iDefense Security Advisory 01.17.08 - Local exploitation of an invalid array index vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. The vulnerability exists within the XFree86-Misc extension. When processing a request, a 32-bit value from the client's request is used as an index into an array of structures. This structure contains an array of function pointers, one of which is used later in the request handling. By supplying a large array index, an arbitrary function pointer can be dereferenced. This results in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in X.org X11 version R7.3. Previous versions may also be affected.
b1bca06565d2f165aedea3eb15eab5d2d20441857d50764b8dc053baf339d3f8iDefense Security Advisory 01.17.08 - Local exploitation of multiple integer overflow vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. One vulnerability exists within the EVI extension. When processing a request, the server uses a 32-bit value provided by the client in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This operation can overflow, which later leads to a potentially exploitable heap overflow. Another vulnerability exists within the MIT-SHM extension. When allocating a pixmap, the server uses values from the request to verify that the requested size is not greater than the amount of allocated shared memory. The calculation can overflow, which leads to the overwriting of arbitrary addresses in memory that aren't part of the shared memory segment. iDefense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
4771cffce18053e80e066e7475e194c4330b692f7bbb96e44000ac38b0c62d4fiDefense Security Advisory 01.17.08 - Local exploitation of an information disclosure vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to gain access to sensitive information stored in server memory. The vulnerable code exists within the TOG-CUP extension. A 32-bit client supplied value is taken directly from the request, and then used as an index into an array. The value located at this index is then stored into a buffer which is later sent to the client. This allows a client to read memory from arbitrary locations in server memory. iDefense has confirmed the existence of this vulnerability in X.Org X11 version R7.3. Previous versions may also be affected.
a830ea77fa2be6da734569efacfc8af0c88a9b2b7118beb38c4ab08de59b7be4iDefense Security Advisory 01.17.08 - Local exploitation of multiple memory corruption vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the X server, typically root. Vulnerable code exists within multiple functions in the XInput extension. By sending specially crafted X11 requests, an attacker is able to corrupt heap memory located after their request data. This results in a potentially exploitable condition. Defense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
4357bff2a486d2934d0def5af55ed1b0333abfe4897f136cdcb70115231ac4b8IMF 2008 Call For Papers - The International Conference on IT-Incident Management and IT-Forensics invites submissions for IMF 2008 being held from September 23rd through the 25th, 2008 in Mannheim, Germany.
dfb056bd25fa137b3badc9f6585468bd11f7fed5fbe74c404249e58fb2aba839Ubuntu Security Notice 571-1 - Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges.
ed802d7374761fc7f216b15cd6a5443aef8801fd64dc5cd436bba1141cfd5934A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Independent Management Architecture service, ImaSrv.exe, which listens by default on TCP port 2512 or 2513. The process trusts a user-suppled value as a parameter to a memory allocation. By supplying a specific value, an undersized heap buffer may be allocated. Subsequently, an attacker can then overflow that heap buffer by sending an overly large packet leading to arbitrary code execution in the context of the SYSTEM user.
f74d157f42833663912a8b445195d23fdb27067cc6aaf7f59aeada0bda2796a8Core Security Technologies Advisory - Locally exploitable kernel buffer overflow vulnerabilities and improperly validated input arguments have been found in CORE FORCE Firewall and Registry modules. The vulnerabilities allow unprivileged logged on users to crash the system (denial of service), and they also may lead to a privilege escalation or even a local root exploit. Versions 0.95.167 and below are affected.
61e66458e791a90999e82a29780ff632327878b098c2a13fcacb54767166c9f2The OKI C5510MFP printer offers a web interface for the configuration. Certain pages require higher privileges for making changes. However, the password required for accessing these pages is sent to the client in clear text by the printer. Furthermore, the password can be set without prior authentication. Consequently, the whole configuration can be changed without knowing the password.
ec83e6ee74b533afa03baa355748aa4a189a5703c548671c87488bb61956c436Microsoft Windows Message Queueing Server RPC buffer overflow exploit that relates to MS07-065.
ae024ee0b98228f5ca3aa6c85b6654e303aaa2be37dce6d521de55a1d196b859Digital Data Communications RtspVaPgCtrl Class remote buffer overflow exploit that makes use of RtspVapgDecoder.dll version 1.1.0.29.
af015133b5fb852204dcbe8a9e537fb0c262cb3e6f6a5107a22e3410079835b1Debian Security Advisory 1466-1 - Several local vulnerabilities have been discovered in the X.Org X server.
e6e2a481ccdd75f77778bd93cac243335052c16bf8480c3180dbf7cf634d7cfaDebian Security Advisory 1465-2 - Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to. This security update fixes a regression in the previous one, which caused the package to fail to work.
1f539f05b7b83a4ea630b9337ef4aeff1d755f4eea49e03a7839c5196ee7bc51Debian Security Advisory 1465-1 - Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to.
7b1d9ccc36f604c9dcd6edd3d81ef938f40c3ece916837e63d8aa18f4bac6476SUSE Security Announcement - The X windows system is vulnerable to several kinds of vulnerabilities that are caused due to insufficient input validation.
db2211cc4f2a6baa5e2ef0ab490f4d619771e3e98a80aaa7ce517e872678b0f7Clever Copy version 3.0 suffers from cross site scripting and SQL injection vulnerabilities.
b6a39b7105530c6b2525372ce4dadac16e639254fbac38119676a038e9f75a91AuraCMS version 1.62 remote code execution exploit that makes use of stat.php.
fa03aa2a62d66d11a42ec416aec031df445550d663229d10533e40c5ec38decfCrystal Reports XI Release 2 suffers from an ActiveX buffer overflow denial of service condition.
5f8a09f7890ae2c8d60a386415d3d5330d7b5b27d3e498f538cf009520f88526The Joomla Flash component is susceptible to a remote file inclusion vulnerability.
6b66e12fd6a61aa74c876701638c38280a7730a1064f93401f8ff49e1dd03da6Secunia Security Advisory - mu-b has reported a vulnerability in Cisco VPN Client, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
98316777f3f0cf262aa3cbb3ac9f96541e123e4682a0b2e1f4aa58fa4c57bdccSecunia Security Advisory - Fedora has issued an update for python-paramiko. This fixes a weakness, which can be exploited by malicious people to disclose potentially sensitive information.
24efe93972f3bc856b69cd4608e4a8eba11bfbf169f4e8b77b3a5d51dba68fd4Secunia Security Advisory - Silentz has reported a vulnerability in Pixelpost, which can be exploited by malicious people to conduct SQL injection attacks.
3c5341f837c7aaed281edb3d4605ee049cefe2968cbebfd4fceee7ef5a7cb090Secunia Security Advisory - Scary-Boys and S.W.A.T. have discovered a vulnerability in Mini File Host, which can be exploited by malicious people to disclose sensitive information.
fc1381ce0f08d0fa47028dcb051358953a8ed95d15c2394ee24239c08acbd981Secunia Security Advisory - A vulnerability has been reported in Citrix Presentation Server, which can be exploited by malicious people to compromise a vulnerable system.
6189fc8cf1ca4fa033140786ae511fa69905ffe7b417b007071df679341e7147Secunia Security Advisory - Some vulnerabilities have been reported in MyBB, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to compromise a vulnerable system.
e62aca97614d16fd5bca55c79455092eb88ea5c2ad3c163d44a65c46a0cdbaaf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed