Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 05:53:09 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1774523079&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0902-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1774523079.1338184389.1338184389.1338184389.1%3B%2B__utmz%3D32867617.1338184389.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/75299/dsa-1719-2.txt http://packetstormsecurity.org/files/75299/dsa-1719-2.txt http://packetstormsecurity.org/files/75299/Debian-Linux-Security-Advisory-1719-2.html Sat, 28 Feb 2009 18:21:56 GMT Debian Security Advisory 1719-2 - Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as CA root certificates by default, as originally described in the documentation. However, it turned out that there is still significant use of historic X.509v1 CA root certificates, so this constitutes an unacceptable regression. This update reverses this part of the changes in DSA-1719-1. Note that the X.509v1 certificate format does not distinguish between server and CA certificates, which means that an X.509v1 server certificates is implicitly converted into a CA certificate when added to the trust store (which was the reason for the change in DSA-1719-1). http://packetstormsecurity.org/files/75298/sa34071.txt http://packetstormsecurity.org/files/75298/sa34071.txt http://packetstormsecurity.org/files/75298/Secunia-Security-Advisory-34071.html Sat, 28 Feb 2009 10:21:50 GMT Secunia Security Advisory - Fedora has issued an update for mldonkey. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information. http://packetstormsecurity.org/files/75295/MDVSA-2009-060.txt http://packetstormsecurity.org/files/75295/MDVSA-2009-060.txt http://packetstormsecurity.org/files/75295/Mandriva-Linux-Security-Advisory-2009-060.html Sat, 28 Feb 2009 01:18:00 GMT Mandriva Linux Security Advisory 2009-060 - A security vulnerability has been identified and fixed in nfs-utils, which caused TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions. The updated packages have been patched to prevent this. http://packetstormsecurity.org/files/75287/MDVSA-2009-059.txt http://packetstormsecurity.org/files/75287/MDVSA-2009-059.txt http://packetstormsecurity.org/files/75287/Mandriva-Linux-Security-Advisory-2009-059.html Fri, 27 Feb 2009 23:59:28 GMT Mandriva Linux Security Advisory 2009-059 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory. This update provides fix for that vulnerability. http://packetstormsecurity.org/files/75273/KL0209ADV-poppeeper_uidl-bof.txt http://packetstormsecurity.org/files/75273/KL0209ADV-poppeeper_uidl-bof.txt http://packetstormsecurity.org/files/75273/POP-Peeper-3.4.0.0-UIDL-Buffer-Overflow-Advisory.html Fri, 27 Feb 2009 21:50:03 GMT POP Peeper version 3.4.0.0 suffers from an UIDL command related remote buffer overflow vulnerability in the client. http://packetstormsecurity.org/files/75266/shoutcast198-xss.txt http://packetstormsecurity.org/files/75266/shoutcast198-xss.txt http://packetstormsecurity.org/files/75266/Shoutcast-1.9.8-Cross-Site-Scripting.html Fri, 27 Feb 2009 19:46:13 GMT SHOUTcast version 1.9.8 suffers from a user-agent related cross site scripting vulnerability. http://packetstormsecurity.org/files/75265/VMSA-2009-0003.txt http://packetstormsecurity.org/files/75265/VMSA-2009-0003.txt http://packetstormsecurity.org/files/75265/VMware-Security-Advisory-2009-0003.html Fri, 27 Feb 2009 19:44:52 GMT VMware Security Advisory - A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor. http://packetstormsecurity.org/files/75261/USN-725-1.txt http://packetstormsecurity.org/files/75261/USN-725-1.txt http://packetstormsecurity.org/files/75261/Ubuntu-Security-Notice-725-1.html Fri, 27 Feb 2009 18:56:34 GMT Ubuntu Security Notice USN-725-1 - It was discovered that Kmail did not adequately prevent execution of arbitrary code when a user clicked on a URL to an executable within an HTML mail. If a user clicked on a malicious URL and chose to execute the file, a remote attacker could execute arbitrary code with user privileges. This update changes KMail's behavior to instead launch a helper program to view the file if the user chooses to execute such a link. http://packetstormsecurity.org/files/75260/dsa-1728-1.txt http://packetstormsecurity.org/files/75260/dsa-1728-1.txt http://packetstormsecurity.org/files/75260/Debian-Linux-Security-Advisory-1728-1.html Fri, 27 Feb 2009 18:56:07 GMT Debian Security Advisory 1728-1 - It was discovered that dkim-milter, an implementation of the DomainKeys Identified Mail protocol, may crash during DKIM verification if it encounters a specially-crafted or revoked public key record in DNS. http://packetstormsecurity.org/files/75245/MDVSA-2009-058.txt http://packetstormsecurity.org/files/75245/MDVSA-2009-058.txt http://packetstormsecurity.org/files/75245/Mandriva-Linux-Security-Advisory-2009-058.html Fri, 27 Feb 2009 18:36:15 GMT Mandriva Linux Security Advisory 2009-058 - Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. This update provides Wireshark 1.0.6, which is not vulnerable to these issues. http://packetstormsecurity.org/files/75296/sa34081.txt http://packetstormsecurity.org/files/75296/sa34081.txt http://packetstormsecurity.org/files/75296/Secunia-Security-Advisory-34081.html Fri, 27 Feb 2009 17:23:00 GMT Secunia Security Advisory - Some vulnerabilities have been reported in PHP, where some have an unknown impact an others can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). http://packetstormsecurity.org/files/75294/sa34026.txt http://packetstormsecurity.org/files/75294/sa34026.txt http://packetstormsecurity.org/files/75294/Secunia-Security-Advisory-34026.html Fri, 27 Feb 2009 17:18:06 GMT Secunia Security Advisory - Debian has issued an update for python-crypto. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/75293/sa34069.txt http://packetstormsecurity.org/files/75293/sa34069.txt http://packetstormsecurity.org/files/75293/Secunia-Security-Advisory-34069.html Fri, 27 Feb 2009 17:18:03 GMT Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes a weakness, some security issues, and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially gain escalated privileges. http://packetstormsecurity.org/files/75292/sa34040.txt http://packetstormsecurity.org/files/75292/sa34040.txt http://packetstormsecurity.org/files/75292/Secunia-Security-Advisory-34040.html Fri, 27 Feb 2009 17:18:00 GMT Secunia Security Advisory - Fedora has issued an update for python-crypto. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/75291/sa34072.txt http://packetstormsecurity.org/files/75291/sa34072.txt http://packetstormsecurity.org/files/75291/Secunia-Security-Advisory-34072.html Fri, 27 Feb 2009 17:17:57 GMT Secunia Security Advisory - Fedora has issued an update for optipng. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. http://packetstormsecurity.org/files/75290/sa34070.txt http://packetstormsecurity.org/files/75290/sa34070.txt http://packetstormsecurity.org/files/75290/Secunia-Security-Advisory-34070.html Fri, 27 Feb 2009 17:17:54 GMT Secunia Security Advisory - Fedora has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. http://packetstormsecurity.org/files/75289/sa34080.txt http://packetstormsecurity.org/files/75289/sa34080.txt http://packetstormsecurity.org/files/75289/Secunia-Security-Advisory-34080.html Fri, 27 Feb 2009 17:17:51 GMT Secunia Security Advisory - Justin C. Klein Keane has discovered a vulnerability in the Taxonomy Theme module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. http://packetstormsecurity.org/files/75288/sa34079.txt http://packetstormsecurity.org/files/75288/sa34079.txt http://packetstormsecurity.org/files/75288/Secunia-Security-Advisory-34079.html Fri, 27 Feb 2009 17:17:48 GMT Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes a security issue, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/75286/sa34087.txt http://packetstormsecurity.org/files/75286/sa34087.txt http://packetstormsecurity.org/files/75286/Secunia-Security-Advisory-34087.html Fri, 27 Feb 2009 15:59:35 GMT Secunia Security Advisory - Nortel has acknowledged a vulnerability in some Nortel products, which can be exploited by malicious people to conduct spoofing attacks. http://packetstormsecurity.org/files/75285/sa34076.txt http://packetstormsecurity.org/files/75285/sa34076.txt http://packetstormsecurity.org/files/75285/Secunia-Security-Advisory-34076.html Fri, 27 Feb 2009 15:59:32 GMT Secunia Security Advisory - A vulnerability has been discovered in Coppermine Photo Gallery, which can be exploited by malicious people to conduct cross-site request forgery attacks. http://packetstormsecurity.org/files/75284/sa34086.txt http://packetstormsecurity.org/files/75284/sa34086.txt http://packetstormsecurity.org/files/75284/Secunia-Security-Advisory-34086.html Fri, 27 Feb 2009 15:59:29 GMT Secunia Security Advisory - A vulnerability has been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. http://packetstormsecurity.org/files/75283/sa34085.txt http://packetstormsecurity.org/files/75283/sa34085.txt http://packetstormsecurity.org/files/75283/Secunia-Security-Advisory-34085.html Fri, 27 Feb 2009 15:59:26 GMT Secunia Security Advisory - A vulnerability has been reported in vbDrupal, which can be exploited by malicious people to disclose potentially sensitive information. http://packetstormsecurity.org/files/75282/sa34092.txt http://packetstormsecurity.org/files/75282/sa34092.txt http://packetstormsecurity.org/files/75282/Secunia-Security-Advisory-34092.html Fri, 27 Feb 2009 15:59:23 GMT Secunia Security Advisory - A vulnerability has been discovered in Internet Download Manager, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/75281/sa33984.txt http://packetstormsecurity.org/files/75281/sa33984.txt http://packetstormsecurity.org/files/75281/Secunia-Security-Advisory-33984.html Fri, 27 Feb 2009 15:59:20 GMT Secunia Security Advisory - Oliver Greiter has reported a vulnerability in Libero, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/75280/sa34090.txt http://packetstormsecurity.org/files/75280/sa34090.txt http://packetstormsecurity.org/files/75280/Secunia-Security-Advisory-34090.html Fri, 27 Feb 2009 15:59:17 GMT Secunia Security Advisory - Some vulnerabilities have been reported in various Etoshop products, which can be exploited by malicious people to conduct SQL injection attacks.