exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 67 RSS Feed

Files Date: 2005-10-04 to 2005-10-05

usn-189-1.txt
Posted Oct 4, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-189-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran Ghory also discovered a path traversal vulnerability. Even when the --no-absolute-filenames option was specified, cpio did not filter out ".." path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CVE-2005-1229)

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2005-1111, CVE-2005-1229
SHA-256 | 6c020b860f3162b5c142afd08d7d2ed80874cb3d6613efa8875483bac869d12a
usn-188-1.txt
Posted Oct 4, 2005
Authored by Martin Pitt | Site security.ubuntu.com

iUbuntu Security Notice USN-188-1 - Chris Evans discovered a buffer overflow in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

tags | advisory, overflow, arbitrary
advisories | CVE-2005-2964
SHA-256 | 01e1e78f8d01e887963d5567608c06a38b95c46065fb9fc107226f520f9b148b
Security_Breach_Survey.pdf
Posted Oct 4, 2005
Authored by Ponemon Institute | Site whitecase.com

White and Case, a top NYC law firm, posted a survey on Data Security Breach Notifications on September 26, 2005. From the press release: "Victims of personal data security breaches are showing their displeasure by terminating relationships with the companies that maintained their data, according to a new national survey sponsored by global law firm White & Case. The independent survey of nearly 10,000 adults, conducted by the respected privacy research organization Ponemon Institute, reveals that nearly 20 percent of respondents say they have terminated a relationship with a company after being notified of a security breach."

tags | paper
SHA-256 | 34841f15fde3174b2d3ba914496579e6be03c3365d6584bd104e7dc03f893335
Gentoo Linux Security Advisory 200509-21
Posted Oct 4, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-21 - Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Versions less than 4.2.2 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 53d5854bccd2e62d8a4e1df7f42b479d79b3d31c31007143fddcc7d5dd48d544
Gentoo Linux Security Advisory 200509-20
Posted Oct 4, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-20 - Chris Evans discovered that the RTF import function in AbiWord is vulnerable to a stack-based buffer overflow. Versions less than 2.2.10 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2005-2964
SHA-256 | b1cd40fd62d17d116d19ef06e704c1b2958ea550798572d0be46c5a2cbcc06c0
Debian Linux Security Advisory 835-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 835-1 - Javier Fern

tags | advisory, arbitrary, root
systems | linux, debian
advisories | CVE-2005-2960
SHA-256 | c34847abc1ac8e80e1ae620c6476d26a11d0e417009bebcb69e3a7f24eb6d03e
Debian Linux Security Advisory 834-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 834-1 - Tavis Ormandy discovered a buffer overflow in prozilla, a multi-threaded download accelerator, which may be exploited to execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-2961
SHA-256 | 1533fae250af0638c8c18c15114753c7f090ebfed49c458387b04fda21f89688
Debian Linux Security Advisory 833-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 833-1 - A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-2558
SHA-256 | fbe0d8361c325416a0cd38b766000c2ff8a5599e7908f37af6e7b12997d88bba
Debian Linux Security Advisory 832-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 832-1 - Several buffer overflows have been discovered in gopher, a text-oriented client for the Gopher Distributed Hypertext protocol, that can be exploited by a malicious Gopher server.

tags | advisory, overflow, protocol
systems | linux, debian
advisories | CVE-2005-2772
SHA-256 | 87a2cda9839b4ecfd950d75d570f2f4b09ba150632b873a54ab973edea78721f
Debian Linux Security Advisory 831-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 831-1 - A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-2558
SHA-256 | 44435b96667e712a9639f2570ff6a5ae762d21ba9b657fdc060a20b201bd274b
Debian Linux Security Advisory 830-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 830-1 - Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorization proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local users.

tags | advisory, local
systems | linux, windows, debian
advisories | CVE-2005-2962
SHA-256 | 0efaab1176dc6599a6617dbc6f35f7c26704d76fd9382dbff5495f085e821152
Debian Linux Security Advisory 829-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 829-1 - A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2005-2558
SHA-256 | dc9f980453c09c1d2f37e8deecc778bed4f6c1520cea662b0ab19bf7ce1530c1
Debian Linux Security Advisory 828-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 828-1 - Upstream developers of squid, the popular WWW proxy cache, have discovered that changes in the authentication scheme are not handled properly when given certain request sequences while NTLM authentication is in place, which may cause the daemon to restart.

tags | advisory
systems | linux, debian
advisories | CVE-2005-2917
SHA-256 | 7ef499a1227798c1d997c07bd6e5bc0392caa2dab911610da22c6d17215aaa8e
Debian Linux Security Advisory 827-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 827-1 - Moritz Muehlenhoff discovered the handler code for backupninja creates a temporary file with a predictable filename, leaving it vulnerable to a symlink attack.

tags | advisory
systems | linux, debian
SHA-256 | eedeaf75ed88dc95af3b6e97a2d118e2aebe179609f0f3e92641954f6c21c5bc
Debian Linux Security Advisory 826-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 826-1 - Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2005-1766, CVE-2005-2710
SHA-256 | 1a0dedbb4a4a7f5196ff5e735696cc55967e4d319c5ff0dd2ade97687c66ff0b
Debian Linux Security Advisory 825-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 823-1 - David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.

tags | advisory, local
systems | linux, debian
advisories | CVE-2005-2876
SHA-256 | 502bf8657d468c1a423a4f4d8abf0a5eb670db058194462e6a9f8aff8500b3f1
Debian Linux Security Advisory 824-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 824-1 - Two vulnerabilities have been discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning. The following problems were identified:

tags | advisory, vulnerability
systems | linux, unix, debian
advisories | CVE-2005-2919, CVE-2005-2920
SHA-256 | 76a8f35480ffda05f60db858104e6367f18cd4cec6b6ef911938630ef314ef44
Debian Linux Security Advisory 823-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 823-1 - David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.

tags | advisory, local
systems | linux, debian
advisories | CVE-2005-2876
SHA-256 | 4c2adb50c18ff212a796b1305534c68e1462dc347c05728ebb614af1caf57555
Debian Linux Security Advisory 822-1
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 822-1 - Eric Romang discovered that gtkdiskfree, a GNOME program that shows free and used space on filesystems, creates a temporary file in an insecure fashion.

tags | advisory
systems | linux, debian
advisories | CVE-2005-2918
SHA-256 | fb73331697cc0ca24d7df9184e8433b1cba8fb72fc535418e52f3b272c89d8d2
Debian Linux Security Advisory 809-2
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 809-2 - Certain aborted requests that trigger an assertion in squid, the popular WWW proxy cache, may allow remote attackers to cause a denial of service. This update also fixes a regression caused by DSA 751.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2005-2794
SHA-256 | fea1b192de905ca27bdc9f1f7fc6aee4a4466df46a410aeb89e989f74c5c9f62
Debian Linux Security Advisory 797-2
Posted Oct 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 797-2 - zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package.

tags | advisory, local
systems | linux, debian
SHA-256 | 0094df582ef600def2ca1c12efd4469af31ffe61cc54b7fdbc884f7799bd907f
Debian Linux Security Advisory 821-1
Posted Oct 4, 2005
Authored by Debian

Debian Security Advisory DSA 821-1 - An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression.

tags | advisory, overflow, arbitrary, perl, python
systems | linux, debian
SHA-256 | 846d0309f9895170bbb3312e9d92a9d82a1569dcfb2bb62e3a8dd1c4ac103cef
Secunia Security Advisory 17019
Posted Oct 4, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi Cosminexus, which potentially can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | cabe50b2c84cfee0fd27718537450aef7c7c068aae281566d3bc9dda2f454fe5
Secunia Security Advisory 17021
Posted Oct 4, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tavis Ormandy has reported a vulnerability in ProZilla, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | d5eb8e5245baabec3d9325477eaf79100f31c9d313d9955e2e944ab8dfebf308
Secunia Security Advisory 17023
Posted Oct 4, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Paul Szabo has reported a security issue in GNOME libzvt, which can be exploited by malicious, local users to spoof the hostname that is recorded into utmp.

tags | advisory, local, spoof
SHA-256 | c07fa5beddfa36cdda92584b5052d39ab26008d53b4c2fbf800aacf91b8cce9b
Page 2 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close