Mandriva Linux Security Advisory - A stack buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security. A remote unauthenticated user who could access kadmind would be able to trigger the flaw and cause it to crash. This issue is only applicable to Kerberos 1.4 and higher. Garrett Wollman found an uninitialized pointer vulnerability in kadmind which a remote unauthenticated attacker able to access kadmind could exploit to cause kadmind to crash. This issue is only applicable to Kerberos 1.5 and higher. The MIT Kerberos Team found a problem with the originally published patch for CVE-2007-3999. A remote unauthenticated attacker able to access kadmind could trigger this flaw and cause kadmind to crash.
419c6d6e4703fc5ed341977474f79acb6d9a9c8398ff622b03be2b6d07615035Ubuntu Security Notice 511-2 - USN-511-1 fixed vulnerabilities in krb5 and librpcsecgss. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges.
27c26c3a9ce917d976ca3105c865961730631a1995d3534b318b86cc5835fe0bMicrosoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager remote buffer overflow exploit that makes use of sqldmo.dll.
1ce95bc82766e57689e496cbc4fd2182f5c05d73f3ca933f27c93da5c0cf9a1cThe Buffalo AirStation WHR-G54S web management interface suffers from a cross site request forgery vulnerability.
2c5d4202d43918d840d2e7aa01dc9415e6371116fce87e2832622a31e12acd55The Ekoparty 3rd edition Information and Insecurity Conference Call For Papers has been announced. It will take place in Buenos Aires, Argentina from November 30th through December 1st, 2007.
cc41b88c157fa9354bdef4d0803ec162d5df5c56595d5e9a283fa0d48409ce3aSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
8335fe4e53907997a4cd4a39ec87cb5d9e8ecec7e595548298bef9385c24a7a1Online Fantasy Football League (OFFL) version 0.2.6 suffers from multiple remote file inclusion vulnerabilities.
daa3003436e53b9d53239febe45f903dc9ae3387097e2ce79a8e3b26b86dadf4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed