A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.
cdf458fa2ff6a679afd1037bdb879758b301305b20f223b3aade629bb97b04bcLocal root exploit for FreeBSD nmount(). This affects FreeBSD 7.0-RELEASE and 7.0-STABLE.
f73657bff4c5f05a9a63c9564bcf7f676f9adf0f6b8a1b9a13e53473275ca23dDESlock++ version 4.0.2 local kernel SYSTEM exploit. Affects dlpcrypt.sys version 0.1.1.27.
8ff07a4da72ac1297bb179ba6e2d9a8a8cd03398d6c137b28d4494419fe7e1efAruba Networks Security Advisory - A management user authentication bypass vulnerability was discovered during standard internal bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using public key based SSH authentication for controller management users.
291d267c35e45a94c6f92b96a8b8caf7e3787c5d5f59e06c888a90fb1e486fe7libc:fts_*() suffers from a denial of service vulnerability. This affects multiple vendors.
f1f7b02d628966dda851d771301cd67c0c164e16441e34b7ea9c6101aecb9818Gentoo Linux Security Advisory GLSA 200902-06 - Two vulnerabilities were found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. One also affects edit-utils in XEmacs. Morten Welinder reports about GNU Emacs and edit-utils in XEmacs: By shipping a .flc accompanying a source file (.c for example) and setting font-lock-support-mode to fast-lock-mode in the source file through local variables, any Lisp code in the .flc file is executed without warning (CVE-2008-2142). Versions less than 22.2-r3 are affected.
17c8574bea50c15bdbfc0e4b347a4c54008d41f1d8b905d89aa9b3117651a5ffTechnical Cyber Security Alert TA09-051A - Adobe has released Security Bulletin APSB09-01, which describes a vulnerability that affects Adobe Reader and Acrobat. This vulnerability could allow a remote attacker to execute arbitrary code.
d1b030978b5d5908c77fd45b7fc27bc22a2d7415ace32d36207e56d61b376b8bGentoo Linux Security Advisory GLSA 200902-02 - An error in the OpenSSL certificate chain validation might allow for spoofing attacks. The Google Security Team reported that several functions incorrectly check the result after calling the EVP_VerifyFinal() function, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. Versions less than 0.9.8j are affected.
f13499deaa027a65c3d9771c2e9479aff96cdfb004eaf1507e2bcfc5c18d1863Nokia N95-8 browser crashing denial of service exploit. Apparently this vulnerability also affects Firefox 3.06 causing a stack overflow.
86dfd323b43887238748e4a0706ff35c4404cb91073d28fa6fd5e401195533faNovell GroupWise versions 8.0 and below malformed RCPT command off-by-one exploit. Affects versions 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0.
cda22220d5d85f8227845ba12b4f38ab62b6cf123eb8fa3b922c51bdb0f2b0f1Debian Security Advisory DSA 1705-1 - It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This could lead to the execution of arbitrary code. Please note that this only affects installations that are configured to use a pipe command in combination with wildcard symbols substituted with values of the printed job.
92ec4039c91457686715bdcffc3bb80ebf78897c4ad7138eb6e1081fba4b9b35Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.
f5724c1eba1778218b03f1b5af75356b08e95a08bbe2b92274df7f31dea9d59aDebian Security Advisory 1688 - Two SQL injection vulnerabilities have beein found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667).
9dc7b0b9ca92f9e1f59c4c6542e5d806f993baedd0e6072fa1262af0d44fbd0dThe Opera browser suffers from a HTML parsing flaw that allows for remote code execution. This affects the browser on all platforms.
febf5df96d484a8dc165f206b1224c5465d7ce08b01af90bdeeac54a08cce767SVRT-Bkis has detected a serious buffer overflow vulnerability in ffdshow which affects all available internet browsers. Taking advantage of the flaw, hackers can perform remote attack, inject viruses, steal sensitive information and even take control of the victim's system. Versions below rev2347 20081123 are affected.
d5b01d681ab02ae46e8fa752529dd5a7d9d3b36adee4ff615ffda3aa5d2227f5Mandriva Linux Security Advisory - A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer. Several integer overflows were discovered by Felipe Andres Manzano in MPlayer's Real video stream demuxing code. These vulnerabilities could allow an attacker to cause a crash or possibly execute arbitrary code by supplying a malicious crafted video file. The updated packages have been patched to fix these issues. Note that CVE-2008-3827 was already corrected in the Mandriva Linux 2009 packages.
