Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 06:35:16 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2248938911&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0911-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2248938911.1338186916.1338186916.1338186916.1%3B%2B__utmz%3D32867617.1338186916.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/83317/AST-2009-010.txt http://packetstormsecurity.org/files/83317/AST-2009-010.txt http://packetstormsecurity.org/files/83317/Asterisk-Project-Security-Advisory-AST-2009-010.html Tue, 01 Dec 2009 02:22:06 GMT Asterisk Project Security Advisory - An attacker sending a valid RTP comfort noise payload containing a data length of 24 bytes or greater can remotely crash Asterisk. http://packetstormsecurity.org/files/83313/MDVSA-2009-307.txt http://packetstormsecurity.org/files/83313/MDVSA-2009-307.txt http://packetstormsecurity.org/files/83313/Mandriva-Linux-Security-Advisory-2009-307.html Tue, 01 Dec 2009 02:09:22 GMT Mandriva Linux Security Advisory 2009-307 - All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. This advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue. http://packetstormsecurity.org/files/83305/BMSA-2009-07.txt http://packetstormsecurity.org/files/83305/BMSA-2009-07.txt http://packetstormsecurity.org/files/83305/pyForum-1.0.3-Backdoor.html Tue, 01 Dec 2009 01:56:03 GMT pyForum version 1.0.3 suffers from a password reset vulnerability. http://packetstormsecurity.org/files/83295/iscbind-dll.txt http://packetstormsecurity.org/files/83295/iscbind-dll.txt http://packetstormsecurity.org/files/83295/ISC-BIND-Vulnerable-DLLs.html Tue, 01 Dec 2009 01:25:31 GMT ISC released new BIND packages for Windows with vulnerable runtime DLLs. Brilliant. http://packetstormsecurity.org/files/83286/dsa-1942-1.txt http://packetstormsecurity.org/files/83286/dsa-1942-1.txt http://packetstormsecurity.org/files/83286/Debian-Linux-Security-Advisory-1942-1.html Mon, 30 Nov 2009 22:08:12 GMT Debian Linux Security Advisory 1942-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. http://packetstormsecurity.org/files/83285/MDVSA-2009-306.txt http://packetstormsecurity.org/files/83285/MDVSA-2009-306.txt http://packetstormsecurity.org/files/83285/Mandriva-Linux-Security-Advisory-2009-306.html Mon, 30 Nov 2009 22:07:48 GMT Mandriva Linux Security Advisory 2009-306 - Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. The updated packages have been patched to correct these issues. http://packetstormsecurity.org/files/83284/MDVSA-2009-305.txt http://packetstormsecurity.org/files/83284/MDVSA-2009-305.txt http://packetstormsecurity.org/files/83284/Mandriva-Linux-Security-Advisory-2009-305.html Mon, 30 Nov 2009 22:07:30 GMT Mandriva Linux Security Advisory 2009-305 - PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. The updated packages have been patched to correct these issues. http://packetstormsecurity.org/files/83282/MDVSA-2009-303.txt http://packetstormsecurity.org/files/83282/MDVSA-2009-303.txt http://packetstormsecurity.org/files/83282/Mandriva-Linux-Security-Advisory-2009-303.html Mon, 30 Nov 2009 22:04:22 GMT Mandriva Linux Security Advisory 2009-303 - Some vulnerabilities were discovered and corrected in php-5.2.11. http://packetstormsecurity.org/files/83271/HPSBUX02482-SSRT090249.txt http://packetstormsecurity.org/files/83271/HPSBUX02482-SSRT090249.txt http://packetstormsecurity.org/files/83271/HP-Security-Bulletin-HPSBUX02482-SSRT090249.html Mon, 30 Nov 2009 21:44:08 GMT HP Security Bulletin - A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS). http://packetstormsecurity.org/files/83293/sa37477.txt http://packetstormsecurity.org/files/83293/sa37477.txt http://packetstormsecurity.org/files/83293/Secunia-Security-Advisory-37477.html Mon, 30 Nov 2009 16:31:52 GMT Secunia Security Advisory - Debian has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/83292/sa37446.txt http://packetstormsecurity.org/files/83292/sa37446.txt http://packetstormsecurity.org/files/83292/Secunia-Security-Advisory-37446.html Mon, 30 Nov 2009 16:31:49 GMT Secunia Security Advisory - A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/83291/sa37490.txt http://packetstormsecurity.org/files/83291/sa37490.txt http://packetstormsecurity.org/files/83291/Secunia-Security-Advisory-37490.html Mon, 30 Nov 2009 16:31:47 GMT Secunia Security Advisory - Fedora has issued an update for tomcat6. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information or manipulate certain data and by malicious people to cause a DoS (Denial of Service) or disclose sensitive information. http://packetstormsecurity.org/files/83290/sa37496.txt http://packetstormsecurity.org/files/83290/sa37496.txt http://packetstormsecurity.org/files/83290/Secunia-Security-Advisory-37496.html Mon, 30 Nov 2009 16:31:44 GMT Secunia Security Advisory - Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. http://packetstormsecurity.org/files/83289/sa37509.txt http://packetstormsecurity.org/files/83289/sa37509.txt http://packetstormsecurity.org/files/83289/Secunia-Security-Advisory-37509.html Mon, 30 Nov 2009 16:31:41 GMT Secunia Security Advisory - shinnai has discovered a vulnerability in Haihaisoft Universal Player, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/83288/sa37513.txt http://packetstormsecurity.org/files/83288/sa37513.txt http://packetstormsecurity.org/files/83288/Secunia-Security-Advisory-37513.html Mon, 30 Nov 2009 16:31:39 GMT Secunia Security Advisory - Christophe Devine has reported some vulnerabilities in SumatraPDF, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/83287/sa37494.txt http://packetstormsecurity.org/files/83287/sa37494.txt http://packetstormsecurity.org/files/83287/Secunia-Security-Advisory-37494.html Mon, 30 Nov 2009 16:31:36 GMT Secunia Security Advisory - Christophe Devine has reported some vulnerabilities in MuPDF, which can be exploited by malicious people to compromise an application using the library. http://packetstormsecurity.org/files/83270/USN-862-1.txt http://packetstormsecurity.org/files/83270/USN-862-1.txt http://packetstormsecurity.org/files/83270/Ubuntu-Security-Notice-862-1.html Fri, 27 Nov 2009 21:26:49 GMT Ubuntu Security Notice 862-1 - Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service. http://packetstormsecurity.org/files/83266/MDVSA-2009-304.txt http://packetstormsecurity.org/files/83266/MDVSA-2009-304.txt http://packetstormsecurity.org/files/83266/Mandriva-Linux-Security-Advisory-2009-304.html Fri, 27 Nov 2009 21:19:05 GMT Mandriva Linux Security Advisory 2009-304 - Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO. Additionally BIND has been upgraded to the latest point release or closest supported version by ISC. http://packetstormsecurity.org/files/83265/glsa-200911-06.txt http://packetstormsecurity.org/files/83265/glsa-200911-06.txt http://packetstormsecurity.org/files/83265/Gentoo-Linux-Security-Advisory-200911-6.html Fri, 27 Nov 2009 21:18:40 GMT Gentoo Linux Security Advisory 200911-6 - An input sanitation error in PEAR Net_Traceroute might allow remote attackers to execute arbitrary commands. Pasquale Imperato reported that the $host parameter to the traceroute() function in Traceroute.php is not properly sanitized before being passed to exec(). Versions less than 0.21.2 are affected. http://packetstormsecurity.org/files/83263/dsa-1940-1.txt http://packetstormsecurity.org/files/83263/dsa-1940-1.txt http://packetstormsecurity.org/files/83263/Debian-Linux-Security-Advisory-1940-1.html Fri, 27 Nov 2009 21:14:09 GMT Debian Linux Security Advisory 1940-1 - Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. http://packetstormsecurity.org/files/83262/sa37497.txt http://packetstormsecurity.org/files/83262/sa37497.txt http://packetstormsecurity.org/files/83262/Secunia-Security-Advisory-37497.html Fri, 27 Nov 2009 13:07:47 GMT Secunia Security Advisory - Gentoo has issued an update for PEAR-Net_Traceroute. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/83261/sa37478.txt http://packetstormsecurity.org/files/83261/sa37478.txt http://packetstormsecurity.org/files/83261/Secunia-Security-Advisory-37478.html Fri, 27 Nov 2009 13:07:44 GMT Secunia Security Advisory - A security issue has been discovered in RADIO istek scripti, which can be exploited by malicious people to disclose sensitive information. http://packetstormsecurity.org/files/83260/sa37476.txt http://packetstormsecurity.org/files/83260/sa37476.txt http://packetstormsecurity.org/files/83260/Secunia-Security-Advisory-37476.html Fri, 27 Nov 2009 13:07:42 GMT Secunia Security Advisory - A vulnerability has been discovered in the GCalendar component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/83259/sa37498.txt http://packetstormsecurity.org/files/83259/sa37498.txt http://packetstormsecurity.org/files/83259/Secunia-Security-Advisory-37498.html Fri, 27 Nov 2009 13:07:39 GMT Secunia Security Advisory - Ubuntu has issued an update for php5. This fixes multiple vulnerabilities, some of which have unknown impact and others that can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/83258/sa37499.txt http://packetstormsecurity.org/files/83258/sa37499.txt http://packetstormsecurity.org/files/83258/Secunia-Security-Advisory-37499.html Fri, 27 Nov 2009 13:07:36 GMT Secunia Security Advisory - kaMtiEz has discovered a vulnerability in the LyftenBloggie component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.