Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 06:45:58 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1437740730&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1001-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1437740730.1338187558.1338187558.1338187558.1%3B%2B__utmz%3D32867617.1338187558.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/85800/dsa-1985-1.txt http://packetstormsecurity.org/files/85800/dsa-1985-1.txt http://packetstormsecurity.org/files/85800/Debian-Linux-Security-Advisory-1985-1.html Sun, 31 Jan 2010 21:26:17 GMT Debian Linux Security Advisory 1985-1 - It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\\0' character in a Common Name (CN) field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority. http://packetstormsecurity.org/files/85791/dsa-1983-1.txt http://packetstormsecurity.org/files/85791/dsa-1983-1.txt http://packetstormsecurity.org/files/85791/Debian-Linux-Security-Advisory-1983-1.html Sun, 31 Jan 2010 20:52:17 GMT Debian Linux Security Advisory 1983-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service. http://packetstormsecurity.org/files/85787/dsa-1984-1.txt http://packetstormsecurity.org/files/85787/dsa-1984-1.txt http://packetstormsecurity.org/files/85787/Debian-Linux-Security-Advisory-1984-1.html Sun, 31 Jan 2010 20:42:38 GMT Debian Linux Security Advisory 1984-1 - It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. http://packetstormsecurity.org/files/85781/dsa-1841-2.txt http://packetstormsecurity.org/files/85781/dsa-1841-2.txt http://packetstormsecurity.org/files/85781/Debian-Linux-Security-Advisory-1841-2.html Sun, 31 Jan 2010 20:14:12 GMT Debian Linux Security Advisory 1841-2 - A bug in git-core caused the security update in DSA 1841 to fail to build on a number of architectures Debian supports. This update corrects the bug and releases builds for all supported architectures. http://packetstormsecurity.org/files/85772/sa38356.txt http://packetstormsecurity.org/files/85772/sa38356.txt http://packetstormsecurity.org/files/85772/Secunia-Security-Advisory-38356.html Sun, 31 Jan 2010 10:11:42 GMT Secunia Security Advisory - A security issue has been reported in Symantec Altiris Notification Server, which can be exploited by malicious, local users to disclose sensitive information. http://packetstormsecurity.org/files/85771/sa38313.txt http://packetstormsecurity.org/files/85771/sa38313.txt http://packetstormsecurity.org/files/85771/Secunia-Security-Advisory-38313.html Sun, 31 Jan 2010 10:11:40 GMT Secunia Security Advisory - Fedora has issued an update for bltk. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. http://packetstormsecurity.org/files/85770/sa38363.txt http://packetstormsecurity.org/files/85770/sa38363.txt http://packetstormsecurity.org/files/85770/Secunia-Security-Advisory-38363.html Sun, 31 Jan 2010 10:11:37 GMT Secunia Security Advisory - A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. http://packetstormsecurity.org/files/85769/sa38210.txt http://packetstormsecurity.org/files/85769/sa38210.txt http://packetstormsecurity.org/files/85769/Secunia-Security-Advisory-38210.html Sun, 31 Jan 2010 10:11:35 GMT Secunia Security Advisory - Two vulnerabilities have been reported in ircd-ratbox, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. http://packetstormsecurity.org/files/85768/sa38383.txt http://packetstormsecurity.org/files/85768/sa38383.txt http://packetstormsecurity.org/files/85768/Secunia-Security-Advisory-38383.html Sun, 31 Jan 2010 10:11:32 GMT Secunia Security Advisory - Debian has issued an update for ircd-hybrid and ircd-ratbox. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. http://packetstormsecurity.org/files/85767/sa38381.txt http://packetstormsecurity.org/files/85767/sa38381.txt http://packetstormsecurity.org/files/85767/Secunia-Security-Advisory-38381.html Sun, 31 Jan 2010 10:11:30 GMT Secunia Security Advisory - A vulnerability has been reported in IRCD-hybrid, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. http://packetstormsecurity.org/files/85766/sa38382.txt http://packetstormsecurity.org/files/85766/sa38382.txt http://packetstormsecurity.org/files/85766/Secunia-Security-Advisory-38382.html Sun, 31 Jan 2010 10:11:27 GMT Secunia Security Advisory - A vulnerability has been reported in oftc-hybrid, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. http://packetstormsecurity.org/files/85765/sa38357.txt http://packetstormsecurity.org/files/85765/sa38357.txt http://packetstormsecurity.org/files/85765/Secunia-Security-Advisory-38357.html Sun, 31 Jan 2010 10:11:24 GMT Secunia Security Advisory - Ubuntu has issued an update for samba. This fixes a security issue, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges. http://packetstormsecurity.org/files/85763/dsa-1982-1.txt http://packetstormsecurity.org/files/85763/dsa-1982-1.txt http://packetstormsecurity.org/files/85763/Debian-Linux-Security-Advisory-1982-1.html Sat, 30 Jan 2010 00:34:57 GMT Debian Linux Security Advisory 1982-1 - Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option. http://packetstormsecurity.org/files/85754/MDVSA-2010-029.txt http://packetstormsecurity.org/files/85754/MDVSA-2010-029.txt http://packetstormsecurity.org/files/85754/Mandriva-Linux-Security-Advisory-2010-029.html Sat, 30 Jan 2010 00:20:44 GMT Mandriva Linux Security Advisory 2010-029 - The rootcerts package was added in Mandriva in 2005 and was meant to be updated when necessary. The provided rootcerts packages has been upgraded using the latest certdata.txt file from the mozilla cvs repdata.txt file. The rootcerts package provides the /etc/pki/tls/certs/ca-bundle.crt file which most softwares in Mandriva, and where applicable is sharing such as KDE, curl, pidgin, neon, and more. The mozilla nss library has consequently been rebuilt to pickup these changes and are also being provided. http://packetstormsecurity.org/files/85750/dsa-1968-2.txt http://packetstormsecurity.org/files/85750/dsa-1968-2.txt http://packetstormsecurity.org/files/85750/Debian-Linux-Security-Advisory-1968-2.html Fri, 29 Jan 2010 23:33:09 GMT Debian Linux Security Advisory 1968-2 - It was discovered that pdns-recursor, the PowerDNS recursive name server, contains a cache poisoning vulnerability which may allow attackers to trick the server into serving incorrect DNS data (CVE-2009-4010). http://packetstormsecurity.org/files/85747/USN-892-1.txt http://packetstormsecurity.org/files/85747/USN-892-1.txt http://packetstormsecurity.org/files/85747/Ubuntu-Security-Notice-892-1.html Fri, 29 Jan 2010 23:29:00 GMT Ubuntu Security Notice 892-1 - Ronald Volgers discovered that FUSE did not correctly check mount locations. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service. http://packetstormsecurity.org/files/85745/dsa-1981-2.txt http://packetstormsecurity.org/files/85745/dsa-1981-2.txt http://packetstormsecurity.org/files/85745/Debian-Linux-Security-Advisory-1981-2.html Fri, 29 Jan 2010 23:27:45 GMT Debian Linux Security Advisory 1981-2 - The latest DSA for maildrop introduced two regressions. The maildrop program stopped working when invoked as a non-root user, such as with postfix. Also, the lenny version dropped a dependency on the courier-authlib package. http://packetstormsecurity.org/files/85737/USN-893-1.txt http://packetstormsecurity.org/files/85737/USN-893-1.txt http://packetstormsecurity.org/files/85737/Ubuntu-Security-Notice-893-1.html Fri, 29 Jan 2010 22:37:52 GMT Ubuntu Security Notice 893-1 - Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into mounting over arbitrary locations, leading to a root privilege escalation. http://packetstormsecurity.org/files/85751/dsa-1981-1.txt http://packetstormsecurity.org/files/85751/dsa-1981-1.txt http://packetstormsecurity.org/files/85751/Debian-Linux-Security-Advisory-1981-1.html Fri, 29 Jan 2010 22:28:31 GMT Debian Linux Security Advisory 1981-1 - Christoph Anton Mitterer discovered that maildrop, a mail delivery agent with filtering abilities, is prone to a privilege escalation issue that grants a user root group privileges. http://packetstormsecurity.org/files/85730/USN-891-1.txt http://packetstormsecurity.org/files/85730/USN-891-1.txt http://packetstormsecurity.org/files/85730/Ubuntu-Security-Notice-891-1.html Fri, 29 Jan 2010 22:23:03 GMT Ubuntu Security Notice 891-1 - It was discovered that lintian did not correctly validate certain filenames when processing input. If a user or an automated system were tricked into running lintian on a specially crafted set of files, a remote attacker could execute arbitrary code with user privileges. http://packetstormsecurity.org/files/85724/dsa-1980-1.txt http://packetstormsecurity.org/files/85724/dsa-1980-1.txt http://packetstormsecurity.org/files/85724/Debian-Linux-Security-Advisory-1980-1.html Fri, 29 Jan 2010 21:57:24 GMT Debian Linux Security Advisory 1980-1 - David Leadbeater discovered an integer underflow that could be triggered via the LINKS command and can lead to a denial of service or the execution of arbitrary code (CVE-2009-4016). This issue affects both, ircd-hybrid and ircd-ratbox. http://packetstormsecurity.org/files/85759/sa38261.txt http://packetstormsecurity.org/files/85759/sa38261.txt http://packetstormsecurity.org/files/85759/Secunia-Security-Advisory-38261.html Fri, 29 Jan 2010 16:30:00 GMT Secunia Security Advisory - A security issue has been reported in FUSE (File System in Userspace), which can be exploited by malicious, local users to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/85758/sa38368.txt http://packetstormsecurity.org/files/85758/sa38368.txt http://packetstormsecurity.org/files/85758/Secunia-Security-Advisory-38368.html Fri, 29 Jan 2010 16:29:58 GMT Secunia Security Advisory - Some vulnerabilities have been discovered in NovaBoard, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/85757/sa38359.txt http://packetstormsecurity.org/files/85757/sa38359.txt http://packetstormsecurity.org/files/85757/Secunia-Security-Advisory-38359.html Fri, 29 Jan 2010 16:29:54 GMT Secunia Security Advisory - Ubuntu has issued an update for fuse. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/85743/sa38286.txt http://packetstormsecurity.org/files/85743/sa38286.txt http://packetstormsecurity.org/files/85743/Secunia-Security-Advisory-38286.html Fri, 29 Jan 2010 15:24:44 GMT Secunia Security Advisory - A security issue has been reported in Samba, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges.