Secunia Security Advisory - Two vulnerabilities have been reported in osh, which can be exploited by malicious, local users to gain escalated privileges. 1) A boundary error exists in the function iopen() in main.c and can be exploited to cause a buffer overflow by supplying an overly long argument. Example: /usr/sbin/osh exit [more than 1024 bytes] 2) A boundary error exists in the writable() function in handlers.c and can be exploited to cause a buffer overflow by running osh from a directory with a directory name of more than 255 bytes. Successful exploitation may allow execution of arbitrary code with root privileges. The vulnerabilities have been reported in version 1.7. Other versions may also be affected.
c9f4e6e6889ea85ce86bfe3c73a149c794968e080177bcfe946d0059002413c9Secunia Security Advisory - Astaro has issued an update for Astaro Security Linux. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions. For more information: SA17151 Several other bugs have also been fixed in this update.
6ab4427e28a9c0fa2ee89553993c86cc8c5953420dc5522f3d93d4cf72cad51cSecunia Security Advisory - Mandriva has issued an update for emacs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of Lisp code in local variables, which can be exploited to execute arbitrary commands via a specially crafted text file.
f425711868e4f71a206dc1414fc1bccd7dcd88a787d7b22637c65cdd957b5ff2Secunia Security Advisory - A vulnerability and a security issue have been reported in IPCop, which can be exploited by malicious people to cause a DoS (Denial of Service), and by malicious, local users to gain access to potentially sensitive information. 1) A vulnerability in Squid may be exploited by malicious people to cause a DoS. For more information: SA17271 2) The key used to encrypt web backup files is stored in /var/ipcop/backup/ and is world-readable. This can potentially be exploited by malicious users to decrypt backup files, or by the nobody user to overwrite arbitrary files by creating malicious backup files and restoring them. A race condition that can potentially allow the nobody user to replace the backup file before it is encrypted has also been fixed.
ddf3f71d06f1b787be3c47572a647ee435a12cb620a7c396f8a5a4f95c6be85eSecunia Security Advisory - Cybsec S.A. has reported some vulnerabilities in SAP Web Application Server, which can be exploited by malicious people to conduct cross-site scripting, phishing, and HTTP response splitting attacks. 1) Input passed to the sap-syscmd parameter in fameset.htm and the BspApplication field in the SYSTEM PUBLIC test application isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities have been reported in versions 6.10, 6.20, 6.40, and 7.00, and affect the BSP runtime of SAP Web Application Server. Other versions may also be affected. 2) Input passed to the query string in pages generating error messages isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability has been reported in version 6.10 and affects the BSP runtime of SAP Web Application Server. Prior versions may also be affected. 3) The problem is that an absolute URL for an external site can be specified in the sapexiturl parameter passed to fameset.htm. This can be exploited to trick users into visiting a malicious web site by following a specially crafted link with a trusted hostname redirecting to the malicious web site. The vulnerabilities have been reported in versions 6.10, 6.20, 6.40, and 7.00, and affect the BSP runtime of SAP Web Application Server. Other versions may also be affected. 4) Input passed to the sap-exiturl parameter isn't properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTTP headers, which will be included in the response sent to the user. The vulnerabilities have been reported in versions 6.10, 6.20, 6.40, and 7.00, and affect the BSP runtime of SAP Web Application Server. Other versions may also be affected.
a2a02074941471909712b5efce0e9ece647f94ee3398122dab8bfdb3d551e25aSecunia Security Advisory - Ubuntu has issued an update for lsb-rpm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA15949 SA16137
b0bbb865cc35b072fc1c0c28333c5bcdda03263af97c1c674180111aa8b9ad5bSecunia Security Advisory - Preben Nylokken has discovered a vulnerability in ASPKnowledgebase, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the username and password when logging in isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the authentication process and access the administration section where arbitrary HTML and script code can be inserted into the front page. The vulnerability has been confirmed in the latest available version.
f36209109fd41237033fd1e99ac29899f0480bdbfde8de0158a3be0a950bfc34Secunia Security Advisory - Moritz Naumann has reported a vulnerability in Antville, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the query string isn't properly sanitised before being returned to the user via the notfound.skin error document. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability has been reported in version 1.1. Other versions may also be affected.
8bf413dc70cba2ec14241852e5b39347e0e09fbf494afee895d05ba59498222fSecunia Security Advisory - Moritz Naumann has reported a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the topics_offset parameter in tiki-view_forum_thread.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. It is also possible to disclose the full path to tiki-view_forum_thread.php by accessing it with an invalid topics_sort_mode parameter. The vulnerability has been reported in versions 1.9.x through 1.9.2. Other versions may also be affected.
a35bca9f1b8d776d3b5e484bbd1fd109d51904c9898b1fe5beed33cdb2ce3075Secunia Security Advisory - A vulnerability has been reported in osh, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in main.c when handling environment variable substitutions. This can be exploited to inject arbitrary environment variables (e.g. LD_PRELOAD) to cause malicious shared libraries to be loaded by osh. Successful exploitation allows arbitrary code execution with root privileges. The vulnerability has been reported in version 1.7-14. Prior versions may also be affected. Note: An exploit for this vulnerability is publicly available.
a10d5fed81f4cd8a9b3f93065ce202ccc7631245f83967fa3da7b2545d688ca9Secunia Security Advisory - A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of an inefficient regular expression in /SpamAssassin/Message.pm to parse email headers. This can cause perl to crash when it runs out of stack space and can be exploited via a malicious email that contains a large number of recipients. The vulnerability has been reported in version 3.0.4. Prior versions may also be affected.
03eca2e2892b96726f69d5d2aa62adea9bd9f73fa1868ed77bb1ca6268f0e006Secunia Security Advisory - Some vulnerabilities have been reported in DB2 Content Manager, which potentially can be exploited by malicious users to cause a DoS (Denial of Service). 1) An error exists in the library server when creating a text index of an imported Exel file. This may be exploited by malicious users to cause the db2fmp process to consume large amount of CPU resources by importing a malformed Exel file. 2) An unspecified error in the handling of LZH files on AIX may cause a crash in the INSO code. Several other issues, which may be security related, have also been fixed.
f85c4b31e657b93a80cac8e42d2846a4b27bcc28e366f82227b2a2fdb8323e1dSecunia Security Advisory - Mandriva has issued an update for w3c-libwww. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA17119
00c08bd67e4f4611a7ae4d230aaa124710adc01746af6e451c0aa8d75acc05dcSecunia Security Advisory - Mandriva has issued an update for fetchmail. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of certain sensitive information. For more information: SA17293
f98f6f912be05d2a2c385baad9505f163dd3a5313cb0efa1f3c1a0105dbb3388Secunia Security Advisory - Mandriva has issued an update for libungif. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17436
65353ed67fbd9dbfaf2ac2bda3692e8de9191e998e2a0d676c2e7edc9ea26fd5Secunia Security Advisory - Fedora has issued an update for spamassassin. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA17386
4eaeed96bd81da7a6ed86b4c96606f27b88812d7e2370e538462aef4bfbb9d97Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.
1322265b90db957d35062302b75b1f0a5d6dce5f5f92fa7fd0ca9da2524a2ae2Local root exploit for chfn under SuSE Linux 9.{1,2,3}/10.0, Desktop 1.0, UnitedLinux 1.0, and SuSE Linux Enterprise Server {8,9}.
d6f60a4c747ccc20d91eb071b663dd492f8bab5c73280fa823a145e795a28096F-Secure Internet Gatekeeper for Linux local root exploit written in Python.
a7d56ff4e5c5d57e8e6bee5a056b1b22243cc46266d105e8b2eb6fa7df25a0d7Mandriva Linux Security Advisory - Sam Varshavchik discovered the HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
d684ad4b1982a9e213ada39667380fb6feb671cc6334f9f8596cd9bc45837773Local root exploit for sudo versions below 1.6.8p10 that makes use of the environment cleaning flaws with the SHELLOPTS and PS4 variables.
01540d7b6b0b6ee45a0878ef444900d18cdc75c2444c243cfc128279fd8df1b5Antville version 1.1 suffers from a cross site scripting flaw.
65a13345a6370cbd83ef8303e92c2f6af6db5ae09e9fa12c4473aa0ad5bf627dTikiWiki versions 1.9.x up to and including 1.9.2 suffer from a cross site scripting vulnerability and possible SQL injection vulnerabilities.
789603d9c715231cce4f6b651dd6544281cef61c96ee4a15e4b6dada3144cd12
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed