NetBus 1.6 (Patch 4) - Patched to avoid detection by Spider, Drweb, Avp, and Norton Antivirus. Archive password is set to p4ssw0rd. Use at your own risk.
038a91f8d27ee8603040e79ae6d00da67c535f7f1da6333069b65cc5271f73ddUbuntu Security Notice 1244-1 - Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
e4754fa6724234d333d49b5c5ae6f7479b66f52067e7648702db16544a280bcdUbuntu Security Notice 1240-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
7bb5696fdf28788ddf1a181d26c0746a318f35d21e90975dc7a17a6248fbbf34Ubuntu Security Notice 1239-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
a8d44e1d2d7d40338fc3f73c81b91d2690ae35010e30a9837bab689992f33bd1Mandriva Linux Security Advisory 2011-153 - The LZW decompressor in the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to and CVE-2011-2896. The updated packages have been patched to correct this issue.
74b02a4d1cc9f234803f357f47342c8c7e438ae30758ff5024405fab894f950aSecunia Security Advisory - Gentoo has issued an update for unbound. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
e3781544b07e6a4a7e61be67c0da4d9e897251b8b64fffe720f21c9cdccee522Gentoo Linux Security Advisory 201110-12 - Multiple denial of service vulnerabilities were found in Unbound. Versions less than 1.4.10 are affected.
acbc990c4724db50df721315fbe9ce8d6afbb94d9cc3ef2ce6cff88c460f20bcSecunia Security Advisory - A vulnerability has been reported in HP Onboard Administrator, which can be exploited by malicious people to bypass certain security restrictions.
026bbb0dbcbcf789015c1ee7748d56d7ee12ab48184e15d7c8153537445f0becThe IPMI functionality of some Supermicro mainboards comes with two admin accounts by default but the manufacturer only notes that you should change the password for the ADMIN account. However, a second account, Anonymous, exists.
ebfaa994a643bb9852478e388c13bab8563b97143563b75575a02e698e38f9a1Ubuntu Security Notice 1228-1 - Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Various other issues were also addressed.
7a796facfbdbd4810efed8d348e53d29c7acf6784437937e622860655741e4f6HP Security Bulletin HPSBMU02710 SSRT100601 - A potential security vulnerability has been identified with HP Onboard Administrator (OA). The vulnerability could be exploited remotely to gain unauthorized access. Revision 1 of this advisory.
8224be93c871c8c41eb80eb778a040f90039abdc72505dc40639b6913e85eaa7This Metasploit module exploits an arbitrary command execution vulnerability in nmap.php and nbtscan.php scripts.
07c81c6659b780fcefe23e040f571eff0f119a086fc2380e934d43cebc03617dUbuntu Security Notice 1226-2 - Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Various other issues were also addressed.
6af7c242db0fdb0bbad276a6f9048b8bcaebdb8a9416eb291ba81198604e3ac3Ubuntu Security Notice 1226-1 - Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that Samba incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
71e65f5653de3223a61f2d146fe9e51956f701ec43a9f64818e94a0e65975f98Ubuntu Security Notice 1225-1 - Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Various other issues were also addressed.
b1f7dfa9aac3262694f9d2d9d05907998c01f0a91e58587143172a3404102b77Debian Linux Security Advisory 2312-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
a6902286da44592ff48572355b8fee8eb0b4d4760d83235fc8062977b61f3d9dUbuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
7ce613f6fb82e60467fe2db0120524df0114dd4f622231bc1bba67151a5b6582Ubuntu Security Notice 1216-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
632b7c41843d8b08abd09aa566debae12f62d2202a245defc954e205b756668dUbuntu Security Notice 1211-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
c722fd7511a442653d720916be5133aeccaba801f39a3fdb017e7ee6b3699415PunBB PHP Forum suffers from cross site scripting vulnerabilities.
d8d3793a6fcf75cc7f7df0ecb723320bdd09dc088958cdb60f390cfd39f87be9Ubuntu Security Notice 1208-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
c72d25c5c02bfb1b3dd8b578a0fff242bb575640e763f8cf25379ff8a0fc30baUbuntu Security Notice 1205-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
e901cc91b033169b3dfc85934ff4ac4f1d05b966694731a50e4441e8edea0d07Ubuntu Security Notice 1204-1 - Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.
d65a3d265010dcc757cc58fad050e2727d47806e2609d736043b0ff3e79a9e82Ubuntu Security Notice 1203-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
286bb941d7141b756b5c455e3e57f8e085d01c33d50b9139d9d2c90312850771Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Various other issues were also addressed.
b470551b1de773c77d363adf5b0cb1910cc8654d0405c8a191ad8f00fd5d2535Ubuntu Security Notice 1201-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
594e6301fd8adfd138461fd891793167bc75a8565f367e0d80fc7bc3941f4ea0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed