Section: .. / 0812-advisories /
| /// File Name: |
12.02.08-1.txt |
Description:
|
iDefense Security Advisory 12.02.08 - Remote exploitation of a heap overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. Various types of fonts are supported, one of which is the TrueType format font. The vulnerability occurs when processing TrueType font files. During parsing, improper bounds checking is performed, which can lead to a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_07 for Windows. Previous versions and versions for other platforms may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3621 | | Last Modified: | Dec 4 17:12:17 2008 |
| MD5 Checksum: | 12bb9b8cb99e58ca9b09ec0b0bb4c91a |
|
| /// File Name: |
12.02.08-2.txt |
Description:
|
iDefense Security Advisory 12.02.08 - Remote exploitation of a memory corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with the privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for an attacker to pass an arbitrary GIF file to the splash logo parsing code. The vulnerability occurs when parsing this GIF file. The parsing code does not correctly validate several values in the GIF header. This lets an attacker write data outside of the bounds of an allocated heap buffer, which can lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_10 and 1.6_07 on Windows and Linux. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 5403 | | Last Modified: | Dec 4 17:14:10 2008 |
| MD5 Checksum: | 8eeba7078d5d1bde8ecc5320695d94e8 |
|
| /// File Name: |
12.02.08-3.txt |
Description:
|
iDefense Security Advisory 12.02.08 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when reading the Pack200 compressed Jar file during decompression. In order to calculate the size of a heap buffer, the code multiplies and adds several integers. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_07 for Windows and Linux. According to Sun, Pack200 was first introduced in JRE 1.5.0. The latest version of JRE 1.5, 1.5.0_15, does contain the vulnerable code, but the browser plugin does not handle Pack200 encoding. As such, exploitation through the browser does not appear to be possible with JRE 1.5.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4994 | | Last Modified: | Dec 4 17:15:45 2008 |
| MD5 Checksum: | 748f5b82a0cddaf39366fc23ddc4e1b5 |
|
| /// File Name: |
12.02.08-4.txt |
Description:
|
iDefense Security Advisory 12.02.08 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. As part of its font API, the JRE provides the ability to load a font from a remote URL. Various types of fonts are supported, one of which is the TrueType format font. The vulnerability occurs when parsing various structures in TrueType font files. During parsing, values are taken from the file, and without being properly validated, used in operations that calculate the number of bytes to allocate for heap buffers. The calculations can overflow, resulting in a potentially exploitable heap overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_05 for Windows. Previous versions may also be affected.
| | Author: | Sebastian Apelt | | Homepage: | http://www.idefense.com/ | | File Size: | 3934 | | Last Modified: | Dec 4 21:12:57 2008 |
| MD5 Checksum: | 07caf4b63ab7d3f6b30fb8fe9d83c3c3 |
|
| /// File Name: |
12.09.08-1.txt |
Description:
|
iDefense Security Advisory 12.09.08 -Remote exploitation of a stack buffer overflow vulnerability while handling specific HTML tags in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code within the context of the affected user. As of September 2008, iDefense confirms that Internet Explorer 5.01 on Windows 2000 SP4, is vulnerable. It also causes denial of service for Internet Explorer 6 on Windows XP SP2. Internet Explorer 7 is not affected.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4057 | | Related CVE(s): | CVE-2008-4261 | | Last Modified: | Dec 9 16:19:32 2008 |
| MD5 Checksum: | 2956b1b60e972579f6a902e888029a33 |
|
| /// File Name: |
12.09.08-2.txt |
Description:
|
iDefense Security Advisory 12.09.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed that gdi32.dll file version 5.1.2600.3316, as included in fully patched Windows XP Service Pack 2 as of May 2008, is vulnerable. Other versions of Windows are suspected to be vulnerable.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 5122 | | Related CVE(s): | CVE-2008-2249 | | Last Modified: | Dec 9 16:21:37 2008 |
| MD5 Checksum: | 89a2abf7e0b1eaeaa9be280cb2c53ca1 |
|
| /// File Name: |
12.09.08-3.txt |
Description:
|
iDefense Security Advisory 12.09.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel spreadsheet could allow attackers to execute arbitrary code with the privileges of the current user. This issue exists in the handling of certain malformed object records within an Excel spreadsheet (XLS), allowing memory corruption to occur. This could lead to an exploitable situation. iDefense has confirmed the existence of this vulnerability with Office 2000 SP3 fully patched as of July 2008.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4116 | | Related CVE(s): | CVE-2008-4265 | | Last Modified: | Dec 10 17:42:47 2008 |
| MD5 Checksum: | 9466a65eb7380edb98fba1c7e6571a47 |
|
| /// File Name: |
3cx-xssdos.txt |
Description:
|
3CX version 6.0.806.0 suffers from session hijacking, cross site scripting, information disclosure, and denial of service vulnerabilities.
| | Author: | Chris Castaldo | | File Size: | 1430 | | Last Modified: | Dec 9 00:26:21 2008 |
| MD5 Checksum: | cacd9d061d5b11b30c10897407aaf9c6 |
|
| /// File Name: |
AID-12808.txt |
Description:
|
Aruba Networks Security Advisory - A denial of service vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. A malformed EAP frame causes a process crash on the Aruba Mobility Controller causing a temporary denial of service condition for new clients configured to use EAP authentication. Prior successful security association is not required to cause this condition.
| | Homepage: | http://www.arubanetworks.com/ | | File Size: | 6213 | | Last Modified: | Dec 9 02:09:50 2008 |
| MD5 Checksum: | 9612ed526d1105b5c4d5d705b8e9cce6 |
|
| /// File Name: |
AST-2008-012.txt |
Description:
|
Asterisk Project Security Advisory - There is a possibility to remotely crash an Asterisk server if the server is configured to use realtime IAX2 users. The issue occurs if either an unknown user attempts to authenticate or if a user that uses hostname matching attempts to authenticate.
| | Author: | Mark Michelson | | Homepage: | http://www.asterisk.org/security | | File Size: | 7825 | | Last Modified: | Dec 11 19:35:41 2008 |
| MD5 Checksum: | c8867af76416fe3ee34bee920d4c8ec2 |
|
| /// File Name: |
bluecoatk9-bypass.txt |
Description:
|
Blue Coat K9 Web Protection version 4.0.230 Beta suffers from a restriction bypass vulnerability.
| | Author: | Fabio Pinheiro | | Homepage: | http://dicas3000.blogspot.com/ | | File Size: | 702 | | Last Modified: | Dec 15 19:16:05 2008 |
| MD5 Checksum: | f4e3f4f2d328ff54dbd79dbba3542129 |
|
| /// File Name: |
breaking-google.txt |
Description:
|
Write up discussing the breaking of Google Gears' cross origin communication model.
| | Author: | Yair Amit | | File Size: | 8140 | | Last Modified: | Dec 9 02:17:40 2008 |
| MD5 Checksum: | f173fc88e81fdf7c9620afa0358f5359 |
|
| /// File Name: |
CAID-ldbserver.txt |
Description:
|
CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4571 | | Related CVE(s): | CVE-2008-5415 | | Last Modified: | Dec 10 17:59:13 2008 |
| MD5 Checksum: | 3199e210467e764518ad5ff768796b19 |
|
| /// File Name: |
checkpwnt-src.txt |
Description:
|
This was posted to Full Disclosure today. It appears that Checkpoint VPN1 source has been stolen and a remote root exploit is circulating as well.
| | File Size: | 11975 | | Last Modified: | Dec 11 20:17:30 2008 |
| MD5 Checksum: | 3d71973cec63cc3efeb42e2b62530fc3 |
|
| /// File Name: |
CORE-2008-0228.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could execute arbitrary code with the privileges of the user running the MS Word application.
| | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 11944 | | Related CVE(s): | CVE-2008-0228 | | Last Modified: | Dec 10 13:55:02 2008 |
| MD5 Checksum: | f1f46493517fefc63140ee39402d2470 |
|
| /// File Name: |
CVE-2008-2938-2.txt |
Description:
|
This vulnerability was originally reported to the Apache Software Foundation as a Tomcat vulnerability. Investigations quickly identified that the root cause was an issue with the UTF-8 charset implementation within the JVM. The issue existed in multiple JVMs including current versions from Sun, HP, IBM, Apple and Apache. It was decided to continue to report this as a Tomcat vulnerability until such time as the JVM vendors had released fixed versions.
