Section: .. / 0807-advisories /
| /// File Name: |
USN-617-2.txt |
Description:
|
Ubuntu Security Notice 617-2 - USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 34404 | | Related CVE(s): | CVE-2008-1105, CVE-2007-4572 | | Last Modified: | Jul 1 11:21:52 2008 |
| MD5 Checksum: | 1a96557d0ecb7fc857c3b1519608d098 |
|
| /// File Name: |
USN-619-1.txt |
Description:
|
Ubuntu Security Notice 619-1 - Many different flaws in Firefox have been addressed in this Ubuntu advisory. These range from arbitrary code execution to data theft and cross site scripting issues.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25410 | | Related CVE(s): | CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 | | Last Modified: | Jul 9 20:13:15 2008 |
| MD5 Checksum: | 3850c61e45e25cf11b10981293b01d01 |
|
| /// File Name: |
USN-622-1.txt |
Description:
|
Ubuntu Security Notice 622-1 - Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 34364 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 10 03:10:37 2008 |
| MD5 Checksum: | 63f40ff34a0a2df44dceb9b2d0f175c8 |
|
| /// File Name: |
USN-623-1.txt |
Description:
|
Ubuntu Security Notice 623-1 - A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22719 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Jul 17 15:29:57 2008 |
| MD5 Checksum: | 134f5257fe6d05be8b868a8de33caf4f |
|
| /// File Name: |
USN-624-1.txt |
Description:
|
Ubuntu Security Notice 624-1 - Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16603 | | Related CVE(s): | CVE-2008-2371 | | Last Modified: | Jul 14 23:01:00 2008 |
| MD5 Checksum: | 6a9af15950dce94ac1b930e9bbb8fe7c |
|
| /// File Name: |
USN-625-1.txt |
Description:
|
Ubuntu Security Notice 625-1 - A massive slew of Linux kernel related vulnerabilities have been addressed for the linux-source-2.6.15/20/22 packages.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 192927 | | Related CVE(s): | CVE-2007-6282, CVE-2007-6712, CVE-2008-0598, CVE-2008-1615, CVE-2008-1673, CVE-2008-2136, CVE-2008-2137, CVE-2008-2148, CVE-2008-2358, CVE-2008-2365, CVE-2008-2729, CVE-2008-2750, CVE-2008-2826 | | Last Modified: | Jul 16 14:50:16 2008 |
| MD5 Checksum: | 5e9e19eec557961a1d40d8762fd5cff3 |
|
| /// File Name: |
USN-627-1.txt |
Description:
|
Ubuntu Security Notice 627-1 - Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 2579 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 22 14:01:41 2008 |
| MD5 Checksum: | 0b11fe1d320f9ebc0ce03f99670eab53 |
|
| /// File Name: |
USN-628-1.txt |
Description:
|
Ubuntu Security Notice 628-1 - Over a dozen vulnerabilities in php5 have been addressed in Ubuntu.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 62408 | | Related CVE(s): | CVE-2007-4782, CVE-2007-4850, CVE-2007-5898, CVE-2007-5899, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2371, CVE-2008-2829 | | Last Modified: | Jul 23 19:47:53 2008 |
| MD5 Checksum: | 6cd6d0407e8f8ffd96589e18817d582e |
|
| /// File Name: |
USN-629-1.txt |
Description:
|
Ubuntu Security Notice 629-1 - Various flaws in the mozilla-thunderbird package have been addressed including improper handling, weaknesses, denial of service, and code execution issues.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 19876 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 25 13:49:41 2008 |
| MD5 Checksum: | 6423df1ff327f2272abae252a822f5cf |
|
| /// File Name: |
USN-630-1.txt |
Description:
|
Ubuntu Security Notice 630-1 - It was discovered that ffmpeg did not correctly handle STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20122 | | Related CVE(s): | CVE-2008-3162 | | Last Modified: | Jul 28 20:58:46 2008 |
| MD5 Checksum: | 951bbd456d9e3522a6e9f04d9ca30153 |
|
| /// File Name: |
USN-631-1.txt |
Description:
|
Ubuntu Security Notice 631-1 - Felipe Andres Manzano discovered that poppler did not correctly initialize certain page widgets. If a user were tricked into viewing a malicious PDF file, a remote attacker could exploit this to crash applications linked against poppler, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16387 | | Related CVE(s): | CVE-2008-2950 | | Last Modified: | Jul 28 20:59:17 2008 |
| MD5 Checksum: | 1137287d3bf71cd573fcd828e06eacd2 |
|
| /// File Name: |
usurdat.txt |
Description:
|
SOLDNER - Secret Wars versions 33724 and below suffer from an endless loop vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | usurdat.zip | | File Size: | 1669 | | Last Modified: | Jul 1 12:13:20 2008 |
| MD5 Checksum: | f3e825059f7ccedff30e8299e56ab72c |
|
| /// File Name: |
ut2004null.txt |
Description:
|
Unreal Tournament 2004 versions 3369 and below suffer from a NULL pointer vulnerability that allows for a denial of service of the UT2004 server.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | ut2004null.zip | | File Size: | 1494 | | Last Modified: | Jul 29 22:22:16 2008 |
| MD5 Checksum: | 93b49fa10aad45275207024747125fdc |
|
| /// File Name: |
ut3mendo.txt |
Description:
|
Unreal Tournament III versions 1.2 and below and 1.3beta4 suffer from NULL pointer and memory corruption vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | ut3mendo.zip | | File Size: | 2238 | | Last Modified: | Jul 29 22:25:36 2008 |
| MD5 Checksum: | 7e8b35e90bf4a369c213ae962fab3278 |
|
| /// File Name: |
vim-filecreation.txt |
Description:
|
Vim version 5.0 through the current version suffer from an arbitrary code execution vulnerability via an insecure temporary file creation flaw.
| | Author: | Jan Minar | | File Size: | 3242 | | Last Modified: | Jul 18 04:32:36 2008 |
| MD5 Checksum: | e0aafe45a3a0e558f53b941ce10d137f |
|
| /// File Name: |
vim72b-exec.txt |
Description:
|
Vim versions greater than and equal to 7.2.a.013 suffer from an arbitrary code execution vulnerability using the shellescape() function.
| | Author: | Jan Minar | | File Size: | 3450 | | Last Modified: | Jul 16 15:42:12 2008 |
| MD5 Checksum: | 9315516bf2b023bbb2f7e8cdfb678067 |
|
| /// File Name: |
vimfiletype-exec.txt |
Description:
|
This advisory discusses the filetype.vim vulnerability in Vim version 7.2b.10 that allows for arbitrary code execution and also notes that the Vim patch 7.1.300 did not fix the vulnerability.
| | Author: | Jan Minar | | File Size: | 6106 | | Last Modified: | Jul 23 19:46:43 2008 |
| MD5 Checksum: | 525775816c2441f36c404a28644bb87a |
|
| /// File Name: |
wefi-local.txt |
Description:
|
The wireless client, WeFi version 3.2.1.4.1, is susceptible to local vulnerabilities due to improper coding.
| | Author: | Xia Shing Zee | | File Size: | 2040 | | Last Modified: | Jul 10 00:18:47 2008 |
| MD5 Checksum: | 9e018650561ebf7a0b390aa09e01bb54 |
|
| /// File Name: |
zdaemonull.txt |
Description:
|
ZDaemon version 1.08.07 suffers from a NULL pointer vulnerability that allows for a denial of service.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | zdaemonull.zip | | File Size: | 1652 | | Last Modified: | Jul 21 18:17:27 2008 |
| MD5 Checksum: | 8c85d8ec22bbb9062cb114f68f5402b1 |
|
| /// File Name: |
ZDI-08-041.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, bound by default to TCP port 524. Flawed arithmetic applied to a user-supplied value results in an integer overflow and subsequently a complete stack smash allowing an attacker to execute arbitrary code via SEH redirection.
| | Author: | Sebastian Apelt | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3388 | | Last Modified: | Jul 10 18:50:57 2008 |
| MD5 Checksum: | 9cfa34b6bf73c1a556194e079dd0e523 |
|
| /// File Name: |
ZDI-08-042.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the writeManifest() method of the CacheEntry class. A directory traversal flaw in this method allows the creation of arbitrary files on the target system. After the file has been created, a call to Runtime.getRuntime.exec() can be used to execute the file.
| | Author: | Peter Csepely | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3411 | | Last Modified: | Jul 17 16:11:03 2008 |
| MD5 Checksum: | 40bc93865482ae2445c34853dcd2207d |
|
| /// File Name: |
ZDI-08-043.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the GetVMArgsOption() function used while parsing the java-vm-args attribute of the j2se tag in xml based JNLP files. When a user downloads a malicious JNLP file, the vulnerable attribute is read into a static buffer. If an overly long value is defined by the java-vm-args attribute, a stack based buffer overflow occurs, resulting in an exploitable condition.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3501 | | Last Modified: | Jul 17 16:11:49 2008 |
| MD5 Checksum: | cf0518925fb29057bec90deed667e775 |
|
| /// File Name: |
ZDI-08-044.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling reference counters to the nsCSSValue:Array class. Creating more then 65,535 references will overflow a 16-bit reference counter and therefore result in an erroneous free() while the object still exists. Properly manipulated this can result in arbitrary code execution under the context of the current user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3515 | | Related CVE(s): | CVE-2008-2785 | | Last Modified: | Jul 17 16:12:30 2008 |
| MD5 Checksum: | 58c97cd821304abdbc467ae1ad85e405 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
