Section: .. / 0910-advisories /
| /// File Name: |
1-003.full.txt |
Description:
|
The remote management interface on tcp/50001 of various 2WIRE devices suffers from a remote denial of service vulnerability.
| | Author: | hkm | | Related Exploit: | 2os.py.txt | | File Size: | 2357 | | Last Modified: | Oct 30 15:18:39 2009 |
| MD5 Checksum: | ba747caf5b01b98af810e96f4bf91fcd |
|
| /// File Name: |
10.07.09-1.txt |
Description:
|
iDefense Security Advisory 10.07.09 - Remote exploitation of a stack based buffer overflow vulnerability in IBM Corp.'s AIX could allow an attacker to execute arbitrary code with the privileges of the affected service. rpc.cmsd, more commonly known as the Calendar Manager Service Daemon, is an RPC application used to manage schedules and calendars. It operates over SUN RPC. The vulnerability is triggered when handling a request for remote procedure 21. This function takes two arguments, both of which are XDR strings. When copying the first argument into a stack based buffer, the code does not properly verify its length. This results in a stack based buffer overflow vulnerability. iDefense has confirmed the existence of this vulnerability in AIX versions 5.3 and 5.2.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.idefense.com/ | | File Size: | 3758 | | Last Modified: | Oct 7 21:55:19 2009 |
| MD5 Checksum: | aeba20faf884e5fad265ff5dddc748d4 |
|
| /// File Name: |
10.13.09-1.txt |
Description:
|
iDefense Security Advisory 10.13.09 - Remote exploitation of an invalid array index vulnerability in Adobe Systems Inc.'s Reader and Acrobat could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a U3D file embedded inside of a PDF. U3D is a file format used to represent 3D images. When parsing a U3D file, the parsing code fails to validate a value from the file used as index into a list of objects. This results in an attacker being able to specify an arbitrary value for a function pointer, which leads to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in Reader and Acrobat versions 9.1.3 and 8.1.6. Previous versions may also be affected.
| | Author: | Dionysus Blazakis | | Homepage: | http://www.idefense.com/ | | File Size: | 3657 | | Related CVE(s): | CVE-2009-2990 | | Last Modified: | Oct 14 19:43:45 2009 |
| MD5 Checksum: | 633b0300b45cdc0e02dbc76d03c21810 |
|
| /// File Name: |
10.13.09-2.txt |
Description:
|
iDefense Security Advisory 10.13.09 - Remote exploitation of a use after free vulnerability in Adobe Systems Inc.'s Acrobat and Reader Firefox plugin could allow an attacker to execute arbitrary code with the privileges of the current user. When Adobe Acrobat/Reader is installed, it also installs various browser plugins that allow PDF documents to be viewed in the browser. This vulnerability occurs within the Firefox browser plugin. The Internet Explorer version is not affected. The vulnerability occurs when Firefox attempts to navigate away from a page and unload the PDF viewing plugin. When Firefox calls the plugin's destroy method, the plugin does not properly free its resources. Specifically, a function pointer for the window update routine is not properly freed. This results in uninitialized memory being used when the window is redrawn, which leads to attacker supplied data being executed when the function pointer is dereferenced. iDefense has confirmed the existence of this vulnerability in Acrobat and Reader versions 8.1.3, 8.1.4, 8.1.5, and 8.1.6. Previous versions are also likely affected. Version 9.1.3 and previous 9.x versions are not affected.
| | Author: | Elazar Broad | | Homepage: | http://www.idefense.com/ | | File Size: | 3879 | | Related CVE(s): | CVE-2009-2991 | | Last Modified: | Oct 14 19:48:26 2009 |
| MD5 Checksum: | 86f5a7800b522ebb67486e8a4e3d1080 |
|
| /// File Name: |
10.13.09-3.txt |
Description:
|
iDefense Security Advisory 10.13.09 - Remote exploitation of a heap based buffer overflow vulnerability in Microsoft Corp.'s Windows GDI+ could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing a malformed TIFF file. By supplying incorrect values in a BitsPerSample tag, it is possible to trigger a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Windows XP Service Pack 2. Please see the Microsoft bulletin for additional details on affected software.
| | Author: | wushi | | Homepage: | http://www.idefense.com/ | | File Size: | 3949 | | Related CVE(s): | CVE-2009-2502 | | Last Modified: | Oct 15 14:41:39 2009 |
| MD5 Checksum: | 037a2ae7e6363cd67887b56ed4afdfbf |
|
| /// File Name: |
10.13.09-4.txt |
Description:
|
iDefense Security Advisory 10.13.09 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Office could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the msofbtOPT Office Drawing record type. This record is used to provide default values for shape properties. By inserting a specially crafted property ID, it is possible to corrupt heap memory and overwrite an object pointer. iDefense has confirmed the existence of this vulnerability in Office XP SP3.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 3754 | | Related CVE(s): | CVE-2009-2528 | | Last Modified: | Oct 15 14:43:37 2009 |
| MD5 Checksum: | 8ea7e312c9afa8c79588a783d3993de0 |
|
| /// File Name: |
10.28.09-1.txt |
Description:
|
Remote exploitation of a buffer overflow in the Mozilla Foundation's libpr0n image processing library allows attackers to execute arbitrary code. The libpr0n GIF parser was designed using a state machine which is represented as a series of switch/case statements. One particularly interesting state, 'gif_image_header', is responsible for interpreting a single image/frame description record. A single GIF file may contain many images, each with a different color map associated. The problem lies in the handling of changes to the color map of subsequent images in a multiple-image GIF file. Memory reallocation is not managed correctly and can result in an exploitable heap overflow condition. iDefense confirmed the existence of this vulnerability using Mozilla Firefox versions 3.0.13 and 3.5.2 on 32-bit Windows XP SP3. Other versions, and potentially other applications using libpr0n, are suspected to be vulnerable.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4443 | | Related CVE(s): | CVE-2009-3373 | | Last Modified: | Oct 28 16:19:27 2009 |
| MD5 Checksum: | 44a92ee1872b49c79818d60937028c4a |
|
| /// File Name: |
adobe-malform.txt |
Description:
|
VUPEN Vulnerability Research Team discovered three critical vulnerabilities affecting Adobe Acrobat and Reader. These vulnerabilities are caused by memory corruption errors within the U3D filter when processing malformed data in a PDF file, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
| | Author: | Nicolas JOLY | | Homepage: | http://www.vupen.com/ | | File Size: | 2284 | | Related CVE(s): | CVE-2009-3458, CVE-2009-2997, CVE-2009-2998 | | Last Modified: | Oct 17 15:57:19 2009 |
| MD5 Checksum: | 80538ce203edb0b1aead7e62e26d2ebf |
|
| /// File Name: |
AID-102609.txt |
Description:
|
Aruba Networks Security Advisory - A Denial of Service (DoS) vulnerability was discovered during standard bug reporting procedures. A malformed 802.11 association request frame causes a crash on the Access Point (AP) causing a temporary DoS condition for wireless clients. Prior successful security association with the wireless network is not required to cause this condition. The AP recovers automatically by restarting itself.
| | Homepage: | http://www.arubanetworks.com/ | | File Size: | 5377 | | Last Modified: | Oct 27 17:41:42 2009 |
| MD5 Checksum: | c6bb34600ebef63ef827d8357431f892 |
|
| /// File Name: |
AST-2009-007.txt |
Description:
|
Asterisk Project Security Advisory - A missing ACL check for handling SIP INVITEs allows a device to make calls on networks intended to be prohibited as defined by the "deny" and "permit" lines in sip.conf. The ACL check for handling SIP registrations was not affected.
| | Author: | Jeff Peeler | | Homepage: | http://www.asterisk.org/security | | File Size: | 8049 | | Last Modified: | Oct 26 19:43:39 2009 |
| MD5 Checksum: | c9b778ef667f9c036c695577910c956a |
|
| /// File Name: |
avast-dosescalate.txt |
Description:
|
Avast! Professional and Home Editions suffer from local privilege escalation and denial of service vulnerabilities.
| | Author: | ShineShadow | | Related Exploit: | avast-escalate.txt | | File Size: | 4176 | | Related CVE(s): | CVE-2009-3524 | | Last Modified: | Oct 23 13:58:59 2009 |
| MD5 Checksum: | 6155abc07aa90511339fe78600188f54 |
|
| /// File Name: |
CA20091008-01.txt |
Description:
|
CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 9009 | | Related CVE(s): | CVE-2009-3587, CVE-2009-3588 | | Last Modified: | Oct 12 16:41:50 2009 |
| MD5 Checksum: | 6a53d55147b5fa77f13b592d7e5773c7 |
|
| /// File Name: |
cisco-sa-20091014-cup.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that may cause an interruption to presence services. These vulnerabilities were discovered internally by Cisco, and there are no workarounds.
| | Homepage: | http://www.cisco.com/ | | File Size: | 11614 | | Related CVE(s): | CVE-2009-2874, CVE-2009-2052 | | Last Modified: | Oct 14 21:08:51 2009 |
| MD5 Checksum: | a043a2f324ce4c3c8925cc3f54676f66 |
|
| /// File Name: |
CORE-2009-0922.txt |
Description:
|
Core Security Technologies Advisory - Jetty includes several sample web applications for the developer to learn from. One of them sets cookies with user supplied data, and then dumps them as html. This application does not filter the user supplied data when outputting it to the visitor. This constitutes a persistent XSS vulnerability.
| | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 6569 | | Last Modified: | Oct 6 19:46:02 2009 |
| MD5 Checksum: | 50c2d4a40343778121540d2f58b4805d |
|
| /// File Name: |
dsa-1895-2.txt |
Description:
|
Debian Linux Security Advisory 1895-2 - In DSA-1895-1, the xmltooling package was updated to address several security issues. It turns out that the change related to SAML metadata processing for key constraints caused problems when applied without the matching changes in the opensaml2 and shibboleth-sp2 packages.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 16848 | | Last Modified: | Oct 12 17:08:00 2009 |
| MD5 Checksum: | 40a6ea5fbf796548c10a21aa6eb9b110 |
|
| /// File Name: |
dsa-1898-1.txt |
Description:
|
Debian Linux Security Advisory 1898-1 - It was discovered that the pluto daemon in the openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 9139 | | Related CVE(s): | CVE-2009-2185 | | Last Modified: | Oct 2 14:38:08 2009 |
| MD5 Checksum: | 0e757ac52fb5e0a576d8036f14a52c49 |
|
| /// File Name: |
dsa-1902-1.txt |
Description:
|
Debian Linux Security Advisory 1902-1 - Jakub Wilk discovered an off-by-one buffer overflow in the charset handling of elinks, a feature-rich text-mode WWW browser, which might lead to the execution of arbitrary code if the user is tricked into opening a malformed HTML page.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 6305 | | Related CVE(s): | CVE-2008-7224 | | Last Modified: | Oct 5 19:20:52 2009 |
| MD5 Checksum: | a30557a31b070d7c868220c75709f59c |
|
| /// File Name: |
dsa-1903-1.txt |
Description:
|
Debian Linux Security Advisory 1903-1 - Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 36981 | | Related CVE(s): | CVE-2007-1667, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4988, CVE-2008-1096, CVE-2008-3134, CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621, CVE-2009-1882 | | Last Modified: | Oct 7 21:54:57 2009 |
| MD5 Checksum: | 44250af116afaa8973aff22dd954c77b |
|
| /// File Name: |
dsa-1904-1.txt |
Description:
|
Debian Linux Security Advisory 1904-1 - Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using http(s) and ftp, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 8108 | | Related CVE(s): | CVE-2009-3490 | | Last Modified: | Oct 12 15:48:19 2009 |
| MD5 Checksum: | 1a8aae4ada7425e4e0374292dc83313f |
|
| /// File Name: |
dsa-1905-1.txt |
Description:
|
Debian Linux Security Advisory 1905-1 - The forms library of python-django, a high-level Python web development framework, is using a badly chosen regular expression when validating email addresses and URLs. An attacker can use this to perform denial of service attacks (100% CPU consumption) due to bad backtracking via a specially crafted email address or URL which is validated by the django forms library.
| | Homepage: | http://www.debian.org/security | | File Size: | 3612 | | Last Modified: | Oct 12 17:08:22 2009 |
| MD5 Checksum: | 4c38a44737a4a238a59b2ba974aa59bc |
|
| /// File Name: |
dsa-1906-1.txt |
Description:
|
Debian Linux Security Advisory 1906-1 - Security support for clamav, an anti-virus utility for Unix, has been discontinued for the stable distribution (lenny) and the oldstable distribution (etch). Clamav Upstream has stopped supporting the releases in etch and lenny. Also, it is not easily possible to receive signature updates for the virus scanner with our released versions anymore. We recommend that all clamav users consider switching to the version in debian-volatile, which receives regular updates and security support on a best effort basis.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 1570 | | Last Modified: | Oct 12 17:09:02 2009 |
| MD5 Checksum: | 7a97788b46042a16e5295bd1aa93e8bd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
