Section: .. / 0810-advisories /
| /// File Name: |
10.09.08-1.txt |
Description:
|
iDefense Security Advisory 10.09.08 - Remote exploitation of a heap based buffer overflow in Sun Microsystems Inc.'s Sun Java Web Proxy could allow an attacker to execute arbitrary code. A heap based buffer overflow exists in the handling of FTP resources. Specifically the vulnerability resides within the code responsible for handling HTTP GET requests. Sun Java System Web Proxy Server 4.0 through 4.0.7 is vulnerable in the following versions: SPARC Platform prior to patch 120981-15, x86 Platform prior to patch 120982-15, Linux prior to patch 120983-15, HP-UX prior to patch 123532-05, Windows prior to patch 126325-05.
| | Author: | Joxean Koret | | Homepage: | http://www.idefense.com/ | | File Size: | 3408 | | Related CVE(s): | CVE-2008-4541 | | Last Modified: | Oct 15 02:42:28 2008 |
| MD5 Checksum: | 50121d7bb8fbcdcacaa30c7377f21a71 |
|
| /// File Name: |
10.14.08-1.txt |
Description:
|
iDefense Security Advisory 10.14.08 - Remote exploitation of an arbitrary command execution vulnerability in Microsoft Corp.'s Host Integration Server 2006 could allow an attacker to execute arbitrary code with the privileges of the affected service. The RPC interface exposes several methods that an unauthenticated attacker can use to execute arbitrary programs on the server. RPC opcodes 1 and 6 both allow an attacker to call the CreateProcess() function with full control over the application started, as well as the command line passed to it. This allows an attacker to run arbitrary programs on the server. iDefense has confirmed the existence of this vulnerability in Host Integration Server 2006. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3959 | | Related CVE(s): | CVE-2008-3466 | | Last Modified: | Oct 14 16:44:33 2008 |
| MD5 Checksum: | 05e989925ceb282962a869ddba7121b7 |
|
| /// File Name: |
10.14.08-2.txt |
Description:
|
iDefense Security Advisory 10.14.08 - Several vulnerabilities exist in Microsoft Corp.'s Office Visual Basic for Applications (VBA) which could allow remote exploitation by an attacker. Exploitation could allow the execution of arbitrary code with the privileges of the current user. iDefense confirmed the existence of these vulnerabilities in the following versions of Microsoft Excel: 2000-SP3, XP-SP3, 2003-SP3. Excel 2007 and 2007-SP1 were not vulnerable.
| | Author: | Lionel d'Hauenens, Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4747 | | Related CVE(s): | CVE-2008-3477 | | Last Modified: | Oct 15 02:39:34 2008 |
| MD5 Checksum: | 0b0c6d1ef2d5e6505eedd739d2154b49 |
|
| /// File Name: |
10.29.08-1.txt |
Description:
|
iDefense Security Advisory 10.29.08 - Remote exploitation of multiple integer overflow vulnerabilities in OpenOffice versions 2.4.1 and earlier could allow an attacker to execute arbitrary code with the privileges of the current user. Integer overflow issues exist within the code responsible for parsing multiple EMR records within an EMF file. This allows an attacker to overflow heap memory with data they supplied. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.4.1.
| | Author: | Sebastian Apelt, Code Audit Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3422 | | Related CVE(s): | CVE-2008-2238 | | Last Modified: | Oct 31 14:50:25 2008 |
| MD5 Checksum: | d171510742688331e37fb3cc9eb6cf1a |
|
| /// File Name: |
10.29.08-2.txt |
Description:
|
iDefense Security Advisory 10.29.08 - Remote exploitation of a stack based buffer overflow vulnerability in Oracle Corp.'s WebLogic Server Apache Connector could allow an attacker to execute arbitrary code with the privileges of the affected service. A stack based buffer overflow vulnerability exists in the Apache Connector of Oracle (formerly BEA) WebLogic Server. When parsing a request with an invalid parameter the module uses a string without properly validating its length. This string is copied into a fixed sized stack buffer. This results in a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in WebLogic Server Apache Connector version 10.0. Previous versions may also be affected.
| | Author: | Sean Larsson, Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3500 | | Related CVE(s): | CVE-2008-4008 | | Last Modified: | Oct 31 14:54:48 2008 |
| MD5 Checksum: | 6ff30a0d941f386bea95271534a16c5e |
|
| /// File Name: |
10.30.08-1.txt |
Description:
|
iDefense Security Advisory 10.30.08 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s eDirectory could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists due to an area of heap memory being used after it has already been freed. By sending malformed data it is possible to cause an area of heap memory to be freed by one thread, and then reused after another thread allocates the same area of memory. This results in the original thread operating on the data changed by the second thread, which may lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in eDirectory version 8.8 SP2 for Windows. The Linux version does not appear to be affected. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3538 | | Last Modified: | Oct 30 20:08:29 2008 |
| MD5 Checksum: | 271093d51ea71c3b41b3748bd5ffadd1 |
|
| /// File Name: |
10.30.08-2.txt |
Description:
|
iDefense Security Advisory 10.30.08 - Remote exploitation of a stack buffer overflow vulnerability in Adobe Systems Inc.'s PageMaker could allow an attacker to execute arbitrary code with the privileges of the current user. A vulnerability exists within the handling of PMD files, the native file format for storing PageMaker documents. When parsing a malformed PMD file, data from the file is copied into a buffer without proper validation. This results in an exploitable stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in Adobe PageMaker version 7.0.1 with the CVE-2007-5169 patch applied. Previous versions may also be affected. However, Adobe InDesign CS, the successor to PageMaker, is not affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3374 | | Related CVE(s): | CVE-2008-6432 | | Last Modified: | Oct 30 20:09:42 2008 |
| MD5 Checksum: | a509d8404c6e3108915748c8bbcbc7d6 |
|
| /// File Name: |
2008-002-lenovornr.txt |
Description:
|
Lenovo Rescue and Recovery version 4.20 suffers from a heap overflow in the file system filter kernel driver which could allow an attacker to overwrite kernel memory leading to elevation of privilege.
| | Author: | Chris Clark, Rachel Engel | | Homepage: | http://www.isecpartners.com/ | | File Size: | 2214 | | Last Modified: | Oct 13 14:38:59 2008 |
| MD5 Checksum: | 1e60fcf21ad455858572ae40fe5ab8d4 |
|
| /// File Name: |
adobe-heap.txt |
Description:
|
During analysis of the SWF file format used by commercial Flash authoring applications multiple heap overflows were discovered within Adobe Flash CS3 Professional, and Adobe Flash MX 2004.
| | Author: | Paul Craig | | Homepage: | http://www.security-assessment.com/ | | File Size: | 2885 | | Last Modified: | Oct 15 20:25:18 2008 |
| MD5 Checksum: | fcce1ca4b7c42d64566164c020e47a86 |
|
| /// File Name: |
advisory_W021008.txt |
Description:
|
Microsoft Windows Kernel is prone to a local privilege escalation due to an integer overflow error within the IopfCompleteRequest function. This vulnerability may allow attackers to execute arbitrary code in the kernel context, thus allowing to escalate privileges to SYSTEM.
| | Author: | Ruben Santamarta | | File Size: | 13557 | | Last Modified: | Oct 9 01:33:00 2008 |
| MD5 Checksum: | e490214eb95d7caee876f060c592f734 |
|
| /// File Name: |
apple-store.txt |
Description:
|
Apple's Mail.app does not store S/MIME encrypted emails securely in the Drafts directory on server. Version 3.5 is affected.
