| MDVSA-2010-142 | Mandriva Linux Security Advisory 2010-142 - The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | 29/07/10 |
| secunia-autonomykvrp | Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomykvindex | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-wkssriu | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomywosr | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomyrtfsigned | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the \\ls keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomywkssr | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomycfp | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| dsa-2076-1 | Debian Linux Security Advisory 2076-1 - It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. | 28/07/10 |
| dsa-2075-1 | Debian Linux Security Advisory 2075-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | 28/07/10 |
| MDVSA-2010-141 | Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues. | 28/07/10 |
| MDVSA-2010-140 | Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version. | 28/07/10 |
| MDVSA-2010-139 | Mandriva Linux Security Advisory 2010-139 - This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible interruption array leak in strrchr(). Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). Fixed a possible memory corruption in substr_replace(). Fixed SplObjectStorage unserialization problems. Fixed a possible stack exhaustion inside fnmatch(). Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed handling of session variable serialization on certain prefix characters. Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version. | 28/07/10 |
| USN-964-1 | Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to. | 27/07/10 |
| USN-930-6 | Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. | 27/07/10 |
| USN-957-2 | Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. | 27/07/10 |
| LWSA-2010-011 | Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired. | 27/07/10 |
| nessus-xssdisclose | The Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities. | 27/07/10 |
| macosxwebdav-dos | The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation. | 27/07/10 |
| foofus-20100726 | The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected. | 27/07/10 |
| USN-958-1 | Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output. | 27/07/10 |
| MDVSA-2010-138 | Mandriva Linux Security Advisory 2010-138 - Ovidiu Mara reported a vulnerability in ping.c (iputils) that could cause ping to hang when responding to a malicious echo reply. The updated packages have been patched to correct these issues. | 24/07/10 |
| USN-930-5 | Ubuntu Security Notice 930-5 - USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. It was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | 24/07/10 |
| USN-930-4 | Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | 24/07/10 |
| USN-927-8 | Ubuntu Security Notice 927-8 - USN-927-1 fixed vulnerabilities in NSS. This update provides the Thunderbird update to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 24/07/10 |
| DSECRG-09-068 | SAP NetWeaver SLD versions 6.4 through 7.02 suffer from multiple cross site scripting vulnerabilities. | 24/07/10 |
| USN-957-1 | Ubuntu Security Notice 957-1 - Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Various integer overflows and other issues have also been addressed. | 24/07/10 |
| USN-927-7 | Ubuntu Security Notice 927-7 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 24/07/10 |
| USN-927-6 | Ubuntu Security Notice 927-6 - USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 24/07/10 |
| ZDI-10-137 | Zero Day Initiative Advisory 10-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ov.dll module which is loaded by the webappmon.exe CGI program. This DLL defines a function execvp_nc which unsafely concatenates a controllable command string into a statically allocated stack buffer. By supplying overly large values to variables passed through an HTTP request a strcat_new can be made to overflow this buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver. | 22/07/10 |
