Section: .. / 0709-advisories /
| /// File Name: |
09.11.07-1.txt |
Description:
|
iDefense Security Advisory 09.11.07 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp's Microsoft Windows 2000 Agent service could allow an attacker to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the Agent Service (agentsvr.exe). Due to improper handling of specially crafted URLs, an attack can cause stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in the Agent service included in Windows 2000. Microsoft reports that newer versions of the Agent service are not vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3996 | | Related CVE(s): | CVE-2007-3040 | | Last Modified: | Sep 11 19:05:38 2007 |
| MD5 Checksum: | ffdb4254be1011f72b81e0af3478bd2b |
|
| /// File Name: |
09.17.07-1.txt |
Description:
|
iDefense Security Advisory 09.17.07 - Remote exploitation of multiple integer overflow vulnerabilities within OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense has confirmed the existence of these vulnerabilities in OpenOffice version 2.0.4. All versions prior to version 2.3 are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3512 | | Related CVE(s): | CVE-2007-2834 | | Last Modified: | Sep 18 13:04:29 2007 |
| MD5 Checksum: | 91e546861a6e34a6cb55455a8a35ff7c |
|
| /// File Name: |
09.19.07-1.txt |
Description:
|
iDefense Security Advisory 09.19.07 - Remote exploitation of multiple integer overflow vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to crash applications using the ImageMagick library, and in some cases, execute arbitrary code. Several integer overflow vulnerabilities have been identified in ImageMagick's handling of various file formats. By creating a specially crafted DCM, DIB, XBM, XCF, or XWD image file, an attacker can cause a heap buffer of insufficient size to be allocated. This results in a heap-based buffer overflow. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4085 | | Related CVE(s): | CVE-2007-4986 | | Last Modified: | Sep 24 23:19:22 2007 |
| MD5 Checksum: | 426806812f47416779fe434be2779695 |
|
| /// File Name: |
09.19.07-2.txt |
Description:
|
iDefense Security Advisory 09.19.07 - Remote exploitation of an off-by-one vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4057 | | Related CVE(s): | CVE-2007-4987 | | Last Modified: | Sep 24 23:20:34 2007 |
| MD5 Checksum: | 95628f231271add7de03202d5f08623e |
|
| /// File Name: |
09.19.07-3.txt |
Description:
|
iDefense Security Advisory 09.19.07 - Remote exploitation of multiple denial of service vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to consume excessive CPU resources on the target system. The first vulnerability exists in the ReadDCMImage() function. Since the return value of ReadBlobByte() is not properly checked, it can enter an infinite loop. The second vulnerability exists in the ReadXCFImage() function. Since the return value of ReadBlobMSBLong() is not properly checked, it can enter an infinite loop. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3922 | | Related CVE(s): | CVE-2007-4985 | | Last Modified: | Sep 24 23:21:43 2007 |
| MD5 Checksum: | 7d23da6b5f9042babd23911d8d238749 |
|
| /// File Name: |
09.19.07-4.txt |
Description:
|
iDefense Security Advisory 09.19.07 - Remote exploitation of a sign extension vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4371 | | Related CVE(s): | CVE-2007-4988 | | Last Modified: | Sep 24 23:22:44 2007 |
| MD5 Checksum: | 3fb64565806ae03bcbada338ab849a47 |
|
| /// File Name: |
09.20.07-1.txt |
Description:
|
iDefense Security Advisory 09.20.07 - Remote exploitation of an authentication bypass vulnerability in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. This vulnerability specifically exists since the command handlers that service network requests do not check to see if the peer is authenticated. iDefense has confirmed the existence of this vulnerability in ARCServe Backup for Laptops and Desktops version R11.1 Build 900. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3346 | | Related CVE(s): | CVE-2007-5006 | | Last Modified: | Sep 24 23:26:27 2007 |
| MD5 Checksum: | ab1a997811f66137d1dcf49ab9f2f75e |
|
| /// File Name: |
09.20.07-2.txt |
Description:
|
iDefense Security Advisory 09.20.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. The LGServer contains multiple vulnerable functions that handle network requests, several of which contain more than one vulnerability. All together there are nearly 60 buffer overflows in the LGServer. The majority of these are the result of copying remotely supplied strings into fixed-size buffers without validating that enough space is available. iDefense has confirmed the existence of these vulnerabilities in ARCServe Backup for Laptops and Desktops version 11.1 (Build 900) for Windows. Other versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 5535 | | Related CVE(s): | CVE-2007-5003, CVE-2007-3216 | | Last Modified: | Sep 24 23:27:56 2007 |
| MD5 Checksum: | 10ef3a0a739a3463bf5bd9865ed1fb50 |
|
| /// File Name: |
09.25.07-1.txt |
Description:
|
iDefense Security Advisory 09.25.07 - Local exploitation of an information disclosure vulnerability within the ALSA driver included in the Linux Kernel allows attackers to obtain sensitive information from kernel memory. iDefense has confirmed the existence of this vulnerability in version 2.6.22.1 of the Linux Kernel as installed with Fedora CORE 7. It is suspected that other versions are also vulnerable.
| | Author: | Neil Kettle | | Homepage: | http://www.idefense.com/ | | File Size: | 6326 | | Related CVE(s): | CVE-2007-4571 | | Last Modified: | Sep 25 21:49:31 2007 |
| MD5 Checksum: | b54ceb0a50118fd13539c52516f922cf |
|
| /// File Name: |
09.27.07-1.txt |
Description:
|
iDefense Security Advisory 09.27.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.'s (CA) BrightStor HSM allows attackers to execute arbitrary code with SYSTEM privileges. These problems specifically exist within various command handlers in the CsAgent service. There are eleven command handlers that contain one or more stack based buffer overflow vulnerabilities each. All of these vulnerabilities are simple sprintf() calls that overflow fixed size stack buffers with attacker supplied data. Additionally, there are five command handlers that are vulnerable to integer overflow vulnerabilities. In addition to this, the function responsible for reading in and dispatching a request to the appropriate handler also contains an integer overflow vulnerability. iDefense has confirmed the existence of these vulnerabilities in Computer Associates BrightStor HSM version r11.5. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4473 | | Related CVE(s): | CVE-2007-5082, CVE-2007-5083 | | Last Modified: | Sep 27 21:25:23 2007 |
| MD5 Checksum: | ee2417c015c6a34fccef4c071b848987 |
|
| /// File Name: |
2007-005-itunes.txt |
Description:
|
iTunes version 7.3.x suffers from a heap overflow vulnerability in the album cover parsing functionality. This has been fixed in version 7.4.
| | Author: | David Thiel | | Homepage: | http://www.isecpartners.com/ | | File Size: | 1595 | | Last Modified: | Sep 7 03:07:01 2007 |
| MD5 Checksum: | 3a1a0d17230f12ce2f954fecbf886545 |
|
| /// File Name: |
2007-006-RubySSL.txt |
Description:
|
A vulnerability results from the Net::HTTPS library from Ruby versions 1.8.5 and 1.8.6 failing to validate the name on the SSL certificate against the DNS name requested by the user. By not validating the name, the library allows an attacker to present a cryptographically valid certificate with an invalid CN.
| | Author: | Chris Clark | | Homepage: | http://www.isecpartners.com/ | | File Size: | 3148 | | Last Modified: | Sep 30 01:39:24 2007 |
| MD5 Checksum: | f43ab01ee2c728fcf04ea146cfb06364 |
|
| /// File Name: |
aa2k7x.txt |
Description:
|
Alien Arena 2007 versions 6.10 and below suffers from format string and spoofing vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | aa2k7x.zip | | File Size: | 3513 | | Last Modified: | Sep 5 20:55:32 2007 |
| MD5 Checksum: | 84e62c9d5b256b668bf9e170075f2556 |
|
| /// File Name: |
appsec-ibmdb2.txt |
Description:
|
IBM DB2 version 9.1 Fixpack 2 Enterprise server edition suffers from a buffer overflow vulnerability in sysproc.auth_list_groups_for_authid.
| | Author: | Ariel Sanchez | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2198 | | Last Modified: | Sep 1 00:11:15 2007 |
| MD5 Checksum: | 00010706251ad92d2509c29df77d6806 |
|
| /// File Name: |
buffalo_070907.txt |
Description:
|
The Buffalo AirStation WHR-G54S web management interface suffers from a cross site request forgery vulnerability.
| | Author: | Henri Lindberg | | Homepage: | http://www.louhi.fi/ | | File Size: | 3374 | | Last Modified: | Sep 7 20:18:32 2007 |
| MD5 Checksum: | cc772aad00a5bdd87b03854d003ed21d |
|
| /// File Name: |
bugzilla-user.txt |
Description:
|
Bugzilla versions 2.23.3 and above suffer from an unauthorized access vulnerability.
| | Homepage: | http://www.bugzilla.org/ | | File Size: | 2686 | | Last Modified: | Sep 20 21:02:18 2007 |
| MD5 Checksum: | 018cad2ae53ecf86cba5229f964bad9b |
|
| /// File Name: |
CAID-hsmcmv.txt |
Description:
|
Multiple vulnerabilities exist in the CsAgent service that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first set of vulnerabilities, CVE-2007-5082, occur due to insufficient bounds checking in multiple CsAgent service commands. The second set of vulnerabilities, CVE-2007-5083, occur due to insufficient validation of integer values in multiple CsAgent service commands, which can lead to buffer overflow. The third set of vulnerabilities, CVE-2007-5084, occur due to insufficient validation of strings used in SQL statements in multiple CsAgent service commands.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3782 | | Related CVE(s): | CVE-2007-5082, CVE-2007-5083, CVE-2007-5084 | | Last Modified: | Sep 26 22:53:42 2007 |
| MD5 Checksum: | 5758d3c018842776cb44bd43a352c4c7 |
|
| /// File Name: |
CAL-20070912-1.txt |
Description:
|
Code Audit Labs has discovered heap overflows and denial of service vulnerabilities in multiple media players including MPlayer, StormPlayer, etc.
| | Homepage: | http://www.vulnhunt.com/ | | File Size: | 8231 | | Last Modified: | Sep 13 19:38:26 2007 |
| MD5 Checksum: | 81b79036bc65cefc93207a48d45d17cd |
|
| /// File Name: |
cisco-sa-20070905-csm.txt |
Description:
|
Cisco Security Advisory - The Cisco Content Switching Modules (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain two vulnerabilities that can lead to a denial of service (DoS) condition. The first vulnerability exists when processing TCP packets, and the second vulnerability affects devices with service termination enabled.
| | Homepage: | http://www.cisco.com/ | | File Size: | 15815 | | Last Modified: | Sep 5 20:52:30 2007 |
| MD5 Checksum: | 88ed2445566f9f66cdb946006a04e6df |
|
| /// File Name: |
cisco-sa-20070905-video.txt |
Description:
|
Cisco Security Advisory - Cisco Video Surveillance IP Gateway video encoder and decoder, Services Platform (SP), and Integrated Services Platform (ISP) devices contain authentication vulnerabilities that allow remote users with network connectivity to gain the complete administrative control of vulnerable devices. There are no workarounds for these vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 14045 | | Last Modified: | Sep 5 20:51:42 2007 |
| MD5 Checksum: | 2d7292c6464eed9ee1b649bcd7a8fdad |
|
| /// File Name: |
cisco-sr-20070926-lb.txt |
Description:
|
Cisco Security Advisory - Cisco Catalyst 6500 and Cisco 7600 series devices use addresses from the 127.0.0.0/8 (loopback) range in the Ethernet Out-of-Band Channel (EOBC) for internal communication. Addresses from this range that are used in the EOBC on Cisco Catalyst 6500 and Cisco 7600 series devices are accessible from outside of the system. The Supervisor module, Multilayer Switch Feature Card (MSFC), or any other intelligent module may receive and process packets that are destined for the 127.0.0.0/8 network. An attacker can exploit this behavior to bypass existing access control lists that do not filter 127.0.0.0/8 address range; however, an exploit will not allow an attacker to bypass authentication or authorization. Valid authentication credentials are still required to access the module in question.
| | Homepage: | http://www.cisco.com/ | | File Size: | 9913 | | Last Modified: | Sep 27 21:02:06 2007 |
| MD5 Checksum: | 6e93ee9fd6cdbb94b05db75190415dbc |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