| | Author: | Mark Thomas | | Homepage: | http://tomcat.apache.org/ | | File Size: | 1684 | | Related CVE(s): | CVE-2008-2938 | | Last Modified: | Dec 21 23:48:14 2008 |
| MD5 Checksum: | aac09978d0e33c9dcb8891b44f5a8f8b |
|
| /// File Name: |
CVE-2008-5557.txt |
Description:
|
PHP versions 5.2.7 and below suffer from a mbstring buffer overflow vulnerability.
| | Author: | Moriyoshi Koizumi | | File Size: | 6937 | | Related CVE(s): | CVE-2008-5557 | | Last Modified: | Dec 30 15:28:31 2008 |
| MD5 Checksum: | f116cab6520953a151af9c9aa5232bc6 |
|
| /// File Name: |
DDIVRT-2008-16.txt |
Description:
|
The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection.
| | Author: | Corey LeBleu,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1229 | | Last Modified: | Dec 30 18:24:14 2008 |
| MD5 Checksum: | 657e79ffbf7ce2e8ad204969e22dbf2f |
|
| /// File Name: |
DDIVRT-2008-18.txt |
Description:
|
Orb Networks' Orb media server is vulnerable to a denial of service condition. Sending malformed http requests may crash the service denying service to legitimate users.
| | Author: | r@b13$,Steven James | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 993 | | Last Modified: | Dec 4 17:05:20 2008 |
| MD5 Checksum: | dcbb3413fa3b5dfdcbfe4c5e3e9afa57 |
|
| /// File Name: |
dsa-1675-1.txt |
Description:
|
Debian Security Advisory 1675-1 - Masako Oono discovered that phpMyAdmin, a web-based administration interface for MySQL, insufficiently sanitises input allowing a remote attacker to gather sensitive data through cross site scripting, provided that the user uses the Internet Explorer web browser.
| | Homepage: | http://www.debian.org/security | | File Size: | 3343 | | Related CVE(s): | CVE-2008-4326 | | Last Modified: | Dec 1 13:28:50 2008 |
| MD5 Checksum: | a270ad8083dd0956b7681b12bb56bebb |
|
| /// File Name: |
dsa-1676-1.txt |
Description:
|
Debian Security Advisory 1676-1 - Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 2971 | | Related CVE(s): | CVE-2008-5141 | | Last Modified: | Dec 2 14:40:45 2008 |
| MD5 Checksum: | 912bd5e15a194ab77ca1edf498845d79 |
|
| /// File Name: |
dsa-1677-1.txt |
Description:
|
Debian Security Advisory DSA 1677-1 - An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 17574 | | Related CVE(s): | CVE-2008-5286 | | Last Modified: | Dec 2 17:00:23 2008 |
| MD5 Checksum: | 628566c9879081d980d24250a10d5438 |
|
| /// File Name: |
dsa-1678-1.txt |
Description:
|
Debian Security Advisory 1678-1 - Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.
| | Homepage: | http://www.debian.org/security | | File Size: | 12189 | | Related CVE(s): | CVE-2008-5302, CVE-2008-5303 | | Last Modified: | Dec 3 21:21:25 2008 |
| MD5 Checksum: | 30869675c4b089500534b927d04f58c0 |
|
| /// File Name: |
dsa-1678-2.txt |
Description:
|
Debian Security Advisory 1678-2 - The perl update in DSA-1678-1 contains a regression which is triggered by some Perl scripts which have changed into the directory tree removed by File::Path::rmtree. In particular, this happens if File::Temp::tempdir is used. This new update corrects this regression.
| | Homepage: | http://www.debian.org/security | | File Size: | 12937 | | Related CVE(s): | CVE-2008-5302, CVE-2008-5303 | | Last Modified: | Dec 30 15:13:58 2008 |
| MD5 Checksum: | 6dee21849e4a8d1449839d9d191979d1 |
|
| /// File Name: |
dsa-1679-1.txt |
Description:
|
Debian Security Advisory 1679-1 - Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the "config" request parameter (and possibly others; CVE-2008-3714).
| | Homepage: | http://www.debian.org/security | | File Size: | 3108 | | Related CVE(s): | CVE-2008-3714 | | Last Modified: | Dec 3 21:22:02 2008 |
| MD5 Checksum: | 754fa172693331bf0ec70b06ef5713de |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
