Section: .. / Last 20 Advisory Files /
| /// File Name: | MDVSA-2010-142.txt | Description:
| Mandriva Linux Security Advisory 2010-142 - The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16505 | | Related CVE(s): | CVE-2010-0211, CVE-2010-0212 | | Last Modified: | Jul 28 18:42:06 2010 | | MD5 Checksum: | 7c99ef64bfc0338ec6f317c16f73ff04 |
|
| /// File Name: | secunia-autonomykvrp.txt | Description:
| Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4449 | | Related CVE(s): | CVE-2010-0133 | | Last Modified: | Jul 28 14:18:24 2010 | | MD5 Checksum: | 1e07e58e799d937de79f9a8685c827aa |
|
| /// File Name: | secunia-autonomykvindex.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4524 | | Related CVE(s): | CVE-2010-1524 | | Last Modified: | Jul 28 14:17:09 2010 | | MD5 Checksum: | 3d559dc765a3666312900d97ec293124 |
|
| /// File Name: | secunia-wkssriu.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4554 | | Related CVE(s): | CVE-2010-1525 | | Last Modified: | Jul 28 14:05:08 2010 | | MD5 Checksum: | 50abca786543ffdc74a394e0ff72c086 |
|
| /// File Name: | secunia-autonomywosr.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4465 | | Related CVE(s): | CVE-2010-0135 | | Last Modified: | Jul 28 14:03:59 2010 | | MD5 Checksum: | 54f75386e8a64e96a4a8814d3df82ed6 |
|
| /// File Name: | secunia-autonomyrtfsigned.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the "\\ls" keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4490 | | Related CVE(s): | CVE-2010-0134 | | Last Modified: | Jul 28 14:02:22 2010 | | MD5 Checksum: | 051da84386777387a8d490662fbcab7b |
|
| /// File Name: | secunia-autonomywkssr.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4562 | | Related CVE(s): | CVE-2010-0131 | | Last Modified: | Jul 28 13:59:30 2010 | | MD5 Checksum: | b86bf4c0e20e58cec482e0807c9fbb94 |
|
| /// File Name: | secunia-autonomycfp.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4672 | | Related CVE(s): | CVE-2010-0126 | | Last Modified: | Jul 28 13:55:45 2010 | | MD5 Checksum: | 51d0af3f78c93a798c10dd606371c9df |
|
| /// File Name: | dsa-2076-1.txt | Description:
| Debian Linux Security Advisory 2076-1 - It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 9249 | | Related CVE(s): | CVE-2010-2547 | | Last Modified: | Jul 27 21:22:59 2010 | | MD5 Checksum: | 9e20355dee50b90ffcce599a243fd717 |
|
| /// File Name: | MDVSA-2010-141.txt | Description:
| Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5981 | | Related CVE(s): | CVE-2010-1635, CVE-2010-1642 | | Last Modified: | Jul 27 21:20:06 2010 | | MD5 Checksum: | 61476c47e396c1762c6244eb9488a6f5 |
|
| /// File Name: | MDVSA-2010-140.txt | Description:
| Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 42790 | | Related CVE(s): | CVE-2010-2531, CVE-2010-0397, CVE-2010-2225 | | Last Modified: | Jul 27 21:18:57 2010 | | MD5 Checksum: | 9728cbfda6ca6f7ff1a4ca0bc367b17c |
|
| /// File Name: | MDVSA-2010-139.txt | Description:
| Mandriva Linux Security Advisory 2010-139 - This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible interruption array leak in strrchr(). Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). Fixed a possible memory corruption in substr_replace(). Fixed SplObjectStorage unserialization problems. Fixed a possible stack exhaustion inside fnmatch(). Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed handling of session variable serialization on certain prefix characters. Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 117022 | | Related CVE(s): | CVE-2010-2484, CVE-2010-2225, CVE-2010-0397, CVE-2010-2531 | | Last Modified: | Jul 27 19:22:48 2010 | | MD5 Checksum: | 2b75ea5f7908e8b6b979d2ee7f9b6e02 |
|
| /// File Name: | USN-964-1.txt | Description:
| Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 3854 | | Related CVE(s): | CVE-2010-0833 | | Last Modified: | Jul 26 18:53:46 2010 | | MD5 Checksum: | 3111259b30c67166c3ac294216b6aa2f |
|
| /// File Name: | USN-930-6.txt | Description:
| Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 36442 | | Related CVE(s): | CVE-2010-2755 | | Last Modified: | Jul 26 18:52:50 2010 | | MD5 Checksum: | 324692d14b04636308087c2f0b7a0216 |
|
| /// File Name: | USN-957-2.txt | Description:
| Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 33406 | | Related CVE(s): | CVE-2010-2755 | | Last Modified: | Jul 26 18:50:45 2010 | | MD5 Checksum: | 3ac0be5b6b188eb8f7028ff06ce196a5 |
|
| /// File Name: | LWSA-2010-011.txt | Description:
| Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired. | | Homepage: | http://www.likewise.com/ | | File Size: | 2860 | | Related CVE(s): | CVE-2010-0833 | | Last Modified: | Jul 26 18:48:56 2010 | | MD5 Checksum: | e3445faede7a32cf2db6c82cd7257311 |
|
| /// File Name: | nessus-xssdisclose.txt | Description:
| The Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities. | | Author: | Renaud Deraison | | Homepage: | http://www.nessus.org | | File Size: | 4602 | | Last Modified: | Jul 26 18:46:42 2010 | | MD5 Checksum: | df40b917caf2683326df86131ff08b44 |
|
| /// File Name: | macosxwebdav-dos.txt | Description:
| The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation. | | Author: | Dan Rosenberg | | File Size: | 3441 | | Related CVE(s): | CVE-2010-1794 | | Last Modified: | Jul 26 18:43:41 2010 | | MD5 Checksum: | 435b710d622d103c5cd3285c6c725f47 |
|
| /// File Name: | foofus-20100726.txt | Description:
| The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected. | | Author: | Spider | | Homepage: | http://www.foofus.net/ | | File Size: | 2890 | | Last Modified: | Jul 26 18:40:02 2010 | | MD5 Checksum: | e3cc0c7592f38c3b6586dee82cf27d3e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