| | Homepage: | http://www.enablesecurity.com/ | | File Size: | 3346 | | Last Modified: | Oct 6 22:29:52 2008 |
| MD5 Checksum: | d4bd986357144dbbc77a2f924357767a |
|
| /// File Name: |
caarcserve-dos.txt |
Description:
|
CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability occurs due to insufficient validation of certain RPC call parameters by the message engine service. An attacker can exploit a directory traversal vulnerability to execute arbitrary commands. The second vulnerability occurs due to insufficient validation by the tape engine service. An attacker can make a request that will crash the service. The third vulnerability occurs due to insufficient validation by the database engine service. An attacker can make a request that will crash the service. The fourth vulnerability occurs due to insufficient validation of authentication credentials. An attacker can make a request that will crash multiple services. Note that these issues only affect the base product.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 6325 | | Related CVE(s): | CVE-2008-4397, CVE-2008-4398, CVE-2008-4399, CVE-2008-4400 | | Last Modified: | Oct 9 18:54:03 2008 |
| MD5 Checksum: | 3d3a5ef9e28febb30c8e338d187c076a |
|
| /// File Name: |
cisco-sa-20081008-unity.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in Cisco Unity that could allow an unauthenticated user to view or modify some of the configuration parameters of the Cisco Unity server. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
| | Homepage: | http://www.cisco.com/ | | File Size: | 11205 | | Related CVE(s): | CVE-2008-3814 | | Last Modified: | Oct 9 01:44:13 2008 |
| MD5 Checksum: | 4e943339baab177bbe32d6930c37358d |
|
| /// File Name: |
cisco-sa-20081022-asa.txt |
Description:
|
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. These include Windows NT domain authentication bypass, IPv6 denial of service, and a Crypto Accelerator memory leak.
| | Homepage: | http://www.cisco.com/ | | File Size: | 20853 | | Related CVE(s): | CVE-2008-3815, CVE-2008-3816, CVE-2008-3817 | | Last Modified: | Oct 22 18:50:17 2008 |
| MD5 Checksum: | f4da32a3b3d25ba6a9e818a6993789e3 |
|
| /// File Name: |
CORE-2008-1010.txt |
Description:
|
Core Security Technologies Advisory - VLC media player is vulnerable to a memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system, by providing a specially crafted XSPF playlist file. Version 0.9.2 is susceptible.
| | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 10315 | | Related CVE(s): | CVE-2008-1010 | | Last Modified: | Oct 15 02:27:36 2008 |
| MD5 Checksum: | beeed79bd497fa7090272a3b8f8f774f |
|
| /// File Name: |
dsa-1643-1.txt |
Description:
|
Debian Security Advisory 1643-1 - Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 2832 | | Related CVE(s): | CVE-2008-4440 | | Last Modified: | Oct 6 22:14:33 2008 |
| MD5 Checksum: | 5117ac099afbaf76d8ba3f92087f33f1 |
|
| /// File Name: |
dsa-1644-1.txt |
Description:
|
Debian Security Advisory 1644-1 - Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially the execution of arbitrary code by supplying a maliciously crafted video file.
| | Homepage: | http://www.debian.org/security | | File Size: | 5232 | | Related CVE(s): | CVE-2008-3827 | | Last Modified: | Oct 6 22:14:49 2008 |
| MD5 Checksum: | 63d8bdd15952341d8b15445ba1e16b00 |
|
| /// File Name: |
dsa-1646-1.txt |
Description:
|
Debian Security Advisory 1646-1 - A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.
| | Homepage: | http://www.debian.org/security | | File Size: | 8404 | | Related CVE(s): | CVE-2008-1612 | | Last Modified: | Oct 7 12:29:43 2008 |
| MD5 Checksum: | 6ef54cd10cf22b7a45cecb2af95702d0 |
|
| /// File Name: |
dsa-1646-2.txt |
Description:
|
Debian Security Advisory 1646-2 - In DSA 1646-1, an update was announced for a denial of service vulnerability in squid, a caching proxy server. Due to an error in packaging and in testing, the updated packages did not correct the weakness. An updated release is available which corrects the error. A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.
| | Homepage: | http://www.debian.org/security | | File Size: | 8925 | | Related CVE(s): | CVE-2008-1612 | | Last Modified: | Oct 11 15:00:34 2008 |
| MD5 Checksum: | db72af7c11346b839c9aaceb342e2df5 |
|
| /// File Name: |
dsa-1648-1.txt |
Description:
|
Debian Security Advisory 1648-1 - Dmitry E. Oboukhov discovered that the test.alert script used in one of the alert functions in mon, a system to monitor hosts or services and alert about problems, creates temporary files insecurely, which may lead to a local denial of service through symlink attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 5010 | | Related CVE(s): | CVE-2008-4477 | | Last Modified: | Oct 9 02:05:54 2008 |
| MD5 Checksum: | eff079919b84da8bf8550b76282317c2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
