Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-81-166-199.compute-1.amazonaws.com [54.81.166.199]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen month 09 / 2007

System: Microsoft Windows
Topic: Vulnerabilities in CA BrightStor Hierarchical Storage Manager
Links: iDEFENSE #601, CVE-2007-5082, CVE-2007-5083, CVE-2007-5084, CA, AL-2007.0112
ID: ae-200709-063

Multiple buffer overflows, integer overflows and SQL injection issues were found in BrightStor Hierarchical Storage Manager (HSM). CA has provided updates to address the vulnerabilities.

System: Microsoft Windows Server 2003
Topic: Vulnerability in F-Secure Anti-Virus for Windows Servers
Links: FSC-2007-6, ESB-2007.0736
ID: ae-200709-062

Placing a specially crafted archive or packed executable into the system32 folder may allow an attacker to bypass F-Secure's antivirus. A patch is available now.

System: Apple iPhone
Topic: Vulnerabilities in Apple iPhone
Links: Apple-SA-2007-09-27, CVE-2007-3753, CVE-2007-3754, CVE-2007-3755, CVE-2007-3756, CVE-2007-3757, CVE-2007-3758, CVE-2007-3759, CVE-2007-3760, CVE-2007-3761, CVE-2007-4671, ESB-2007.0734
ID: ae-200709-061

Several vulnerabilities were found in Apple iPhone. An update is available now.

System: Sun Solaris
Topic: Vulnerability in Solaris Kernel
Links: SUN Alert #103084, CVE-2007-5132, ESB-2007.0735
ID: ae-200709-060

A security vulnerability related to a race condition during the handling of thread contexts in the Solaris kernel may allow a local unprivileged user to panic the system and thereby cause a Denial of Service (DoS) condition. A patch addresses this issue.

System: Mandriva Linux
Topic: Vulnerabilities in t1lib and kdebase
Links: MDKSA-2007:189, CVE-2007-4033, MDKSA-2007:190, CVE-2007-4569
ID: ae-200709-059

A buffer overflow vulnerability was discovered in t1lib due to improper bounds checking. An attacker could send specially crafted input to an application linked against t1lib which could lead to a denial of service or the execution of arbitrary code.
A vulnerability was discovered in KDM where under certain circumstances and in particular configurations, KDM could be tricked into allowing users to login without a password.
Fixed packages are available now.

System: Microsoft Windows 2000 / Server 2003
Topic: Vulnerability in Microsoft ISA Server
Links: CVE-2007-4991, ESB-2007.0731
ID: ae-200709-058

A vulnerability allows remote attackers to extract IP addresses visited through the SOCKS4 Proxy on vulnerable ISA Server installations. A patch is available now.

System: Google Search Appliance
Topic: Vulnerability in Google Search Application
Links: ESB-2007.0730
ID: ae-200709-057

A cross-site scripting (XSS) vulnerability was found in the Google Search Application. A patch is not available yet.

System: Cisco Catalyst 6500 / Cisco 7600
Topic: Vulnerability in Cisco Catalyst 6500 and Cisco 7600
Links: Cisco, ESB-2007.0729
ID: ae-200709-056

A vulnerability was found regarding Cisco Catalyst 6500 and Cisco 7600 series devices. An attacker can exploit this behavior to bypass existing access control lists that do not filter 127.0.0.0/8 address range. Workarounds are described in the advisory.

System: Sun Solaris
Topic: Vulnerability in Human Interface Device Class Driver
Links: SUN Alert #102883, ESB-2007.0728
ID: ae-200709-055

A security vulnerability in the Human Interface Device (HID) class driver for Solaris 8, 9 and 10 may allow a local unprivileged user to panic the system, causing a Denial of Service (DoS). A patch addresses this issue.

System: Linux
Topic: Vulnerability in Kernel
Links: CVE-2007-4573, RHSA-2007-0936, RHSA-2007-0937, RHSA-2007-0938, ESB-2007.0732, R-360, DSA-1378, DSA-1381, ESB-2007.0733, ESB-2007.0744
ID: ae-200709-054

A flaw was found in the IA32 system call emulation of the Linux kernel provided on AMD64 and Intel 64 platforms. An untrusted local user could exploit this flaw to run code in the kernel (ie a root privilege escalation). Fixed packages are available now.

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in tomcat and gimp
Links: RHSA-2007-0871, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, ESB-2007.0726, R-359,
RHSA-2007-0513, CVE-2006-4519, CVE-2007-2949, CVE-2007-3741, ESB-2007.0727
ID: ae-200709-053

Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5.
The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Updated gimp packages that fix several security issues are now available.

System: Linux
Topic: Vulnerability in Advanced Linux Sound Architecture (ALSA)
Links: iDEFENSE #600, CVE-2007-4571
ID: ae-200709-052

Local exploitation of an information disclosure vulnerability within the ALSA driver included in the Linux Kernel allows attackers to obtain sensitive information from kernel memory. The Linux Kernel maintainers have addressed this vulnerability within version 2.6.22.8.

System: Various
Topic: Vulnerability in StarOffice
Links: Sun Alert #102994, CAN-2007-2834, ESB-2007.0724
ID: ae-200709-051

A security vulnerability with the way StarOffice/StarSuite 6, 7, and 8 process TIFF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. New releases fix this vulnerability.

System: Various
Topic: Vulnerability in IBM Tivoli Storage Manager
Links: ZDI-07-054, IBM, CVE-2007-4880, ESB-2007.0723
ID: ae-200709-050

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw exists in the dsmcad.exe process bound by default on TCP port 1581. During HTTP header parsing, a host parameter of sufficient length will trigger an overflow through a call to vswprintf(). The call overflows into imported function pointers which are later called. Exploitation of this issue can result in arbitrary code execution.
IBM has issued an update to correct this vulnerability.

System: Sun Solaris
Topic: Vulnerability in IP implementation solved
Links: Sun Alert #102866, CVE-2006-2045, ESB-2007.0244
ID: ae-200709-049

As reported before, a security vulnerability in the IP implementation may allow a Denial-of-Service attack. Patches had been withdrawn, but now new patches are available for Sun Solaris 8 and 9. Sun Solaris 10 is not vulnerable.

System: Turbolinux
Topic: Vulnerability in CUPS
Links: TLSA-2007-47, CVE-2007-3387
ID: ae-200709-048

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An integer overflow in the StreamPredictor::StreamPredictor function in gpdf allows remote attackers to execute arbitrary code via a crafted PDF file. An updated package solves this problem.

System: Sun Solaris
Topic: Vulnerability in Mozilla 1.7 solved
Links: Sun Alert #103011, CVE-2006-5463, ESB-2007.0560
ID: ae-200709-047

As reported before, a security vulnerability may allow arbitrary java script commands to be run. Now, also for Sun Solaris 10 a patch is available.

System: Microsoft Windows
Topic: Vulnerabilities in CA ARCserve Backup for Laptops and Desktops Server
Links: iDEFENSE #598, iDEFENSE #599, CVE-2007-5006, CVE-2007-5003, CA, AL-2007.0081
ID: ae-200709-046

Remote exploitation of an authentication bypass vulnerability in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code. This vulnerability specifically exists since the command handlers that service network requests do not check to see if the peer is authenticated. Using this vulnerability, an attacker is able to upload arbitrary files to the server. This results in the execution of arbitrary code with SYSTEM privileges. Additionally, several buffer overflow vulnerabilities allow the same kind of exploitation.
CA has provided updates to address the vulnerabilities.

System: Linux
Topic: Vulnerabilities in php
Links: CVE-2007-1375, CVE-2007-1399, CVE-2007-1900, CVE-2007-2727, CVE-2007-2728, CVE-2007-2748, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670, MDKSA-2007:187, RHSA-2007-0888, RHSA-2007-0889, RHSA-2007-0917, ESB-2007.0831
ID: ae-200709-045

Several vulnerabilities were found in PHP. Fixed packages are available now.

System: Various
Topic: Vulnerabilities in ImageMagick
Links: iDefense #594, iDefense #595, iDefense #596, iDefense #597, CVE-2007-4896, CVE-2007-4987, CVE-2007-4985, CVE-2007-4988, ESB-2007.0722
ID: ae-200709-044

ImageMagick is a suite of image manipulation tools that are sometimes used by other applications for processing image files. Remote exploitation of multiple integer overflow vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to crash applications using the ImageMagick library, and in some cases, execute arbitrary code.
Several integer overflow vulnerabilities have been identified in ImageMagick's handling of various file formats. By creating a specially crafted DCM, DIB, XBM, XCF, or XWD image file, an attacker can cause a heap buffer of insufficient size to be allocated. This results in a heap-based buffer overflow.
The ImageMagick maintainers have addressed these vulnerabilities with the release of version 6.3.5-9.

System: HP-UX
Topic: Vulnerability in logins
Links: HPSBUX02259, SSRT071439, R-357
ID: ae-200709-043

A potential security vulnerability has been identified in HP-UX running the logins(1M) command. This command incorrectly reports password status. As a result password issues may not be detected, allowing remote unauthorized access. An update solves this problem.

System: Debian/GNU Linux
Topic: Vulnerabilities in kdebase and fetchmail
Links: DSA-1376, CVE-2007-4569, R-358, ESB-2007.0720,
DSA-1377, CVE-2007-4565, ESB-2007.0721
ID: ae-200709-042

KDM is a X Session manager for KDE. Under certain circumstances it's possible for KDM to be tricked into allowing user logins without a password.
Fetchmail is a SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. Under certain circumstances it might attempt to dereference a NULL pointer and crash.
Fixed packages are available now.

System: HP-UX
Topic: Vulnerability in HP Ignite-UX
Links: HPSBUX02249, SSRT071442, CVE-2007-4590, ESB-2007.0719
ID: ae-200709-041

A potential security vulnerability has been identified in HP-UX running the Ignite-UX or the DynRootDisk (DRD) get_system_info command. This command can change system networking parameters without notification. An update solves this problem.

System: Microsoft Windows
Topic: Vulnerability in Microsoft Foundation Class Library (MFC)
Links: CVE-2007-4916, VU#611008, ESB-2007.0715
ID: ae-200709-040

A buffer overflow vulnerability in the Microsoft Foundation Class (MFC) Library could allow an attacker to execute arbitrary code on an affected system. A patch is not available yet.

System: Various
Topic: Vulnerabilities in VMware products
Links: ESB-2007.0716, CVE-2004-0813, CVE-2006-1174, CVE-2006-3619, CVE-2006-4146, CVE-2006-4600, CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-0494, CVE-2007-1716, CVE-2007-1856, CVE-2007-2442, CVE-2007-2443, CVE-2007-2446, CVE-2007-2447, CVE-2007-2798, CVE-2007-4059, CVE-2007-4155, CVE-2007-4496, CVE-2007-4497, ISS Advisory
ID: ae-200709-039

Several vulnerabilities were found in VMware ESX Server, VMware Server, VMware Workstation, VMware Player, and VMware ACE. Fixed software is available now.

System: Red Hat Enerprise Linux
Topic: Vulnerabilities in php
Links: RHSA-2007-0890, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670, ESB-2007.0717, R-355
ID: ae-200709-038

Several vulnerabilities were found in PHP. Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in HP Storage Management Appliance (SMA)
Links: HPSBST02260 SSRT071471, ESB-2007.0714
ID: ae-200709-037

The latest patches for Microsoft are needed to be installed when using the SMA. It's strongly recommended to install these hotfixes from Microsoft.

System: SGI Advanced Linux Environment
Topic: Vulnerabilities in cyrus-sasl, qt, and star
Links: SGI_20070901-01
ID: ae-200709-036

SGI has released the Security Update #80 for SGI Advanced Linux Environment 3. These updates fix already known security related problems in cyrus-sasl, qt and star.
So it's recommended to install this update.

System: HP-UX
Topic: Vulnerability in logins
Links: HPSBUX02259, SSRT071439, ESB-2007.0710
ID: ae-200709-035

A security vulnerability has been identified in HP-UX running the logins(1M) command. This command incorrectly reports password status. As a result password issues may not be detected, allowing remote unauthorized access. A patch is available now.

System: Red Hat Enerprise Linux
Topic: Vulnerabilities in libvorbis, xorg-x11, and nfs-utils-lib
Links: RHSA-2007-0845, CVE-2007-3106, CVE-2007-4029 CVE-2007-4065, CVE-2007-4066, ESB-2007.0712,
RHSA-2007-0898, CVE-2007-4730, ESB-2007.0713,
RHSA-2007-0913, CVE-2007-3999, ESB-2007.0711
ID: ae-200709-034

Several flaws were found in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash or execute arbitrary code when it was opened.
A flaw was found in the way X.Org's composite extension handles 32 bit color depth windows while running in 16 bit color depth mode.
A stack buffer overflow flaw was discovered in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash.
Fixed packages are available now.

System: Cisco ASA
Topic: Vulnerability in Cisco Adaptive Security Appliance
Links: VU#563673, ESB-2007.0708, R-352
ID: ae-200709-033

The Cisco Adaptive Security Appliance (ASA) firewall may log user credentials, including passwords, as plain text when AAA authentication is enabled. Workarounds are described in the advisory.

System: Various
Topic: Vulnerability in Mozilla Firefox
Links: MFSA 2007-28, AU-2007.0021
ID: ae-200709-032

On Windows systems QuickTime Media-Link files can be used to call Firefox with the -crome option and execute arbitrary scrips with the full privileges of the user. Fixed software is available now.

System: Mandriva Linux
Topic: Vulnerabilities in cacti and avahi
Links: MDKSA-2007:184, CVE-2007-3112, CVE-2007-3113, MDKSA-2007:185, CVE-2007-3372
ID: ae-200709-031

A vulnerability in Cacti allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters.
The Avahi daemon allows attackers to cause a denial of service via empty TXT data over D-Bus, which triggers an assert error.
Fixed packages are available now.

System: Various
Topic: Vulnerability in OpenOffice.org
Links: iDefense, CVE-2007-2834, ESB-2007.0704, DSA-1275, ESB-2007.0705, RHSA-2007-0848, ESB-2007.0706, R-356, MDKSA-2007:186, SUSE-SA:2007:052
ID: ae-200709-030

A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code. Fixed software is available now.

System: Various
Topic: Vulnerability in HP System Management Homepage
Links: HPSBMA02258 SSRT071470, ESB-2007.0703
ID: ae-200709-029

A security vulnerability has been identified with HP System Management Homepage (SMH) for Windows on systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM). The vulnerability may result in the incomplete installation of OpenSSL updates, including security updates. Fixed software is available now.

System: Microsoft Windows
Topic: Vulnerability in Apple QuickTime
Links: VU#751808, R-349
ID: ae-200709-028

Apple QuickTime is a media player that is available for Microsoft Windows and Apple OS X. Apple QuickTime includes browser plugins for Internet Explorer, Safari, and Netscape-compatible browsers. QuickTime includes the ability for developers to control how QuickTime movies are launched. To specify these parameters, developers can create QuickTime link (.qtl) files. QuickTime link files can be embedded in web pages and launched automatically when a user visits a website. Apple QuickTime incorrectly determines the command line used to launch the default web browser on Microsoft Windows systems. Rather than using the ShellExecute method, QuickTime determines the default handler for .HTM files and then crafts its own command line for the registered application. Any protective flags in the registered file handler are stripped out by QuickTime. Current proof-of-concept code targets systems where Mozilla Firefox is the default handler for .HTM files. Other applications are also affected by this vulnerability, although the impact may vary based on what command line parameters the application accepts. So an attacker might be able to execute arbitrary commands on a vulnerable system. Please regard the workarounds described in the advisories, since an update is not available yet.

System: Mandriva Linux
Topic: Vulnerabilities in id3lib and quagga
Links: MDKSA-2007:180, CVE-2007-4460, MDKSA-2007:182, CVE-2007-4826
ID: ae-200709-027

A programming error was found in id3lib that could lead to a denial of service through symlink attacks.
The bgpd daemon in Quagga allowes remote BGP peers to cause a denial of service crash via a malformed OPEN message or COMMUNITY attribute.
Fixed packages are available now.

System: NetBSD
Topic: Vulnerabilities in ipv6, display driver, and BIND
Links: NetBSD-SA2007-005, CVE-2007-2242, ESB-2007.0700, NetBSD-SA2007-006, CVE-2007-3654, ESB-2007.0701, NetBSD-SA2007-007, CVE-2007-2926, CVE-2007-2930, ESB-2007.0702
ID: ae-200709-026

Several vulnerabilities have been discovered in the IPv6 and display driver implementation of NetBSD und in the nameserver BIND. Patches are available now.

System: Various
Topic: Vulnerability in Qt
Links: Trolltech, CVE-2007-4137, RHSA-2007-0883, ESB-2007.0699, MDKSA-2007:183, R-350
ID: ae-200709-025

A buffer overflow was found in how Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or potentially allow for the execution of arbitrary code. Fixed software is available now.

System: Red Hat Enterprise Linux 5
Topic: Vulnerabilities in kernel
Links: RHSA-2007-0704, CVE-2007-1217, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878, CVE-2007-3739, CVE-2007-3740, CVE-2007-3843, CVE-2007-3851, ESB-2007.0698, R-348
ID: ae-200709-024

Several vulnerabilities were found in the linux kernel. Fixed kernel packages are available now.

System: Microsoft Windows
Topic: Vulnerability in MSN Messenger and Windows Live Messenger
Links: MS07-054, CVE-2007-2931, ESB-2007.0688, R-343
ID: ae-200709-023

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Windows Services for UNIX
Links: MS07-053, CVE-2007-3036, VU#768440, ESB-2007.0689, R-344,
ID: ae-200709-022

No further comment due to legal reasons

System: Microsoft Windows
Topic: Vulnerability in Microsoft Visual Studio
Links: MS07-052, CVE-2006-6133, ESB-2007.0690, R-341
ID: ae-200709-021

No further comment due to legal reasons

System: Microsoft Windows 2000
Topic: Vulnerability in Microsoft Agent
Links: MS07-051, CVE-2007-3040, VU#716872, AL-2007.0109, R-340
ID: ae-200709-020

No further comment due to legal reasons

System: Debian/GNU Linux
Topic: Vulnerabilities in phpwiki, ktorrent, and jffnms
Links: DSA-1371, CVE-2007-2024, CVE-2007-2025, CVE-2007-3193, ESB-2007.0692, R-353,
DSA-1373, CVE-2007-1799, ESB-2007.0693,
DSA-1374, CVE-2007-3189, CVE-2007-3190, CVE-2007-3192, ESB-2007.0694
ID: ae-200709-019

Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP.
It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files.
Several vulnerabilities have been discovered in jffnms, a web-based Network Management System for IP networks.
Fixed packages are available now.

System: Turbolinux
Topic: Vulnerabilities in tcpdump
Links: TLSA-2007-46, CVE-2007-1218, CVE-2007-3798
ID: ae-200709-018

Tcpdump is a tool designed to capture and print out the headers of packets on a network interface. Remote attackers can cause a Denial-of-Service (crash) via a specially crafted frame. They might also be able to execute arbitrary code via specially crafted TLVs in a BGP packet. An updated package solves these problems.

System: Various
Topic: Vulnerabilities in MySQL
Links: CVE-2007-2691, CVE-2007-2692, CVE-2007-3780, CVE-2007-3781, CVE-2007-3782, RHSA-2007-0894, ESB-2007.0687, MDKSA-2007:175
ID: ae-200709-017

Some vulnerabilities have been found in MySQL, a relational database. A flaw in MySQL's authentication protocol allows a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash. A remote authenticated user can obtain sensitive information like e.g. the table structure due to no privileges necessary for a CREATE TABLE LIKE statement. Also, a remote authenticated users might gain update privileges for a table in another database via a view that refers to the external table. They might also gain database privileges due to a flaw in the function mysql_change_db when returning from SQL SECURITY INVOKER stored routines. Additionally, MySQL doesn't require the DROP privilege for RENAME TABLE statements, so a remote authenticated user could use this flaw to rename arbitrary tables.
It's strongly recommended to install an update which is available now.

System: Debian/GNU Linux
Topic: Vulnerabilities in phpMyAdmin and xorg-server
Links: DSA-1370, CVE-2006-6942, CVE-2006-6944, CVE-2007-1325, CVE-2007-1395, CVE-2007-2245, ESB-2007.0684,
DSA-1372, CVE-2007-4730, ESB-2007.0685, R-347
ID: ae-200709-016

Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web.
A buffer overflow was discovered in the Composite extension of the X.org X server, which can lead to local privilege escalation.
Fixed packages are available now.

System: Various
Topic: New problem in MIT Kerberos 5
Links: CVE-2007-4743, RHSA-2007-0892, MDKSA-2007:174-1
ID: ae-200709-015

The MIT Kerberos Team discovered a problem with the originally published patch for svc_auth_gss.c. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. So please install the updated patch.

System: SUSE Linux
Topic: Vulnerabilities in kernel
Links: SUSE-SA:2007:051, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2876, CVE-2007-3105, CVE-2007-3107, CVE-2007-3513, CVE-2007-3848, CVE-2007-3851
ID: ae-200709-014

Several vulnerabilities were found in the linux kernel. Fixed kernel packages are available now.

System: Mandriva Linux
Topic: Vulnerabilities in eggdrop, konqueror, and mysql
Links: MDKSA-2007:175, CVE-2007-2807, MDKSA-2007:175, CVE-2007-3820, CVE-2007-4224, CVE-2007-4225, MDKSA-2007:175, CVE-2007-3780, CVE-2007-3782
ID: ae-200709-013

A stack-based buffer overflow in Eggdrop allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message.
The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL.
A flaw was discovered in MySQL's authentication protocol. It is possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash.
Fixed packages are available now.

System: Debian/GNU Linux
Topic: Vulnerability in gforge
Links: DSA-1369, CVE-2007-3913, ESB-2007.0682
ID: ae-200709-012

It was discovered that Gforge, a collaborative development tool performs insufficient input sanitising, which allows SQL injection. Fixed packages are available now.

System: Microsoft Windows
Topic: Vulnerability in Symantec AntiVirus Products
Links: SYM07-024, CVE-2007-1476, ESB-2007.0679
ID: ae-200709-011

Some versions of Symantecs device driver SYMTDI.SYS contain a vulnerability which, if successfully exploited, could allow a local attacker to cause the system to crash. Fixed software is available now.

System: IBM AIX
Topic: Vulnerabilities in fcstat, ibstat, inventory scout, mkpath, xlplm, svprint, swcons, uucp, and perfstat kernel extension
Links: ESB-2007.0678
ID: ae-200709-010

Several vulnerabilities were found in cstat, ibstat, inventory scout, mkpath, xlplm, svprint, swcons, uucp, and perfstat kernel extension. Patches are available now.

System: Cisco
Topic: Vulnerabilities in Cisco Video Surveillance
Links: Cisco, ESB-2007.0677, R-342
ID: ae-200709-009

Cisco Video Surveillance IP Gateway video encoder and decoder, Services Platform (SP), and Integrated Services Platform (ISP) devices contain authentication vulnerabilities that allow remote users with network connectivity to gain the complete administrative control of vulnerable devices. Cisco has made free software available to address these vulnerabilities for affected customers.

System: Cisco Content Switching Module
Topic: Vulnerabilities in Cisco Content Switching Module
Links: Cisco, ESB-2007.0676, R-351
ID: ae-200709-008

The Cisco Content Switching Modules (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain two vulnerabilities that can lead to a denial of service (DoS) condition. The first vulnerability exists when processing TCP packets, and the second vulnerability affects devices with service termination enabled. Cisco has made free software available to address these vulnerabilities for affected customers.

System: Mandriva Linux
Topic: Vulnerability in tar
Links: MDKSA-2007:173, CVE-2007-4131
ID: ae-200709-007

A path traversal flaw was discovered in the way GNU tar extracts archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Fixed packages are available now.

System: Red Hat Enterprise Linux 4
Topic: Vulnerabilities in kernel
Links: RHSA-2007-0774, CVE-2006-0558, CVE-2007-1217, ESB-2007.0672
ID: ae-200709-006

Several vulnerabilities were found in the linux kernel. Fixed kernel packages are available now.

System: Red Hat Enerprise Linux
Topic: Vulnerabilities in aide, cyrus-sasl, and star
Links: RHSA-2007-0539, CVE-2007-3849, ESB-2007.0674,
RHSA-2007-0795, RHSA-2007-0878, CVE-2006-1721, ESB-2007.0671,
RHSA-2007-0873, CVE-2007-4134, ESB-2007.0673
ID: ae-200709-005

A flaw was discovered in the way file checksums were stored in the AIDE database. This could prevent AIDE from detecting certain file modifications.
A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism.
A path traversal flaw was discovered in the way star extracted archives. A malicious user could create a tar archive that would cause star to write to arbitrary files to which the user running star had write access.
Fixed packages are available now.

System: Various
Topic: Vulnerabilities in MIT Kerberos 5
Links: MITKRB5-SA-2007-006, CVE-2007-3999, CVE-2007-4000, VU#377544, VU#883632, AL-2007.0107 RHSA-2007-0858, ESB-2007.0670, AU-2007.0020, DSA-1367, ESB-2007.0669, ESB-2007.0675, ESB-2007.0681, R-346, MDKSA-2007:174, Sun Alert ID: 103060, ESB-2007.0683, MDKSA-2007:181
ID: ae-200709-004

Two vulnerability were discovered in the MIT krb5 Kerberos administration daemon (kadmind). A stack buffer overflow in the RPCSEC_GSS authentication may allow a remote attacker to execute arbitrary code. An authenticates user may write data through an uninitialized pointer. Fixed software is available now.

System: Sun Solaris
Topic: Vulnerability in Special File System
Links: SUN Alert #103009, ESB-2007.0667
ID: ae-200709-003

A security vulnerability in the Special File System (SPECFS) strfreectty() function may allow an unprivileged local user to panic the system, creating a Denial of Service (DoS). A patch addresses this issue.

System: Debian/GNU Linux
Topic: Vulnerabilities in Kernel, vim, and id3lib
Links: DSA-1363, CVE-2007-2127, CVE-2007-2875, CVE-2007-3105, CVE-2007-3843, ESB-2007.0663,
DSA-1364, CVE-2007-2438, CVE-2007-2953, ESB-2007.0664,
DSA-1365, CVE-2007-4460, ESB-2007.0665
ID: ae-200709-002

Several local and remote vulnerabilities have been discovered in the Linux kernel 2.6 that may lead to a Denial-of-Service or the execution of arbitrary code. The vim editor shows two vulnerabilities allowing attackers to execute arbitrary commands, too. A vulnerability in id3lib may lead to Denial-of-Service due to symlink attacks.
Fixed packages are available now.

System: Linux
Topic: Vulnerabilities in ClamAV
Links: CVE-2007-4510, CVE-2007-4560, DSA-1366, ESB-2007.0666, R-345, MDKSA-2007:172
ID: ae-200709-001

A vulnerability in ClamAV might allow remote attackers to cause a Denial-of-Service via a specially crafted RTF file or HTML document with a data: URI, both of which trigger a NULL dereference. A second vulnerability in clamav-milter, when run in black hole mode, might allow remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call. An updated package addresses these issues.



(c) 2000-2014 AERAsec Network Services and Security GmbH