Nortel SSL VPN Linux Client versions 6.0.3 and below local privilege escalation exploit.
9c95beab9a1a6800137bcdbd9e39045411aaf4de0ddea50b74e4cab410e371e1Mandriva Linux Security Advisory 2012-082 - Multiple vulnerabilities has been discovered and corrected in pidgin. A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests. Incoming messages with certain characters or character encodings can cause clients to crash. This update provides pidgin 2.10.4, which is not vulnerable to these issues.
8250736d53c4ff0aec14a41ffb644124cf6f919a74bff10c3a67955e6c661991Novell Client version 4.91 SP3/4 privilege escalation exploit for Win2K3 and WinXP.
4ec2f8f29147c1ce17f8421e5cc26463ec7e91ac339c0dc03fbab345bff2b6fdRed Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.
a11a5493acd610cf7f4bfdc27b2eba1d9d44ea753011012d38733b38292f077eThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
16900475f719f8394ae99a19bad4cf17fa77baa7b0eaea068548cdbae183151cMandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.
54666cdfa2efbdfef9bc70d2dfc67f9deaea6c7ad3fe4059fb274292752c2164Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.
ad5c6d91d11d4dcc9b8463439354e1e8142812d8ed2bc300fc637ac6cc763462FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.
a5bef5136c533b9f68af4bc039c5c33bcdfa740e1cf6dd569a94090e8f39f3eeDebian Linux Security Advisory 2464-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
de1b1c55cd9c3d5c90de543ad9cd2940ad37ba970418465acaa631fec87fd43aMyClientBase version 0.12 suffers from a remote SQL injection vulnerability.
b7fc2238aed5ab1e70ae61511ad44b038b27240a1cca816e23559c301be74444Red Hat Security Advisory 2012-0532-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
5f4958faa1940ec84e49215c74c654681567d9cc83e76643a347de582c9f6943Red Hat Security Advisory 2012-0529-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.
864d3ffb6d608bfe2b2a71547be9daddfd9edd1ae1ae007b72b5a714344c542eRed Hat Security Advisory 2012-0528-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.
8e1f635af01186e162dc449d1ea4804d08755de2a9e4dd9ac3b2e49a7e04c767Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
94dad2184e4ccfe8bb52bebf3d33dc6d653dfad67dc23d4198e3f1a6deb8463bSecunia Security Advisory - Multiple vulnerabilities have been discovered in MyClientBase, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
abcfc417125b79418334de95d45149a23aea5e879f29544fcb66263eecdc0729Red Hat Security Advisory 2012-0516-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType, used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
0bf5163662f42c2a166ea76e85e9a4cc7f993ff980df574262198b7071fcb1e2Debian Linux Security Advisory 2453-1 - Several vulnerabilities have been discovered in gajim, a feature-rich jabber client.
bd105df7fba5991e582b3c8ae56d9c2086f0b1c465a2185562b29411c942cbb9Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Connection Broker Client ActiveX Control, which can be exploited by malicious people to manipulate certain data.
b1287355cd333970e53efed6cdfb22e9a60f55330dc304939d6e4b6b944959c7Quest vWorkspace version 7.5 Connection Broker client active-x control pnllmcli.dll version 7.5.304.547 suffers from a SaveMiniLaunchFile() method remote file creation / overwrite vulnerability.
1374e5faa52d12488546d133528c7d7597d9e842bbf2b7a9ba602df0b39708c0Ubuntu Security Notice 1418-1 - Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. Various other issues were also addressed.
13bc1e954c5707a74014e86b9b7592f3b622b5e97b35e85f4312492b2cad81f0Secunia Security Advisory - Multiple vulnerabilities have been reported in Wonderware Information Server and Invensys Wonderware Historian Client, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, bypass certain security restrictions, and compromise a vulnerable system.
e3becaa970343f126481b68f4dfa5161155de42fdba59815e730767e09805745Mandriva Linux Security Advisory 2012-047 - The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. The updated packages have been patched to correct this issue.
993d182b26662e6aa300645b83f0d7ecd09a0a5eab170d2d1d2c3096abf64879BulletProof FTP Client 2010 suffers from a buffer overflow vulnerability.
da2f4783654c5380123c4e604cf4c7e32cbe8268b49ea2738f7e9f1687be93d8Mandriva Linux Security Advisory 2012-045 - Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service via a large SessionTicket. The updated packages have been patched to correct this issue.
9d3027f3aebc071f3740544e88a82db2c4435c748db9687f95fffe022c747c8eSecunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Camera Stream Client ActiveX Control, which can be exploited by malicious people to compromise a user's system.
0f4504cc49e35bf338bc479bad45e5714cbb5312754432f200fd859dc09d41e8Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
c8c3069e78dcb8b749a066c7c3bfcea1168243f75afe69a91a6330c99efd9ae4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed