what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files from Martin Pitt

Email addressmartin.pitt at canonical.com
First Active2005-08-24
Last Active2006-01-22
usn-244-1.txt
Posted Jan 22, 2006
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-244-1 - Multiple Linux kernel vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
SHA-256 | e96f47154ea507f1faed9c56fa4cfe5cbd84ece1d44d6f96c2a1e958a73e01a1
usn-245-1.txt
Posted Jan 22, 2006
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-245-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.

tags | advisory, overflow, javascript
systems | linux, ubuntu
SHA-256 | 137d1369fa980e9e557cf30490ce57d1b20d218f248ea94f0754accf74da61c1
usn-218-1.txt
Posted Nov 22, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-218-1 - Two buffer overflows were discovered in the 'pnmtopng' tool, which were triggered by processing an image with exactly 256 colors when using the -alpha option (CVE-2005-3662) or by processing a text file with very long lines when using the -text option (CVE-2005-3632).

tags | advisory, overflow
systems | linux, ubuntu
SHA-256 | 186205740c073a6c3a2123b8b2b81ee862292ac19e01abb4acb5c901ee7951e5
usn-217-1.txt
Posted Nov 22, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-217-1 - A buffer overflow has been discovered in the SVG importer of Inkscape. By tricking an user into opening a specially crafted SVG image this could be exploited to execute arbitrary code with the privileges of the Inkscape user.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
SHA-256 | 8cad225daf417b8629396e73ffb925a33dbee577c4002c58f3df767d93220abc
usn-190-2.txt
Posted Nov 22, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-190-2 - USN-190-1 fixed a vulnerability in the net-snmp library. It was discovered that the same problem also affects the ucs-snmp implementation (which is used by the Cyrus email server).

tags | advisory
systems | linux, ubuntu
SHA-256 | 71f0daa8f76924288d470abcd943995a73a608b6cc3c2eafde32a49b0775a60f
usn-151-4.txt
Posted Nov 9, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-151-4 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since lsb-rpm is statically linked against the zlib library, it is also affected by these issues. The updated packages have been rebuilt against the fixed zlib.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, ubuntu
SHA-256 | 1b544a04d39a8e0c1931a5d95ffca15fa1c6e2f736889f0d0e654b9062a98680
usn-215-1.txt
Posted Nov 8, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-215-1 - Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | 6623623dafd34401f8c96868a18ded75da8c838542b53142fe1c1ed8ae52e8fe
usn-214-1.txt
Posted Nov 8, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-214-1 - Chris Evans discovered several buffer overflows in the libungif library. By tricking an user (or automated system) into processing a specially crafted GIF image, this could be exploited to execute arbitrary code with the privileges of the application using libungif.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
SHA-256 | ccbe3257524d3fdb082a6e5a23209acfa63fb1f6a865fc10270711e1b6b6c566
usn-210-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-210-1 - A buffer overflow was found in the "pnmtopng" conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
SHA-256 | e8c7ce7d86f898ba4ab2ed0d8d231d930fc18255b947d73a0f13e9fe292e29c2
usn-208-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-208-1 - An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an untrusted user.

tags | advisory, info disclosure
systems | linux, ubuntu
advisories | CVE-2005-2798
SHA-256 | b24947e48e021abe6262e9d8879719d4f81e60d88671e9c6d9843103b15efe52
usn-207-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-207-1 - A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash ('/'). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to '/home/user1/'.

tags | advisory, php
systems | linux, ubuntu
advisories | CVE-2005-3054
SHA-256 | c852c01ceef1f4598383b83e3061e4f73f06ed53f1c9dbf279fb79d5d0054245
usn-206-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-206-1 - Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user running lynx. In order to exploit this, the user is not even required to actively visit a news site with Lynx since a malicious HTML page could automatically redirect to an nntp:// URL with malicious news items.

tags | advisory, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-3120
SHA-256 | 4b6361b06b6efcaf52522e3904afc75117232a9f7bf5c7fb14936353de5f181d
usn-204-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-204-1 - Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third party products, which is achieved by working around known bugs in them.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2005-2969
SHA-256 | 33d74febe976b92e71fbcce56756131cfefa799708b336adad778a3b248b3a90
usn-192-1.txt
Posted Oct 4, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-192-1 - Mike Diggins discovered a remote Denial of Service vulnerability in Squid. Sending specially crafted NTML authentication requests to Squid caused the server to crash.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2005-2917
SHA-256 | 6351468586402308f11c910517aa06ab3eea37233a1683741efe82c0e6114fb0
usn-191-1.txt
Posted Oct 4, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-191-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2005-2475
SHA-256 | ed9a1f90290852ec941b8400ffd304b53a92ab16b5dddd72f4560488188de3ef
usn-190-1.txt
Posted Oct 4, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-190-1 - A remote Denial of Service has been discovered in the SNMP (Simple Network Management Protocol) library. If a SNMP agent uses TCP sockets for communication, a malicious SNMP server could exploit this to crash the agent. Please note that by default SNMP uses UDP sockets.