066d0295c5e7993cf9dc8e543353f75479252803b2356b941a661066f30a1f4fCisco Security Advisory - A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases. Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable. This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet. Cisco has released free software updates that address this vulnerability.
6ef0982b69c67aba8321a10f5b9dd4a8c31c33b2b61978e363e0d17d5b918ac7Chilkat XML Active-X remote arbitrary file creation / execution exploit that affects ChilkatUtil.dll versions 3.0.3.0 and below.
bc2cabce859e1bf95a59a3293c411fe72f2767fbbfb025399b3b25b89a870328The Horde project relies on code similar to Popoon's externalinput.php to filter out potential cross site scripting attacks on user-supplied input. Other projects are using the same code base. Therefore this vulnerability affects also the popular Cake-PHP framework. Hence, all users that rely on the externalinput sanitization functionality are affected by this vulnerability, as in addition to many other unrelated, open source projects.
21fcfc2eb2dfbc50c7d42dd8d19fdf5f77e420370c183904809c229552d63d54iDefense Security Advisory 09.09.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s GDI+ could allow an attacker to execute arbitrary code within the context of the local user. The vulnerability specifically exists in the memory allocation performed by the GDI+ library. Certain malformed gradient fill input can cause the application to corrupt the heap, potentially allowing arbitrary code execution. iDefense Labs confirmed this vulnerability affects Internet Explorer 7 and Internet Explorer 6 on the Microsoft Windows XP SP2 platform.
2e0532d3c8039af7d9bf1009a1f7bb604a510e3e30eb42cd198c7f69f961ba91This is a paper detailing the Five Ws of the Citect ODBC vulnerability that affects Citect versions 5, 6, and 7.
964dabad19a7f4cc68531d84e4b801807359a6d0cc916ab14e3874c422b8c097Cisco Security Advisory - A specially crafted Remote Authentication Dial In User Service (RADIUS) Extensible Authentication Protocol (EAP) Message Attribute packet sent to the Cisco Secure Access Control Server (ACS) can crash the CSRadius and CSAuth processes of Cisco Secure ACS. Because this affects CSAuth all authentication requests via RADIUS or TACACS+ will be affected during exploitation of this vulnerability.
03d2b3ad06e56bf03200206d5acb2d150486c95c36526b6ba7e8707ba224b692Mandriva Linux Security Advisory - Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK. Please note that this issue can not be used to discover the PIN on a card. If the PIN on a card is the same that was always there, it is unlikely that this vulnerability has been exploited. As well, this issue only affects smart cards and USB crypto tokens based on Siemens CardOS M4, and then only those devices that were initialized by OpenSC. Users of other smart cards or USB crypto tokens, or cards that were not initialized by OpenSC, are not affected. After applying the update, executing 'pkcs15-tool -T' will indicate whether the card is fine or vulnerable. If the card is vulnerable, the security settings need to be updated by executing 'pkcs15-tool -T -U'. The updated packages have been patched to prevent this issue.
ba09b1a1c5d45943d35cfa80f8251de261f5dd57c0789098f49d62d5b8012873Core Security Technologies Advisory - A zone elevation vulnerability has been discovered in Internet Explorer versions 5 through 7 under Windows 2000, 2003, and XP. It also affects Windows Vista on IE 7 when protected mode is turned off.
f5c16f8f8097829d3e89077b8f1e0abd5172f15f78dbbf39f6c863711cd34bfdDebian Security Advisory 1617-1 - In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below.
d9ed425b97874f61eb0207b3d26987e6036bffbbbbbedda8e4db2913f6def931Malicious SVG file denial of service proof of concept exploit that affects multiple vendors.
ee89da8f9776050087de3fc3ee1f48a1493cfbde1d0d9d489fb79bc7d24d2f7a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed