0704cf7d3ebb8c26b5476cc7c3f8d510610cac6
DevIL DICOM GetUID() Buffer Overflow
Posted Dec 5, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a boundary error within the "GetUID()" function in src-IL/src/il_dicom.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file in an application using the library. The vulnerability is confirmed in version 1.7.8. Other versions may also be affected.

tags | advisory, overflow
advisories | CVE-2009-3994
SHA-256 | bef338476ab50b7b135a8f8a62a9fce7233fca04b978409af9cb476cd97ecad5
Core FTP Server 1.0 Build 319 Denial Of Service
Posted Dec 5, 2009
Authored by Mert SARICA

Core FTP Server version 1.0 Build 319 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 49933519fe2c4b693e105a1f04a807e3dcc61d13f727d9c57e57409cae6b7bd3
Ninja Intrusion And Prevention System
Posted Dec 5, 2009
Authored by Tom Rune Flo | Site forkbomb.org

Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user.

Changes: A bugfix for x86-64 platforms when using a log file.
tags | tool, local, root, intrusion detection
systems | linux, unix
SHA-256 | 0be3bda69816beb05a03df470f9d652594aa81dd49baac2bd7ebd2491794712d
IPT_PKD Iptables Port Knocking Detection 1.5
Posted Dec 5, 2009
Authored by eric

ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.

Changes: This release adds support for iptables 1.4.4 and 1.4.5 and kernels 2.6.30 and 2.6.31.
tags | tool, kernel, udp, firewall
systems | linux
SHA-256 | f7cb936c7aac861d230a972d266df509bb34fb48f4604db48ededd604466416d
BM Classifieds Ads SQL Injection
Posted Dec 5, 2009
Authored by Cr3w-D, Dr.0rYX

BM Classifieds Ads suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8f0f8a6e4f98db33741739c1e64a3445ae5dbbb5f7416dc0b3571777080b1177
Achievo 1.4.2 Cross Site Scripting
Posted Dec 5, 2009
Authored by Nahuel Grisolia | Site cybsec.com

Achievo version 1.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ad13c4066a6974de3d00a8e51c5932564f2bd764934024b97340dcf230447093
Achievo 1.4.2 Shell Upload
Posted Dec 5, 2009
Authored by Nahuel Grisolia | Site cybsec.com

Achievo version 1.4.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
SHA-256 | fd1d0f43b6c990452149cbc6a039d9120d789b1241a985a07c1c3dbbaad86a33
libmodplug s3m Buffer Overflow
Posted Dec 5, 2009
Authored by dummy

The libmodplug library is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. Versions prior to 0.8.6 are affected.

tags | exploit, remote, overflow
SHA-256 | 3ee534500a7935fc069c9d41bd90bd1c6d8eca00c07e014a3f4f88254b81c7e4
Yoast Google Analytics Cross Site Scripting
Posted Dec 5, 2009
Authored by MaXe

Yoast Google Analytics version 3.2.4 for Wordpress suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2710a8ae487c43fc21d8dd85bdfcba8d0d7987f648fb20651abd8ccd591ca3af
Invision Power Board Local File Inclusion / SQL Injection
Posted Dec 5, 2009
Authored by Dawid Golunski

Invision Power Board versions 3.0.4 and below suffer from local file inclusion and remote SQL injection vulnerabilities. Versions 2.3.6 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | efe52ce1957cc2103d4b96559bf90231ce74be94e5635eacb7a3a351c7a0837e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close