tags | advisory, remote, denial of service, udp, tcp, protocol
systems | linux, ubuntu
advisories | CVE-2005-2177
SHA-256 | 7531bc6af03f4213812828668652a4c671c3d299d4de0befe4fc3f627af2c9b2
usn-189-1.txt
Posted Oct 4, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-189-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran Ghory also discovered a path traversal vulnerability. Even when the --no-absolute-filenames option was specified, cpio did not filter out ".." path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CVE-2005-1229)

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2005-1111, CVE-2005-1229
SHA-256 | 6c020b860f3162b5c142afd08d7d2ed80874cb3d6613efa8875483bac869d12a
usn-188-1.txt
Posted Oct 4, 2005
Authored by Martin Pitt | Site security.ubuntu.com

iUbuntu Security Notice USN-188-1 - Chris Evans discovered a buffer overflow in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

tags | advisory, overflow, arbitrary
advisories | CVE-2005-2964
SHA-256 | 01e1e78f8d01e887963d5567608c06a38b95c46065fb9fc107226f520f9b148b
Ubuntu Security Notice 181-1
Posted Sep 13, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-181-1 - Tom Ferris discovered a buffer overflow in the Mozilla products (Mozilla browser, Firefox, Thunderbird). By tricking an user to click on a Hyperlink with a specially crafted destination URL, a remote attacker could crash the application. It might even be possible to exploit this vulnerability to execute arbitrary code, but this has not yet been confirmed.

tags | advisory, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-2871
SHA-256 | 3b223821c2ce5a857a5b2f633896042c055216b8d5f8278366f84df4cab5d47f
Ubuntu Security Notice 182-1
Posted Sep 13, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-182-1 - A local privilege escalation vulnerability has been discovered in the pixmap allocation handling of the X server. By allocating a huge pixmap, a local user could trigger an integer overflow that resulted in a memory allocation that was too small for the requested pixmap. This resulted in a buffer overflow which could eventually be exploited to execute arbitrary code with full root privileges.

tags | advisory, overflow, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2005-2495
SHA-256 | df061683391f3f8fa82ddbd8ec3b3729ebd73d7587534f98ab8e2debcc7fff0d
Ubuntu Security Notice 179-1
Posted Sep 13, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-179-1 - The current default algorithm for creating message digests (electronic signatures) for certificates created by openssl is MD5. However, this algorithm is not deemed secure any more, and some practical attacks have been demonstrated which could allow an attacker to forge certificates with a valid certification authority signature even if he does not know the secret CA signing key. Therefore all Ubuntu versions of openssl have now been changed to use SHA-1 by default.

tags | advisory
systems | linux, ubuntu
SHA-256 | edbc843d8f4af43ca289e0bf680fcdd3e70200689c88d4a50069328b0e77b252
Ubuntu Security Notice 178-1
Posted Sep 10, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-178-1 - Multiple vulnerabilities have been found in the Linux kernel.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
SHA-256 | 2f0fd595f238d26a62b0368e060a1fcc836633e325931c70013e97e930fff457
Ubuntu Security Notice 177-1
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-177-1 - apache2, libapache-mod-ssl vulnerabilities - Apache did not honour the "SSLVerifyClient require" directive within a block if the surrounding block contained a directive "SSLVerifyClient optional". This allowed clients to bypass client certificate validation on servers with the above configuration. Also, Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2700, CVE-2005-2728
SHA-256 | f63bd9e3e650b2f1d6cbf6e4bceff6b9f82ee6c95a22dc5b50cef9f0bab677b0
Ubuntu Security Notice 176-1
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-176-1 - Ilja van Sprundel discovered a flaw in the lock file handling of kcheckpass. A local attacker could exploit this to execute arbitrary code with root privileges.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2005-2494
SHA-256 | b419e916d6eaef50b8207c2fddbe8550191cd454338f309985dd513d0f2b8933
Ubuntu Security Notice 160-2
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-160-2 - USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CVE-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the "universe" component of the archive).

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2088
SHA-256 | 4c77e34937b466d8814d9fdbcb4bfc9238594501b16e9bf4138b9bea0692a4a6
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close