KDE Security Advisory: Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. Opening specially crafted RTF files in KWord can cause execution of arbitrary code. Affected are all KOffice releases starting from KOffice 1.2.0 up to and including KOffice 1.4.1.
d4ff9986f62282d33972361b743f867876d6b8bc485e2d9d18a63c4368ccba80OpenSSL Security Advisory - A vulnerability has been found in all previously released versions of OpenSSL (all versions up to 0.9.7h and 0.9.8a). Versions 0.9.7h and 0.9.8a have been released to address the issue. The vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a man in the middle can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only.
404241b8881908198a4c829d5f0e188071576eb55202a16a4e91becf1f9fed6bSecunia Research has discovered two vulnerabilities in WinRAR, which can be exploited by malicious people to compromise a user's system.
f80aca9ebb6b20dbbba325eb32ba1624a50cc34599b4f12202258c524fb59f20CodeCon 2006 Call For Papers - CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of working code.
b53ae6dd5a2f38b6c5e31d653c7ad0004b0647f4ab596e68cdfd2c41930195b3Secunia Security Advisory - Two vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
e6c3f0dfe2a49692f1252efcbc72fa5216ca4a6d0e004521c12cd6a5bcc9a0adSecunia Security Advisory - Slackware has issued an update for xine-lib. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
d23d93cde0281813e29a2813b38a72944c9565cc552bc850177dace9a69fc199Secunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges, or by malicious people to cause a DoS (Denial of Service), overwrite arbitrary files on a user's system, gain knowledge of various information, or compromise a vulnerable system.
842ec872d658610a32308a56e5582f67c8074fb2b7b6573e0e210cd0faca000cSecunia Security Advisory - Ubuntu has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, manipulate certain data, bypass certain security restrictions, and compromise a user's system.
2011b5b6f771cb301abec53c3735905a5c91c87b93df6477516b0a53a4112ebaSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users, or by malicious people to compromise a vulnerable system.
95e39846cfe80f6ffb459ef9b833c2db0920eba0b56d1d16f58635b7b9bce77fMandriva Linux Security Update Advisory - Squid 2.5.9, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
06d0d47bfa360a14185cf60283a9713fa8bf5c27d443c35ba004e0fb4381c8ebMandriva Linux Security Update Advisory - When playing an Audio CD, a xine-lib based media application contacts a CDDB server to retrieve metadata like the title and artist's name. During processing of this data, a response from the server, which is located in memory on the stack, is passed to the fprintf() function as a format string. An attacker can set up a malicious CDDB server and trick the client into using this server instead of the pre- configured one. Alternatively, any user and therefore the attacker can modify entries in the official CDDB server. Using this format string vulnerability, attacker-chosen data can be written to an attacker-chosen memory location. This allows the attacker to alter the control flow and to execute malicious code with the permissions of the user running the application.
aa30859c0d6a7f47a28e0c687d6bf26f4f312e6ce94df28dde0c1458613a57d0Mandriva Linux Security Update Advisory - Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.
f162a1718a04d64fcdcfa881284798e3240afdc4b36bb8ef9e86a3efbf61ed0eMandriva Linux Security Update Advisory - A cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
bed652ce606c76c741ba4a9bb11163f7491d679ec4eea0946f730779d582b5dfDebian Security Advisory DSA 863-1 - Ulf H
b1ad65f196c67248f05051039cbfc234fb62f3ac511ca058fc2ecb970d252965In late 2001, "Vudo Malloc Tricks" and "Once Upon A free()" defined the exploitation of overflowed dynamic memory chunks on Linux. In late 2004, a series of patches to GNU libc malloc implemented over a dozen mandatory integrity assertions, effectively rendering the existing techniques obsolete. The Malloc Maleficarum discusses the next generation of possible glibc malloc exploitation techniques.
6fd158952a4729defcf005345c61b2ff4749754a2ca9498169830f450fd5e14bDebian Security Advisory DSA 862-1 - Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed.
7c7cf1c16c4b6ebeb2b02b742f56e1015994c3dfb16e5aec809e8a8ed7ef0001Debian Security Advisory DSA 861-1 - "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code.
9f1a78ed94755a0e6632c0829fd9d102c90d4f788cca45b96144c091d67f5bdeGentoo Linux Security Advisory GLSA 200510-10 - Improper bounds checking of user supplied data while parsing IMAP mailbox names can lead to overflowing the stack buffer. Versions less than 2004g are affected.
9b1ba780913037de5c09124203b6e9dcc8b722db6ebdc1d6d58249f30adc849dThe Linux kernel recently incorporated a protection which randomizes the stack making exploitation of stack based overflows more difficult. This paper presents an attack which works on exploiting static addresses in Linux. You should be familiar with standard stack smashing before attempting this paper.
1b5fae8f77b5a710bc423947e91f436ec3c4ef4738ad4ac0a447048bfd559048eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the Windows Media Player 9 AVI movie DirectX component that allows memory at an arbitrary address to be modified when a specially crafted AVI file is played. Exploitation of this vulnerability can allow the execution of attacker-supplied code on a victim's system with the privileges of the user who attempted to open the movie file. This vulnerability has been identified in a component of DirectX.
a87f037c194fc9f1bd764ccbf3d7b854412d07eb18190c6a967d1ebfe483a8abeEye Security Advisory - eEye Digital Security has discovered a vulnerability in the way a Microsoft Design Tools COM object allocates and uses heap memory. An attacker could design a web page or HTML document that exploits the vulnerability in order to execute arbitrary code on the system of a user who views it.
b4712c870bdcac60468002316153f70a792b81b9fe6c673800af6b3c5d03b1bdeEye Security Advisory - eEye Digital Security has discovered a vulnerability in the Windows Plug and Play Service that would allow an unprivileged user to execute arbitrary code with SYSTEM privileges on a remote Windows 2000 or XP SP1 system. On Windows XP SP2, this vulnerability could be exploited by an unprivileged user to gain full privileges on a system to which he is logged in interactively.
846bcdcac256df0db0e4e7c5c0a2e07e6e237430fc7f1965fc0222d7ee188ed3eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in the Microsoft Distributed Transaction Coordinator (MSDTC) service that would allow an anonymous attacker to take complete control over an affected system. MSDTC listens on TCP port 3372 and a dynamic high TCP port, and is enabled by default on all Windows 2000 systems.
337058a7bf5cc5f2e313c072c885bd813f962b1a071b4babbe28a29cef9196a1Ubuntu Security Notice USN-201-1 - Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him.
77f385a07aab0f26683455daa55f4dceae7dee8e270e80256706eace3763bca8Ubuntu Security Notice USN-200-1 - Multiple vulnerabilities exist in the mozilla-thunderbird package. A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges. Mats Palmgren discovered a buffer overflow in the Unicode string parser. Unicode strings that contained zero-width non-joiner characters caused a browser crash, which could possibly even exploited to execute arbitrary code with the user's privileges. Georgi Guninski reported an integer overflow in the JavaScript engine. This could be exploited to run arbitrary code under some conditions. Peter Zelezny discovered that URLs which are passed to Thunderbird on the command line are not correctly protected against interpretation by the shell. If Thunderbird is configured as the default handler for mailto: URLs, this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client).
afa1ecc22b6f13f656a48b0ca5d2d03a81c06c0f0835b22b94a65484ef17d759
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed