Section: .. / 0811-advisories /
| /// File Name: |
11.03.08-1.txt |
Description:
|
iDefense Security Advisory 11.03.08 - Remote exploitation of an integer overflow vulnerability in CUPS, as included in various vendors operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists within the WriteProlog() function in the "texttops" application. When calculating the page size used for storing PostScript data, multiple values that are derived from attacker-controlled content are used in a multiplication operation. This calculation can overflow, resulting in an incorrect result for the total page size. This value is then used to allocate a heap buffer that is later filled with attacker controlled content, resulting in a heap buffer overflow. iDefense has confirmed the existence of this vulnerability in CUPS version 1.3.7. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3676 | | Last Modified: | Nov 4 02:04:06 2008 |
| MD5 Checksum: | d296664e145b7f1d3da3fe7a3c64ed40 |
|
| /// File Name: |
11.03.08-2.txt |
Description:
|
iDefense Security Advisory 11.03.08 - Remote exploitation of a heap-based buffer overflow vulnerability in CUPS, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the affected service. iDefense has confirmed the existence of this vulnerability in CUPS version 1.3.7. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3909 | | Last Modified: | Nov 4 02:14:28 2008 |
| MD5 Checksum: | 1dacc3345fe6fd4e35b5a717f2655268 |
|
| /// File Name: |
11.04.08-1.txt |
Description:
|
iDefense Security Advisory 11.04.08 - Remote exploitation of a stack based buffer overflow vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, potentially used by multiple vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in getPlus gp.ocx version 1.2.2.50, which is used in web based installations of Adobe Reader 8.1. Previous versions may also be affected.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 4672 | | Related CVE(s): | CVE-2008-4817 | | Last Modified: | Nov 5 02:00:24 2008 |
| MD5 Checksum: | 4964fbc1e37d94eb81a69f13b8ef47aa |
|
| /// File Name: |
11.04.08-2.txt |
Description:
|
iDefense Security Advisory 11.04.08 - Remote exploitation of an out of bounds array access vulnerability in Adobe System Inc.'s Adobe Reader could allow an attacker to execute arbitrary code as the current user. The vulnerability specifically exists in code responsible for parsing Type 1 fonts. After allocating an area of memory, no bounds checking is performed. Subsequent access of this memory may result in modification of arbitrary memory, which in turn may result in arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Adobe Reader version 8.1.1. Previous versions may also be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3462 | | Related CVE(s): | CVE-2008-4812 | | Last Modified: | Nov 5 02:04:10 2008 |
| MD5 Checksum: | 472ea06f41d0a55e934cc908094dd706 |
|
| /// File Name: |
11.04.08-3.txt |
Description:
|
iDefense Security Advisory 11.04.08 - Remote exploitation of a heap corruption vulnerability in Adobe Systems Inc.'s Acrobat Professional and Reader could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerable code is an AcroJS function available to scripting code inside of a PDF document. This function is used for HTTP authentication. By passing a long string to this function, it is possible to corrupt heap memory in such a way that may lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Acrobat Professional and Adobe Reader version 8.1.2. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3769 | | Related CVE(s): | CVE-2008-4817 | | Last Modified: | Nov 5 02:06:59 2008 |
| MD5 Checksum: | 113a8c824c482ab822f9577c48fb268e |
|
| /// File Name: |
2008-01-flash.txt |
Description:
|
iSEC applied targeted fuzzing to the ActionScript 2 virtual machine used by the Adobe Flash player, and identified several issues which could lead to denial of service, information disclosure or code execution when parsing a malicious SWF file. Adobe Flash Player versions 9.0.124.0 and below, AIR 1.1, Flash CS3/CS4 Professional, and Flex 3 are all affected.
| | Author: | Riley Hassell | | Homepage: | http://www.isecpartners.com/ | | File Size: | 6113 | | Last Modified: | Nov 24 13:03:21 2008 |
| MD5 Checksum: | 7cea6024361339703cd6da7ff0d68b52 |
|
| /// File Name: |
aruba-disclose.txt |
Description:
|
The Aruba Mobility Controller in ArubaOS version 3.3.2.6 suffers from a SNMP community string disclosure vulnerability.
| | Author: | nnposter | | File Size: | 1271 | | Last Modified: | Nov 5 01:19:30 2008 |
| MD5 Checksum: | 7c29f6a1ada680182d0d22b6ebf5ce62 |
|
| /// File Name: |
avg-exec.txt |
Description:
|
There is a flaw in AVG version 8.0 that allows a user to shutdown the AVG Resident Shield Service via Task Manager temporarily and execute a malicious file while the AVG Resident Shield Service is restarting.
| | Author: | Fabio Pinheiro | | Homepage: | http://dicas3000.blogspot.com/ | | File Size: | 762 | | Last Modified: | Nov 5 17:26:48 2008 |
| MD5 Checksum: | edf5f74d43cf0848cf6a55c2c386af11 |
|
| /// File Name: |
bsa-081103.txt |
Description:
|
tmail/dmail in UW IMAP [2002-2007c], Panda IMAP, and Alpine versions 2.00 and below suffer from a buffer overflow vulnerability.
| | Author: | Aron Andersson, Jan Sahlin | | Homepage: | http://www.bitsec.com/ | | File Size: | 4182 | | Last Modified: | Nov 3 23:44:48 2008 |
| MD5 Checksum: | 780b48ff2f8d122862e15b85f7adcb25 |
|
| /// File Name: |
CESA-2008-009.html |
Description:
|
Firefox versions 2.0.0.18 and below and WebKit nightly are affected by a cross-domain arbitrary image theft vulnerability.
| | Author: | Chris Evans | | File Size: | 3011 | | Related CVE(s): | CVE-2008-5012 | | Last Modified: | Nov 18 19:31:05 2008 |
| MD5 Checksum: | a5218b3dbe84d9457e5d725d2e5b90c9 |
|
| /// File Name: |
clamav-overflow.txt |
Description:
|
ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment. Versions below 0.94.1 are affected.
| | Author: | Moritz Jodeit | | File Size: | 2729 | | Last Modified: | Nov 9 15:39:29 2008 |
| MD5 Checksum: | 6c2f467cbc3dfd58ce9d99fa10b588f4 |
|
| /// File Name: |
CORE-2008-0526.txt |
Description:
|
Core Security Technologies Advisory - Adobe Reader suffers from a stack buffer overflow when parsing specially crafted (invalid) PDF files. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader.
| | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 15809 | | Related CVE(s): | CVE-2008-2992 | | Last Modified: | Nov 4 11:55:26 2008 |
| MD5 Checksum: | ee310269f20e4e073d29093cc167d458 |
|
| /// File Name: |
DDIVRT-2008-15.txt |
Description:
|
The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-onlyfile access outside of the iPhone Configuration Web Utility 1.0 web root.
| | Author: | Corey LeBleu,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1066 | | Last Modified: | Nov 21 16:18:46 2008 |
| MD5 Checksum: | 07526dbd17f8e037041006f8815ffe08 |
|
| /// File Name: |
DDIVRT-2008-17.txt |
Description:
|
Orb Networks' Orb media server is vulnerable to directory traversal attacks. Users can leverage specially crafted GET requests to read arbitrary files.
| | Author: | Steven James, r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1073 | | Last Modified: | Nov 7 15:31:57 2008 |
| MD5 Checksum: | 80ddf95439f7628cb6ab20a17c61b714 |
|
| /// File Name: |
dsa-1662-1.txt |
Description:
|
Debian Security Advisory 1662-1 - A symlink traversal vulnerability was discovered in MySQL, a relational database server. The weakness could permit an attacker having both CREATE TABLE access to a database and the ability to execute shell commands on the database server to bypass MySQL access controls, enabling them to write to tables in databases to which they would not ordinarily have access.
| | Homepage: | http://www.debian.org/security | | File Size: | 13545 | | Related CVE(s): | CVE-2008-4098 | | Last Modified: | Nov 6 20:15:14 2008 |
| MD5 Checksum: | f6cd75a8cbf5b0950bf5d0562a95798b |
|
| /// File Name: |
dsa-1663-1.txt |
Description:
|
Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.
| | Homepage: | http://www.debian.org/security | | File Size: | 12972 | | Related CVE(s): | CVE-2008-0960, CVE-2008-2292, CVE-2008-4309 | | Last Modified: | Nov 9 16:15:50 2008 |
| MD5 Checksum: | 95c52c59aa17dab0037437c965d1f9d0 |
|
| /// File Name: |
dsa-1664-1.txt |
Description:
|
Debian Security Advisory 1664-1 - It was discovered that ekg, a console Gadu Gadu client performs insufficient input sanitising in the code to parse contact descriptions, which may result in denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 8332 | | Related CVE(s): | CVE-2008-4776 | | Last Modified: | Nov 10 15:36:08 2008 |
| MD5 Checksum: | 6da23961952d48b519c84b8699066783 |
|
| /// File Name: |
dsa-1665-1.txt |
Description:
|
Debian Security Advisory 1665-1 -It was discovered that a heap overflow in the CDDB retrieval code of libcdaudio, a library for controlling a CD-ROM when playing audio CDs, may result in the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 6607 | | Related CVE(s): | CVE-2008-5030 | | Last Modified: | Nov 12 19:30:20 2008 |
| MD5 Checksum: | f3b45fc3667a88145d94c510e33c3a76 |
|
| /// File Name: |
dsa-1668-1.txt |
Description:
|
Debian Security Advisory 1668-1 - Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users.
| | Homepage: | http://www.debian.org/security | | File Size: | 4915 | | Related CVE(s): | CVE-2008-2378 | | Last Modified: | Nov 22 13:31:00 2008 |
| MD5 Checksum: | 81a7d8916a40b9fc44886a37de404801 |
|
| /// File Name: |
dsa-1669-1.txt |
Description:
|
Debian Security Advisory 1669-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
| | Homepage: | http://www.debian.org/security | | File Size: | 31123 | | Related CVE(s): | CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 | | Last Modified: | Nov 24 12:59:59 2008 |
| MD5 Checksum: | 0c16e2c561d0903c7a269ad7a2f7979a |
|
| /// File Name: |
dsa-1670-1.txt |
Description:
|
Debian Security Advisory 1670-1 - Several vulnerabilities have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF.
| | Homepage: | http://www.debian.org/security | | File Size: | 5126 | | Related CVE(s): | CVE-2008-3863, CVE-2008-4306 | | Last Modified: | Nov 24 20:45:52 2008 |
| MD5 Checksum: | 29b9efceacad844712852d015884ce63 |
|
| /// File Name: |
dsa-1671-1.txt |
Description:
|
Debian Security Advisory 1671-1 - Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser.
| | Homepage: | http://www.debian.org/security | | File Size: | 10525 | | Related CVE(s): | CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 | | Last Modified: | Nov 24 20:46:06 2008 |
| MD5 Checksum: | efcd4519b2622e35698cc8d619b32911 |
|
| /// File Name: |
dsa-1672-1.txt |
Description:
|
Debian Security Advisory 1672-1 - Julien Danjou and Peter De Wachter discovered that a buffer overflow in the XPM loader of Imlib2, a powerful image loading and rendering library, might lead to arbitrary code execution.
| | Homepage: | http://www.debian.org/security | | File Size: | 6708 | | Related CVE(s): | CVE-2008-5187 | | Last Modified: | Nov 28 22:09:06 2008 |
| MD5 Checksum: | 2fa8b95db4c1de901b203e34086204b2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
