Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 06:10:56 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1169448354&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0711-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1169448354.1338185456.1338185456.1338185456.1%3B%2B__utmz%3D32867617.1338185456.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/61419/TA07-334A.txt http://packetstormsecurity.org/files/61419/TA07-334A.txt http://packetstormsecurity.org/files/61419/Technical-Cyber-Security-Alert-2007-334A.html Sun, 02 Dec 2007 20:40:22 GMT Technical Cyber Security Alert TA07-334A - Apple QuickTime contains a buffer overflow vulnerability in the way QuickTime processes Real Time Streaming Protocol (RTSP) streams. Exploitation of this vulnerability could allow an attacker to execute arbitrary code. http://packetstormsecurity.org/files/61416/realpdos.txt http://packetstormsecurity.org/files/61416/realpdos.txt http://packetstormsecurity.org/files/61416/realpdos.txt.html Sun, 02 Dec 2007 20:35:28 GMT Realplayer 11 suffers from a denial of service condition related to ActiveX. http://packetstormsecurity.org/files/61394/MDKSA-2007-224-3.txt http://packetstormsecurity.org/files/61394/MDKSA-2007-224-3.txt http://packetstormsecurity.org/files/61394/Mandriva-Linux-Security-Advisory-2007.224.html Fri, 30 Nov 2007 06:59:23 GMT Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. This update corrects all known regressions with previous Samba updates due to the security fixes to correct CVE-2007-4572. http://packetstormsecurity.org/files/61393/USN-549-1.txt http://packetstormsecurity.org/files/61393/USN-549-1.txt http://packetstormsecurity.org/files/61393/Ubuntu-Security-Notice-549-1.html Fri, 30 Nov 2007 06:57:43 GMT Ubuntu Security Notice 549-1 - Various integer overflows, arbitrary code execution, and denial of service vulnerabilities have been fixed in PHP 5. http://packetstormsecurity.org/files/61392/AST-2007-026.txt http://packetstormsecurity.org/files/61392/AST-2007-026.txt http://packetstormsecurity.org/files/61392/AST-2007-026.txt.html Fri, 30 Nov 2007 06:54:47 GMT Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing the ANI and DNIS strings to the Call Detail Record Postgres logging engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things. http://packetstormsecurity.org/files/61391/AST-2007-025.txt http://packetstormsecurity.org/files/61391/AST-2007-025.txt http://packetstormsecurity.org/files/61391/AST-2007-025.txt.html Fri, 30 Nov 2007 06:53:45 GMT Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing lookup data to the Postgres Realtime Engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things. http://packetstormsecurity.org/files/61387/FreeBSD-SA-07-10.gtar.txt http://packetstormsecurity.org/files/61387/FreeBSD-SA-07-10.gtar.txt http://packetstormsecurity.org/files/61387/FreeBSD-SA-07-10.gtar.txt.html Fri, 30 Nov 2007 06:09:59 GMT FreeBSD Security Advisory - Insufficient sanity checking of paths containing '.' and '..' allows gtar to overwrite arbitrary files on the system. http://packetstormsecurity.org/files/61386/FreeBSD-SA-07-09.random.txt http://packetstormsecurity.org/files/61386/FreeBSD-SA-07-09.random.txt http://packetstormsecurity.org/files/61386/FreeBSD-SA-07-09.random.txt.html Fri, 30 Nov 2007 06:08:37 GMT FreeBSD Security Advisory - Under certain circumstances, a bug in the internal state tracking on the random and urandom devices can be exploited to allow replaying of data distributed during subsequent reads. http://packetstormsecurity.org/files/61384/dsa-1409-3.txt http://packetstormsecurity.org/files/61384/dsa-1409-3.txt http://packetstormsecurity.org/files/61384/Debian-Linux-Security-Advisory-1409-3.html Fri, 30 Nov 2007 06:05:04 GMT Debian Security Advisory 1409-3 - This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. http://packetstormsecurity.org/files/61383/SSRT071499.txt http://packetstormsecurity.org/files/61383/SSRT071499.txt http://packetstormsecurity.org/files/61383/HP-Security-Bulletin-2007-14.99.html Fri, 30 Nov 2007 06:04:22 GMT HP Security Bulletin - A potential security vulnerability has been identified with HP-UX Apache. The vulnerability could be exploited remotely to execute arbitrary code. http://packetstormsecurity.org/files/61382/SSRT071319.txt http://packetstormsecurity.org/files/61382/SSRT071319.txt http://packetstormsecurity.org/files/61382/HP-Security-Bulletin-2007-13.19.html Fri, 30 Nov 2007 06:03:53 GMT HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could by exploited remotely to allow cross site scripting (XSS). http://packetstormsecurity.org/files/61381/IRM-tibcodos.txt http://packetstormsecurity.org/files/61381/IRM-tibcodos.txt http://packetstormsecurity.org/files/61381/IRM-tibcodos.txt.html Fri, 30 Nov 2007 06:00:48 GMT The TIBCO Rendezvous RVD daemon is vulnerable to a memory leak, which when remotely triggered, prevents any further RV communication until the daemon is manually restarted. http://packetstormsecurity.org/files/61369/glsa-200711-20-04.txt http://packetstormsecurity.org/files/61369/glsa-200711-20-04.txt http://packetstormsecurity.org/files/61369/Gentoo-Linux-Security-Advisory-200711-20.html Fri, 30 Nov 2007 05:38:19 GMT Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200711-20:04 - Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones. Bas Wijnen discovered an error when closing connections which can lead to a failed assertion. Versions less than 0.11.3-r1 are affected. http://packetstormsecurity.org/files/61354/sa27808.txt http://packetstormsecurity.org/files/61354/sa27808.txt http://packetstormsecurity.org/files/61354/Secunia-Security-Advisory-27808.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - IRCRASH (Dr.Crash) has reported some vulnerabilities in Softbiz Freelancers Script, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. http://packetstormsecurity.org/files/61357/sa27829.txt http://packetstormsecurity.org/files/61357/sa27829.txt http://packetstormsecurity.org/files/61357/Secunia-Security-Advisory-27829.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - Joffrey Czarney has reported a weakness in Cisco Unified IP Phones, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/61358/sa27831.txt http://packetstormsecurity.org/files/61358/sa27831.txt http://packetstormsecurity.org/files/61358/Secunia-Security-Advisory-27831.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/61367/sa27832.txt http://packetstormsecurity.org/files/61367/sa27832.txt http://packetstormsecurity.org/files/61367/Secunia-Security-Advisory-27832.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. http://packetstormsecurity.org/files/61355/sa27837.txt http://packetstormsecurity.org/files/61355/sa27837.txt http://packetstormsecurity.org/files/61355/Secunia-Security-Advisory-27837.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - A vulnerability has been reported in @Mail, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/61368/sa27849.txt http://packetstormsecurity.org/files/61368/sa27849.txt http://packetstormsecurity.org/files/61368/Secunia-Security-Advisory-27849.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - Some vulnerabilities have been reported in Autonomy Keyview SDK, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/61362/sa27852.txt http://packetstormsecurity.org/files/61362/sa27852.txt http://packetstormsecurity.org/files/61362/Secunia-Security-Advisory-27852.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - GoLd_M has reported a vulnerability in PHP_CON, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. http://packetstormsecurity.org/files/61356/sa27854.txt http://packetstormsecurity.org/files/61356/sa27854.txt http://packetstormsecurity.org/files/61356/Secunia-Security-Advisory-27854.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - MhZ91 has discovered two vulnerabilities in Charray's CMS, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. http://packetstormsecurity.org/files/61364/sa27855.txt http://packetstormsecurity.org/files/61364/sa27855.txt http://packetstormsecurity.org/files/61364/Secunia-Security-Advisory-27855.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks or potentially compromise a user's system. http://packetstormsecurity.org/files/61363/sa27856.txt http://packetstormsecurity.org/files/61363/sa27856.txt http://packetstormsecurity.org/files/61363/Secunia-Security-Advisory-27856.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - rPath has issued an update for cups, poppler, and tetex. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. http://packetstormsecurity.org/files/61365/sa27857.txt http://packetstormsecurity.org/files/61365/sa27857.txt http://packetstormsecurity.org/files/61365/Secunia-Security-Advisory-27857.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - Mandriva has issued an update for cpio. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. http://packetstormsecurity.org/files/61366/sa27858.txt http://packetstormsecurity.org/files/61366/sa27858.txt http://packetstormsecurity.org/files/61366/Secunia-Security-Advisory-27858.html Fri, 30 Nov 2007 05:36:59 GMT Secunia Security Advisory - Ubuntu has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).