Ubuntu Security Notice 1210-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
7dbccee48a7450ce7c829e91fe6ad680a38feedc2ba421a2771127dad6690fd9Mandriva Linux Security Advisory 2011-138 - This advisory updates wireshark to the latest version (1.6.2), fixing several security issues. Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service via a malformed packet. Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service via a malformed capture file that leads to an invalid root tvbuff, related to a buffer exception handling vulnerability. The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service via a malformed packet. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.
1be2ff4344b88429c4b45236683821e4090a102fcfdcdb92236828617d266698Mandriva Linux Security Advisory 2011-137 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8s and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages, which allows remote attackers to cause a denial of service via out-of-order messages that violate the TLS protocol.
83fe8b76f3683d9eb0fcf02ef6b3ea18f900160bf76d8b38af1184c342723125Mandriva Linux Security Advisory 2011-136 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
e3765f04fd3fa848a54e5b3241f978ebdaf604daafd27e5b928651631fa7179ciDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
c3a21b221a5ca43b424d4c87ecdc5132c8fd5e83be4966ed52bb847af74da8e6iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs yearly. When adding a sequence of dates, it is possible to trigger an invalid array indexing vulnerability, and write beyond the bounds of a heap buffer. This can lead to the execution of arbitrary code. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
e0e79989e42a8350fda243c95b2a87e6ecde82bbd0ea9bc0fb9a7e5eab17ade1iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs on weekdays. A heap based buffer overflow can be triggered due to the lack of checks to ensure that there is enough space in the buffer to hold all of the RRULE entry data. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
74cad0c15a570d196b3c7330c61160de1f4e97c9b98ebe52b30ebecc7523282cFreeBSD Security Advisory - When a UNIX-domain socket is attached to a location using the bind(2) system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. A local user can cause the FreeBSD kernel to panic. It may also be possible to execute code with elevated privileges ("gain root"), escape from a jail, or to bypass security mechanisms in other ways.
90c70fca348e56d74499aa09d49020d5bbfb6758cde3a0c5eb8220e687826572FreeBSD Security Advisory - The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.
56febab158d830afcb2df839a7a95ac3e1a7fab7a28a063e7e3fb77d6e868228A whitepaper on the basics of Android and reverse engineering of Android applications.
3a7c611870da5531d81c577fdf35fe9dc0af53466f037facf67b7aa647b36b60Cisco Security Advisory - The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability.
8afb0a933ae726a37083974b6edfb4286fe02ce52c35a4f68e9a52527e931a5dCisco Security Advisory - A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature.
30ed0013cb4d5700a0c23989105d6c2f67a01ac48fda81f2c50cd3b61cff7904Cisco Security Advisory - Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features.
9e20f1f90416b651deeab8b2cf059be0432ae5c35145f7039e3a54ff50f68bbcCisco Security Advisory - A denial of service (DoS) vulnerability exists in Jabber Extensible Communications Platform (Jabber XCP) and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Successful exploitation of this vulnerability could cause elevated memory and CPU utilization, resulting in memory exhaustion and process crashes. Repeated exploitation could result in a sustained DoS condition. There are no workarounds available to mitigate exploitation of this vulnerability.
a1d9dd0dc2a21a545fe286133f4295ddebf8ededd7568b3f907daf79a585397eCisco Security Advisory - Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability.
a5f1927958aa4c1612f94d0917d625ae14208a68fe421f75813a8f60c2bc9f7eCisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
3e5c649daea98f2fca96808c0596078230f8dd81427f67c139229f5446d49360PcVue versions 10.0 and below suffer from code execution, file corruption, and an array overflow.
2b492fc5f7687d09c964607ba7f43df83758c2deffbd132dac6f74f247ee0d92Traq version 2.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
22668c0c2e29e4f3d963fd3af1239678b004998c24ca0e5ea0fa0821bc184a72VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "ICalProcessYearlyRule()" function within the "gwwww1.dll" component when processing a malformed "BYWEEKNO" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
db76992fc18da1157668a6a0332cdb40c29764ed690037608ce8caa1dc451bd4VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwIRecurParam::integerList()" function within the "gwwww1.dll" component when processing a malformed "RRULE" integer list in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
d697fda1f2bceeef87278e911dee69649d6ee0b25eb8e452101f1275579c8d3aFreeBSD Security Advisory - A logic error in the BIND code causes the BIND daemon to accept bogus data, which could cause the daemon to crash.
c21e64c2f2aa94b36262f7c921be33cd4195b26c049f52e436c3a4f598e601bfRedmind Online Shop / E-Commerce System suffers from a remote SQL injection vulnerability.
9877e42fe4ffb7c121a402e750e53812c641b531acd65aa7ab1c034bbeefc9bfJarida version 1.0 suffers from a remote SQL injection vulnerability.
6e69a004b6c0c2fc4f4ba41279ce2c180e6ce87f14cddbda91162dd39ae19510WordPress Mingle Forum plugin versions 1.0.31 and below suffer from a remote SQL injection vulnerability.
c654afe3a55693ffb3374390dd876112a0eb7f3eeba8ef92d756f940cf428205Cisco Security Advisory - The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of multiple protocols. Cisco has released free software updates that address these vulnerabilities.
e071e8cf0c9a04c74dd457a5df6b6f75145eca329e618d38d8ba34088be76e8f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed