Section:  .. / 0412-advisories  /

Page 3 of 11
<< 1 2 3 4 5 6 7 8 9 10 11 >> Files 50 - 75 of 253
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: SUSE-SA-2004-046.txt
Description:
SUSE Security Announcement - Due to missing argument checking in the 32 bit compatibility system call handler in the 2.4 Linux Kernel on the AMD64 platform a local attacker can gain root access using a simple program. This is a 2.4 Kernel and AMD64 specific problem, other architectures and the 2.6 Kernel are not affected.
Homepage:http://www.suse.com/
File Size:18169
Related CVE(s):CAN-2004-1144
Last Modified:Dec 31 20:43:26 2004
MD5 Checksum:dcd3e7be16864e0aa02410167a3b2cca

 ///  File Name: dsa-615.txt
Description:
Debian Security Advisory 615-1 - It has been noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the victim.
Homepage:http://www.debian.org/security/
File Size:2795
Related CVE(s):CAN-2004-1179
Last Modified:Dec 31 20:41:17 2004
MD5 Checksum:e2aa9c4e3c7abf270944ee5a38269387

 ///  File Name: sa13572.txt
Description:
Secunia Security Advisory - Multiple vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain knowledge of potentially sensitive information. Kernel versions 2.6.9 and below may be affected.
Author:Darrick J. Wong, Thomas Hellstrom, Rob Landley
Homepage:http://secunia.com/advisories/13572/
File Size:2317
Last Modified:Dec 31 20:36:20 2004
MD5 Checksum:3807cb12e4412dae47dad72c97efb439

 ///  File Name: googleSegFault.txt
Description:
Amusing tidbit showing Google segfaulting.
Author:Przemyslaw Frasunek
File Size:458
Last Modified:Dec 31 20:34:27 2004
MD5 Checksum:a266eb1e1ba9d8b983438ccfe0843248

 ///  File Name: 57707.txt
Description:
A vulnerability in the Java Runtime Environment (JRE) involving object deserialization could be exploited remotely to cause the Java Virtual Machine to become unresponsive, which is a type of Denial-of-Service (DoS). This issue can affect the JRE if an application that runs on it accepts serialized data from an untrusted source. Includes Sun advisory announcing release of JDK 1.4.2_06 and a note from Marc Shoenefeld who discovered the flaw.
Author:Marc Schoenefeld
File Size:2996
Last Modified:Dec 31 20:32:04 2004
MD5 Checksum:90a7b52d93f76377be6e4f3bf4a7f36d

 ///  File Name: TA04-356A.txt
Description:
Technical Cyber Security Alert TA04-356A - The software phpBB contains an input validation problem in how it processes a parameter contained in URLs. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Systems Affected: phpBB versions 2.0.10 and prior.
Homepage:http://www.us-cert.gov/cas/techalerts/TA04-356A.html
File Size:3607
Last Modified:Dec 31 20:18:28 2004
MD5 Checksum:fac18e58404274a340e48e35f2d2d867

 ///  File Name: 12.21.04-5.txt
Description:
iDEFENSE Security Advisory 12.21.2004-5 - Remote exploitation of an integer overflow in libtiff may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag in libtiff/tif_dirread.c.
Author:infamous41md
Homepage:http://www.idefense.com/
File Size:3348
Last Modified:Dec 31 20:16:44 2004
MD5 Checksum:356281e4e24566b78fde74e0612ea773

 ///  File Name: 12.21.04-4.txt
Description:
iDEFENSE Security Advisory 12.21.2004-4 - Remote exploitation of a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code.
Author:infamous41md
Homepage:http://www.idefense.com/
File Size:4502
Last Modified:Dec 31 20:15:37 2004
MD5 Checksum:70e0c01b60749e56611dc4246474b24a

 ///  File Name: 12.21.04-3.txt
Description:
iDEFENSE Security Advisory 12.21.2004-3 - Remote exploitation of a buffer overflow vulnerability in the file transfer protocol (FTP) daemon included in multiple versions of Hewlett- Packard Development Co.'s (HP) HP-UX allows attackers to gain remote root access in certain configurations.
Homepage:http://www.idefense.com
File Size:3312
Last Modified:Dec 31 20:13:54 2004
MD5 Checksum:e833fca2b3048c3ea615dc3ed1d4a4f4

 ///  File Name: 12.21.04-2.txt
Description:
iDEFENSE Security Advisory 12.21.2004-2 - Remote exploitation of a buffer overflow in version 0.99.2 of xine could allow execution of arbitrary code. The vulnerability specifically exists in the PNA_TAG handling code of the pnm_get_chunk() function. The function does not check the if the length of an input to be stored in a fixed size buffer is larger than the buffer size.
Homepage:http://www.idefense.com
File Size:3340
Related CVE(s):CAN-2004-1187
Last Modified:Dec 31 20:12:42 2004
MD5 Checksum:ec842ba395331e1d46648b3c5cc979a1

 ///  File Name: 12.21.04-1.txt
Description:
iDEFENSE Security Advisory 12.21.2004-1 - Remote exploitation of a buffer overflow in version 0.99.2 of xine could allow execution of arbitrary code. The vulnerability specifically exists in the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of the pnm_get_chunk() function. These tags are all handled by the same code. The code does not perform correct checking on the chunk size before reading data in. If the size given is less than the PREAMBLE_SIZE, a negative length read is made into a fixed length buffer. Because the read length parameter is an unsigned value, the negative length is interpreted as a very large length, allowing a buffer overflow to occur.
Homepage:http://www.idefense.com/
File Size:3672
Related CVE(s):CAN-2004-1188
Last Modified:Dec 31 20:11:06 2004
MD5 Checksum:20e2b1b5805349c861f2cd9d8056eca5

 ///  File Name: procmail.cshrc.txt
Description:
Due to procmail sourcing the .cshrc of the user it is forwarding the mail to under the root uid, it may be possible allow for local root compromise.
Author:Michael Barnes
File Size:2129
Last Modified:Dec 31 20:08:41 2004
MD5 Checksum:b5129ace3978a73c308b20318e809f23

 ///  File Name: sa13566.txt
Description:
Secunia Security Advisory - Bennett R. Samowich has discovered a security issue in Crypt::ECB, which makes it easier for malicious people to brute force passwords. The security issue is caused due to an error, where plain texts containing the ASCII character 0 is incorrectly encoded. This results in a weaker encryption and encoding collisions and may e.g. make it easier to brute force passwords. The issue has been confirmed on version 1.1. Other versions may also be affected.
Homepage:http://secunia.com/advisories/13566/
File Size:1797
Last Modified:Dec 31 19:55:24 2004
MD5 Checksum:27599e3eb5db6bf62855c6c1bff2ec96

 ///  File Name: 12.21.04.txt
Description:
iDEFENSE Security Advisory 12.21.2004 - Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc.
Homepage:http://www.idefense.com/
File Size:4201
Related CVE(s):CAN-2004-1125
Last Modified:Dec 31 19:53:34 2004
MD5 Checksum:302966569c0f3dca7436bebdb18bf63a

 ///  File Name: glsa-200412-22.txt
Description:
Gentoo Linux Security Advisory GLSA 200412-22 - mpg123 is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious playlist.
Homepage:http://security.gentoo.org/
File Size:3235
Last Modified:Dec 31 19:50:40 2004
MD5 Checksum:bd9cf87c49885b93b53d8d718c2b3f20

 ///  File Name: sa13593.txt
Description:
Secunia Security Advisory - A weakness has been reported in Symantec Brightmail AntiSpam, which can be exploited by malicious people to cause a DoS (Denial of Service).
Homepage:http://secunia.com/advisories/13593/
File Size:1805
Last Modified:Dec 31 19:49:24 2004
MD5 Checksum:f7d8154710f751777c8dfd4f450e4c4f

 ///  File Name: gdesktop-tr-dec04.pdf
Description:
Technical paper detailing the recent flaw discovered in the Google Desktop personal search engine that would allow a third party to read snippets of files.
Author:Seth Nielson, Seth J. Fogarty, Dan S. Wallach
Homepage:http://seclab.cs.rice.edu/
File Size:122713
Last Modified:Dec 31 19:48:31 2004
MD5 Checksum:05d876e668a698d439086eef7611b46d

 ///  File Name: secres21122004-2.txt
Description:
Secunia Research has discovered a vulnerability in Spy Sweeper Enterprise, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Spy Sweeper Enterprise Client SpySweeperTray.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges.
Author:Carsten Eiram
Homepage:http://secunia.com/
File Size:4193
Last Modified:Dec 31 19:42:54 2004
MD5 Checksum:e05df323874f9a3537c06ea103c76c79

 ///  File Name: sa13600.txt
Description:
Secunia Security Advisory - A vulnerability has been reported in Namazu, which can be exploited by malicious people to conduct cross-site scripting attacks.
Homepage:http://secunia.com/advisories/13600/
File Size:1798
Last Modified:Dec 31 19:41:31 2004
MD5 Checksum:c66462ab3c216bd5290c1ebbeb3eca87

 ///  File Name: USN-44-1.txt
Description:
Ubuntu Security Notice USN-44-1 - A race condition and possible information leak has been discovered in Perl's File::Path::rmtree(). This function changes the permission of files and directories before removing them to avoid problems with wrong permissions. However, they were made readable and writable not only for the owner, but for the entire world, which opened a race condition and a possible information leak (if the actual removal of a file/directory failed for some reason).
Homepage:http://security.ubuntu.com/
File Size:5251
Related CVE(s):CAN-2004-0452
Last Modified:Dec 31 19:40:13 2004
MD5 Checksum:f36049507fc74af08c2d0ec7d64b3813

 ///  File Name: secres21122004.txt
Description:
Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Smc.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary programs on a system with escalated privileges.
Author:Carsten Eiram
Homepage:http://secunia.com/
File Size:3796
Last Modified:Dec 31 19:37:38 2004
MD5 Checksum:3dbe302ef53a7e08ca67adf7a69f91c5

 ///  File Name: enpa-sa-00016.txt
Description:
Ethereal Security Advisory Enpa-sa-00016 - Multiple vulnerabilities in Ethereal versions 0.9.0 to 0.10.7 have been discovered that all result in denial of service outcomes.
Homepage:http://www.ethereal.com/
File Size:2144
Related CVE(s):CAN-2004-1139, CAN-2004-1140, CAN-2004-1141, CAN-2004-1142
Last Modified:Dec 31 19:31:21 2004
MD5 Checksum:12ef5e7a5bdf9df70e1e8edcf173c48e

 ///  File Name: libkadm5srv.txt
Description:
MIT krb5 Security Advisory 2004-004 - The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host.
Homepage:http://web.mit.edu/kerberos/advisories/
File Size:8114
Related CVE(s):CAN-2004-1189
Last Modified:Dec 31 10:52:26 2004
MD5 Checksum:c0729f3348ae5491d8191786b9d0a943

 ///  File Name: yanf.txt
Description:
A buffer overflow vulnerability exists in the Yanf news fetcher utility version 0.4.
Author:Ariel Berkman
File Size:2123
Last Modified:Dec 31 10:49:57 2004
MD5 Checksum:14bbda8f498430f2e0419965424f8c90

 ///  File Name: 12.20.04-1.txt
Description:
iDEFENSE Security Advisory 12.20.2004-1 - Local exploitation of an untrusted path vulnerability in the invscout command included by default in multiple versions of IBM Corp.'s AIX could allow attackers to execute arbitrary code as the root user. Verified in version 5.2.
Homepage:http://www.idefense.com/
File Size:3759
Related CVE(s):CAN-2004-1054
Last Modified:Dec 31 10:32:49 2004
MD5 Checksum:30b7ea08a921a2a39681b89166ce578a