ESET versions 5.0 through 7.0 suffer from a kernel memory leak vulnerability.
8b5888960f4d9b82098187fccdeffd23d87b222ac084d8ed2407392d581bf827Remote reset exploit for the D-Link Wireless Router.
4bfa487aad947f3449803fa97e7cce9142e7131db6117065bce0eaa83222a2f2Gentoo Linux Security Advisory GLSA 200711-22 - Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the Stream.cc file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows. He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption. Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Versions less than 0.6.1-r1 are affected.
5f52b9f84d9302e6e300d1d2e51875e562148246b4abd18aa941c15e42413c79iDefense Security Advisory 11.14.07 - Local exploitation of an access validation vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with root privileges. When executing a setuid-root binary, the Mach kernel does not reset the current thread Mach port, or the current thread Mach Exception Port. By first creating and obtaining write access to a Mach port, and then executing a set-uid root binary, an attacker can write arbitrary data into the address space of the process running as root. This leads to arbitrary code execution in the privileged process.
ddf3efb648c973e23481ba27247dee4c3391b50406769e418dd0d2779ae4fc6aSUSE Security Announcement - Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit(). Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream.
5f88e680d2da9bf0a5cf06f3bcdfb825ad1ada6a02114a0c38c121fd3358df12Ubuntu Security Notice 532-1 - Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.
677e5058f12e473d485da0af4be16886fabcf37a7ba5d0487a4a71af1f170bd9Mandriva Linux Security Advisory - The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode. The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments. A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions. The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers. The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source. A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference. A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size. The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
64832840334304a0ea0bb133dcd8a2e85f8bbea606fab02ea59dc6a77f2fed01Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
7aa2bb1d088f48e3d5ba171705a3d01e0b7c9569de0ae59764d9bf251dcb0db8Ubuntu Security Notice 509-1 - The Linux 2.6 kernel series suffers from multiple vulnerabilities. A flaw in the sysfs_readdir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. A buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional privileges. A flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. It was discovered that certain setuid-root processes did not correctly reset process death signal handlers. A local user could manipulate this to send signals to processes they would not normally have access to. The Direct Rendering Manager for the i915 driver could be made to write to arbitrary memory locations. An attacker with access to a running X11 session could send a specially crafted buffer and gain root privileges. It was discovered that the aacraid SCSI driver did not correctly check permissions on certain ioctls. A local attacker could cause a denial of service or gain privileges.
739b16d5c2a6a6a15dde4c79a2547109bddace7cde6d485d1b7a618484a247e2ESET NOD32 Antivirus suffers from a divide by zero vulnerability when parsing ASPACK and FSG packed files.
343a656eaaefb99ba095c462d08364f3d556324a3321bb3bf32ce70fdd02939dESET NOD32 Antivirus suffers from an integer overflow vulnerability when handling ASPACK packed files.
33554f046759e59c122079d582ab1f11cf561a5181b4ba4108fded5f2b995c13ESET NOD32 Antivirus suffers from a heap corruption vulnerability during the parsing of .CAB files.
8dae8f5f74c1a686972ac290694b45ebd96e122d26950d506a99ac0cfc1ccb98The MailMarshal Spam Quarantine version 6.2.0.x HTTP interface password reset facility is vulnerable to a SQL buffer truncation attack. The vulnerability could be exploited to reset and retrieve any user account. The attacker would require prior knowledge of the users email address.
413e168c92dfcc339ecd500754b6e240ebd1b59e709f687e96ac02bb9c73e549The P-Synch Windows domain password reset web applications style parameter allows JavaScript injection.
c811e757dfd03f032fd13506676e048f9ede59a8110969e28f822537f3024761Pligg version 9.5 is susceptible to a guessable confirmation code for password reset.
6a5c9c8df8272d2b5249a353b1d8ce0b89612a994e53e4f4926cabe84e513934Sends an icmp echo request including +++ATH0 string in its ICMP data. This data resets vulnerable modems if victim replies the request. Only works on Windows XP prior to SP2. Includes Delphi source code.
292e5a0f49bc5fa0f5224e5e7ade8b35988d806db25ed0868b2f54bc5ed760c9iDefense Security Advisory 04.03.07 - Remote exploitation of a design error in certain kernel GDI functions in multiple versions of Microsoft Corp.'s Windows operating system may allow an attacker to cause a denial of service condition. During testing of the MS06-001 WMF (Windows Metafile) vulnerability, a flaw was found in the handling of WMF files. This flaw can cause the kernel to perform a bug check, also known as a "blue screen" or system crash, when it tries to parse the file. The cause of this bug check is an attempt by a function in a kernel system call to read a value obtained by dereferencing an offset into a kernel structure. This value had been previously created and then reset by previous system calls, and at the point it is accessed it does not contain a valid memory reference. This results in an access violation error, which in turn triggers the bug check. This vulnerability is different from both the Microsoft MS06-001 WMF vulnerability and the MS05-053 WMF vulnerability and is not fixed by either of these patches.
fdb46849d9f76d152ab6e6cebaabd4b8f591b50d77c6a09dfcafae4521d8a637The CA eTrust Admin GINA component contains a privilege escalation vulnerability within the reset password interface. This vulnerability is exploitable only through physical interactive access or through Remote Desktop. Affected products include eTrust Admin 8.1 SP2 (8.1.2), eTrust Admin 8.1 SP1 (8.1.1), and eTrust Admin 8.1 (8.1.0).
3962113ae17c146b5640bd4ec12da7a3f96a4ed5be77c2f201e85de1071f6d9eSEC Consult Security Advisory 20070226-0 - The 3rd party module Pagesetter for PostNuke is susceptible to a local file inclusion vulnerability. Versions 6.2.0 and 6.3.0 beta 5 are affected.
575fbb65bb1e067007269f53fe512d45d47ee97dd535d2999d2ace632822781aPort Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
ec3dca8cf70f0e310a22325a33557bd2bf197b958d18dce5c3e73f7bd5ab0e25Secunia Security Advisory - A vulnerability has been reported in Pagesetter, which can be exploited by malicious people to disclose potentially sensitive information.
ca27fea201cb9cde58fb06ab6028b83901c2df18b7016f7058ab8f09780834c2Mandriva Linux Security Advisory - The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4, as well as the 2.6 kernel, does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. The listxattr syscall can corrupt user space under certain circumstances. The problem seems to be related to signed/unsigned conversion during size promotion. The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures. The mincore function in the Linux kernel before 2.4.33.6, as well as the 2.6 kernel, does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.
3f1e7bc824821ea2b210030bdddf0ed3535f8f6790b69937d9be3fbbb072c5a7Secunia Security Advisory - IBM has acknowledged a vulnerability in OS/400, which can be exploited by malicious people to reset established TCP connections on a vulnerable system.
e7806f921bf69b70453de9dca256f322cf22a97050c585c8af8d7bf2906186aasNews versions 1.5.30 and below remote administrative password reset and code execution exploit.
f04a733858f7408bda758be8c1e8792d544592a36499c3ed1ccccda1dfcc1e61Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
bf91812261ccf3ab3c1b88ae7d8c7fb6cfd95f7bc833d7e309f3ff9bb69f2b7aMandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which could allow a local user to cause a Denial of Service (process crash). The seqfile handling in the 2.6 kernel up to 2.6.18 allows local users to cause a DoS (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels. An integer overflow in the 2.6 kernel prior to 2.6.18.4 could allow a local user to execute arbitrary code via a large maxnum value in an ioctl request. A race condition in the ISO9660 filesystem handling could allow a local user to cause a DoS (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures. A vulnerability in the bluetooth support could allow for overwriting internal CMTP and CAPI data structures via malformed packets.
29b627a6c57f64a58aaf5181124bc69b0a5710ab41f40daa39be76a6fe15e058
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed