what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 35 of 35 RSS Feed

Files Date: 2007-10-16 to 2007-10-17

Mandriva Linux Security Advisory 2007.197
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow in GNU tar has unspecified attack vectors and impact, resulting in a crashing stack.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2007-4476
SHA-256 | d6ca54d22cddc8887b5129f6edc2abd3964ee5f3bd49e9a2c3792ad6fd25eb7b
Secunia Security Advisory 27149
Posted Oct 16, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Krystian Kloskowski has discovered a vulnerability in jetAudio, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 61a3ece9c766357554eb0cb8bd23a6c8fd2324a6411469e89e4a78272aec8155
Secunia Security Advisory 27180
Posted Oct 16, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for kdm. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.

tags | advisory, local
systems | linux, gentoo
SHA-256 | 82a98787cf0beb62cfd86ac0e61e8b5bfcc3ef5b0f7f656852d00d52a289853e
Secunia Security Advisory 27189
Posted Oct 16, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in SUSE Linux Enterprise Server, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, suse
SHA-256 | 838a449278a0c8d3240d9a63d50367cc4a66c92c21b05e796a567e1db7a8797c
Secunia Security Advisory 27191
Posted Oct 16, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in dotProject, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | 9e2d9f4dbc3c1a0ffc40d487620d6f87f140b3d4b9abfe0b3df7af59943dbd8b
Secunia Security Advisory 27227
Posted Oct 16, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potential sensitive information, gain escalated privileges, and cause a DoS (Denial of Service) and by malicious people to cause a DoS.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, suse
SHA-256 | 5b546ab298a308b62afd71ba8d2397bf87c3203fb0ec1cc3774ac309347e1abd
Secunia Security Advisory 27232
Posted Oct 16, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for hplib. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, fedora
SHA-256 | 7932b211139d0117a4597b8cc949603441a449352c19b5d7889e827d2dfff061
Secunia Security Advisory 27240
Posted Oct 16, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for xfs. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges or gain escalated privileges.

tags | advisory, local, vulnerability
systems | linux, gentoo
SHA-256 | 7b86b3f1e11269e9344df81dd40599929fd2a29b6cd3568176f107f43a025dce
Mandriva Linux Security Advisory 2007.196
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The compat_sys_mount function in fs/compat.c allowed local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode. The nf_conntrack function in netfilter did not set nfctinfo during reassembly of fragmented packets, which left the default value as IP_CT_ESTABLISHED and could allow remote attackers to bypass certain rulesets using IPv6 fragments. A typo in the Linux kernel caused RTA_MAX to be used as an array size instead of RTN_MAX, which lead to an out of bounds access by certain functions. The IPv6 protocol allowed remote attackers to cause a denial of service via crafted IPv6 type 0 route headers that create network amplification between two routers. The random number feature did not properly seed pools when there was no entropy, or used an incorrect cast when extracting entropy, which could cause the random number generator to provide the same values after reboots on systems without an entropy source. A memory leak in the PPPoE socket implementation allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. An integer underflow in the cpuset_tasks_read function, when the cpuset filesystem is mounted, allowed local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. The sctp_new function in netfilter allowed remote attackers to cause a denial of service by causing certain invalid states that triggered a NULL pointer dereference. A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size. The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, root, protocol, memory leak
systems | linux, mandriva
advisories | CVE-2006-7203, CVE-2007-1497, CVE-2007-2172, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-3105, CVE-2007-3513, CVE-2007-3848, CVE-2007-4308, CVE-2007-4573
SHA-256 | 64832840334304a0ea0bb133dcd8a2e85f8bbea606fab02ea59dc6a77f2fed01
Mandriva Linux Security Advisory 2007.195
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A stack-based buffer overflow in the random number generator could allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size. The lcd_write function did not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). The decode_choice function allowed remote attackers to cause a denial of service (crash) via an encoded out-of-range index value for a choice field which triggered a NULL pointer dereference. The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die which delivered an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer ioctl patch in aacraid did not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. The IA32 system call emulation functionality, when running on the x86_64 architecture, did not zero extend the eax register after the 32bit entry path to ptrace is used, which could allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, local, root
systems | linux, mandriva
advisories | CVE-2007-3105, CVE-2007-3513, CVE-2007-3642, CVE-2007-3848, CVE-2007-4308, CVE-2007-4573
SHA-256 | 7396d5929f8b6a093c3146935c5a3292400cad621bbfd5eb7745201a2c3287b1
Page 2 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close