Archiv für Januar, 2010

Symantec Altiris Notification Server Static Encryption Key SECUNIA ADVISORY ID: SA38356 VERIFY ADVISORY: http://secunia.com/advisories/38356/ DESCRIPTION: A security issue has been reported in Symantec Altiris Notification Server, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application using a static encryption key to encrypt and [...]

Fedora update for bltk SECUNIA ADVISORY ID: SA38313 VERIFY ADVISORY: http://secunia.com/advisories/38313/ DESCRIPTION: Fedora has issued an update for bltk. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the utility /usr/lib/bltk/bin/bltk_sudo allowing to invoke arbitrary commands with root privileges without [...]

Hitachi Products Image File Processing Buffer Overflow SECUNIA ADVISORY ID: SA38363 VERIFY ADVISORY: http://secunia.com/advisories/38363/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error when processing [...]

ircd-ratbox Integer Underflow and NULL Pointer Dereference Vulnerabilities SECUNIA ADVISORY ID: SA38210 VERIFY ADVISORY: http://secunia.com/advisories/38210/ DESCRIPTION: Two vulnerabilities have been reported in ircd-ratbox, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) An integer underflow when processing the “LINKS” command can be exploited [...]

Debian update for ircd-hybrid and ircd-ratbox SECUNIA ADVISORY ID: SA38383 VERIFY ADVISORY: http://secunia.com/advisories/38383/ DESCRIPTION: Debian has issued an update for ircd-hybrid and ircd-ratbox. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Note: CVE-2010-0300 only affects ircd-ratbox. For more information: [...]

IRCD-hybrid “LINKS” Command Integer Underflow Vulnerability SECUNIA ADVISORY ID: SA38381 VERIFY ADVISORY: http://secunia.com/advisories/38381/ DESCRIPTION: A vulnerability has been reported in IRCD-hybrid, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an integer underflow when processing the “LINKS” command, [...]

oftc-hybrid “LINKS” Command Integer Underflow Vulnerability SECUNIA ADVISORY ID: SA38382 VERIFY ADVISORY: http://secunia.com/advisories/38382/ DESCRIPTION: A vulnerability has been reported in oftc-hybrid, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an integer underflow when processing the “LINKS” command, [...]

Ubuntu update for samba SECUNIA ADVISORY ID: SA38357 VERIFY ADVISORY: http://secunia.com/advisories/38357/ DESCRIPTION: Ubuntu has issued an update for samba. This fixes a security issue, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges. For more information: SA38286 SOLUTION: Apply updated packages. – Ubuntu 6.06 LTS – [...]

FUSE “fusermount” Race Condition Denial of Service SECUNIA ADVISORY ID: SA38261 VERIFY ADVISORY: http://secunia.com/advisories/38261/ DESCRIPTION: A security issue has been reported in FUSE (File System in Userspace), which can be exploited by malicious, local users to cause a DoS (Denial of Service). The security issue is caused due to a race condition within the “fusermount” [...]

NovaBoard Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA38368 VERIFY ADVISORY: http://secunia.com/advisories/38368/ DESCRIPTION: Some vulnerabilities have been discovered in NovaBoard, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the “forums[]” parameter to index.php (when “page” is set to “search” and “pf” is set) is not properly sanitised [...]