ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
[5707]
[http://www.openbsd.org/errata23.html#tcpfix]
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
[xfree86-mitshm-memory-access(8706)]
[4396]
[RHSA-2003:067]
[CSSA-2002-009.0]
[DSA-380]
[228529]
[CSSA-2002-SCO.14]
[20021001-01-P]
[20021024 GLSA: xfree]
[CLSA-2002:529]
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
[RHSA-2003:067]
[http://groups.google.com/groups?selm=20010829121505.A16004%40compusol.com.au]
[228529]
Cach�Ã�© Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
Cach�Ã�© Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
[VU#380864]
[CA-2003-26]
[RHSA-2003:292]
[RHSA-2003:291]
[http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm]
[ESA-20030930-027]
[DSA-394]
[DSA-393]
[201029]
[http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893]
[openssl-asn1-sslclient-dos(43041)]
[8732]
[ADV-2006-3900]
[http://www-1.ibm.com/support/docview.wss?uid=swg21247112]
[22249]
[oval:org.mitre.oval:def:4574]
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
[VU#255484]
[CA-2003-26]
[RHSA-2003:291]
[http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm]
[RHSA-2003:292]
[ESA-20030930-027]
[DSA-394]
[DSA-393]
[201029]
[oval:org.mitre.oval:def:5292]
[http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893]
[8732]
[ADV-2006-3900]
[http://www-1.ibm.com/support/docview.wss?uid=swg21247112]
[22249]
[oval:org.mitre.oval:def:4254]
Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files.
[trend-vcs-weak-encryption(11063)]
[6618]
[7881]
[20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0]
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
[http://www.securiteam.com/securitynews/5CP010KE0W.html]
[oracle-mdsysmd2sdocodesize-bo(20078)]
[13145]
[http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf]
[http://www.frsirt.com/exploits/20050413.OracleExploit.sql.php]
[http://www.appsecinc.com/resources/alerts/oracle/2004-0001/]
[20040902 [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server]
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
[RHSA-2004:494]
[RHSA-2004:480]
[DSA-547]
[imagemagick-bmp-Bo(17173)]
[201006]
[ADV-2008-0412]
[231321]
[28800]
The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692.
[qt-gif-dos(17042)]
[GLSA-200408-20]
[RHSA-2004:414]
[SUSE-SA:2004:027]
[DSA-542]
[201610]
[MDKSA-2004:085]
The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
[qt-xpm-dos(17041)]
[GLSA-200408-20]
[RHSA-2004:414]
[SUSE-SA:2004:027]
[DSA-542]
[201610]
[FLSA:2314]
[MDKSA-2004:085]
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
[qt-bmp-bo(17040)]
[RHSA-2004:414]
[GLSA-200408-20]
[SUSE-SA:2004:027]
[DSA-542]
[201610]
[20040818 CESA-2004-004: qt]
[MDKSA-2004:085]
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.
[11281]
[DSA-600]
[20040930 Samba Security Announcement -- Potential Arbitrary File Access]
[CLA-2004:873]
[FLSA:2102]
[samba-file-access(17556)]
[2004-0051]
[SUSE-SA:2004:035]
[MDKSA-2004:104]
[20040930 Samba Arbitrary File Access Vulnerability]
[http://us4.samba.org/samba/news/#security_2.2.12]
[200529]
[20041005 ERRATA: Potential Arbitrary File Access (CAN-2004-0815)]
[RHSA-2004:498]
[57664]
[101584]
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
[imlib-bmp-bo(17182)]
[11084]
[RHSA-2004:465]
[GLSA-200409-12]
[DSA-548]
[CLA-2004:870]
[201611]
[MDKSA-2004:089]
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
[imlib2-bmp-bo(17183)]
[11084]
[GLSA-200409-12]
[CLA-2004:870]
[http://www.vuxml.org/freebsd/ba005226-fb5b-11d8-9837-000c41e2cdad.html]
[201611]
[http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup]
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
[HPSBUX02101]
[http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf]
[USN-160-2]
[15647]
[14106]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[http://www.securiteam.com/securityreviews/5GP0220G0U.html]
[RHSA-2005:582]
[ADV-2006-1018]
[ADV-2006-0789]
[ADV-2005-2659]
[ADV-2005-2140]
[DSA-805]
[DSA-803]
[http://www.apache.org/dist/httpd/CHANGES_2.0]
[http://www.apache.org/dist/httpd/CHANGES_1.3]
[PK16139]
[PK13959]
[http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm]
[102198]
[102197]
[SSA:2005-310-04]
[1014323]
[19317]
[19185]
[19073]
[19072]
[17813]
[17487]
[17319]
[14530]
[20050606 A new whitepaper by Watchfire - HTTP Request Smuggling]
[[apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released]
[TSLSA-2005-0059]
[APPLE-SA-2005-11-29]
[https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html]
[SUSE-SA:2005:046]
[SUSE-SR:2005:018]
[MDKSA-2005:130]
[ADV-2006-4680]
[604]
[23074]
[MDKSA-2005:130]
[oval:org.mitre.oval:def:840]
[oval:org.mitre.oval:def:1629]
[oval:org.mitre.oval:def:1526]
[oval:org.mitre.oval:def:1237]
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
[VU#623332]
[GLSA-200507-11]
[DSA-757]
[kerberos-kdc-krb5recvauth-execute-code(21055)]
[USN-224-1]
[TLSA-2005-78]
[2005-0036]
[14239]
[HPSBUX02152]
[HPSBUX02152]
[HPSBUX02152]
[HPSBUX02152]
[HPSBUX02152]
[HPSBUX02152]
[RHSA-2005:567]
[RHSA-2005:562]
[SUSE-SR:2005:017]
[ADV-2006-3776]
[ADV-2005-1066]
[http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt]
[101810]
[1014461]
[22090]
[17899]
[17135]
[16041]
[20050712 MITKRB5-SA-2005-003: double-free in krb5_recvauth]
[APPLE-SA-2005-08-15]
[APPLE-SA-2005-08-17]
[CLA-2005:993]
[20050703-01-U]
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
[MDKSA-2005:129]
[RHSA-2005:582]
[https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013]
[SSRT051251]
[HPSBUX02074]
[14366]
[SSRT051251]
[SUSE-SA:2005:046]
[SUSE-SR:2005:018]
[ADV-2006-0789]
[DSA-805]
[http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm]
[102198]
[604]
[19185]
[19072]
[TSLSA-2005-0059]
[oval:org.mitre.oval:def:1747]
[oval:org.mitre.oval:def:1714]
[oval:org.mitre.oval:def:1346]
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
[1014744]
[14620]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[SSRT051251]
[15647]
[SSRT051251]
[FLSA:168516]
[RHSA-2006:0197]
[RHSA-2005:761]
[RHSA-2005:358]
[http://www.php.net/release_4_4_1.php]
[SUSE-SA:2005:052]
[SUSE-SA:2005:049]
[SUSE-SA:2005:048]
[GLSA-200509-19]
[GLSA-200509-12]
[GLSA-200509-02]
[GLSA-200509-08]
[ADV-2006-4502]
[ADV-2006-4320]
[ADV-2006-0789]
[ADV-2005-2659]
[ADV-2005-1511]
[http://www.ethereal.com/appnotes/enpa-sa-00021.html]
[DSA-821]
[DSA-819]
[DSA-817]
[DSA-800]
[http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm]
[http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf]
[http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf]
[102198]
[604]
[22875]
[22691]
[21522]
[19532]
[19193]
[19072]
[17813]
[17252]
[16679]
[16502]
[OpenPKG-SA-2005.018]
[SUSE-SA:2005:051]
[TSLSA-2005-0059]
[HPSBMA02159]
[APPLE-SA-2005-11-29]
[20060401-01-U]
[SCOSA-2006.10]
[oval:org.mitre.oval:def:735]
[oval:org.mitre.oval:def:1659]
[oval:org.mitre.oval:def:1496]
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
[VU#948385]
[TA06-333A]
[http://www.dyadsecurity.com/perl-0002.html]
[20051201 Perl format string integer wrap vulnerability]
[FLSA-2006:176731]
[USN-222-1]
[TSLSA-2005-0070]
[15629]
[SSRT061105]
[SSRT061105]
[SSRT061105]
[SSRT061105]
[SSRT061105]
[SSRT061105]
[SSRT061105]
[SSRT061105]
[SSRT061105]
[20051201 Perl format string integer wrap vulnerability]
[RHSA-2005:881]
[RHSA-2005:880]
[22255]
[21345]
[OpenPKG-SA-2005.025]
[[3.7] 20060105 007: SECURITY FIX: January 5, 2006]
[SUSE-SA:2005:071]
[GLSA-200512-01]
[ADV-2006-0771]
[ADV-2005-2688]
[DSA-943]
[http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm]
[102192]
[19041]
[18517]
[18413]
[18295]
[18187]
[18183]
[18075]
[17993]
[17952]
[17941]
[17844]
[17802]
[17762]
[20051201 Perl format string integer wrap vulnerability]
[MDKSA-2005:225]
[CLSA-2006:1056]
[20060101-01-U]
[ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch]
[ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch]
[SSRT061105]
[SUSE-SR:2005:029]
[MDKSA-2005:225]
[http://www.ipcop.org/index.php?name=News&file=article&sid=41]
[ADV-2006-4750]
[ADV-2006-2613]
[31208]
[23155]
[20894]
[APPLE-SA-2006-11-28]
[http://docs.info.apple.com/article.html?artnum=304829]
[oval:org.mitre.oval:def:1074]
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
[https://bugzilla.mozilla.org/show_bug.cgi?id=316885]
[HPSBUX02156]
[RHSA-2006:0200]
[RHSA-2006:0199]
[228526]
[mozilla-javascript-memory-corruption(24430)]
[USN-276-1]
[USN-275-1]
[USN-271-1]
[16476]
[HPSBUX02156]
[HPSBUX02122]
[FLSA-2006:180036-2]
[FLSA:180036-1]
[RHSA-2006:0330]
[FEDORA-2006-076]
[FEDORA-2006-075]
[SUSE-SA:2006:022]
[http://www.mozilla.org/security/announce/2006/mfsa2006-01.html]
[MDKSA-2006:078]
[MDKSA-2006:037]
[MDKSA-2006:036]
[GLSA-200605-09]
[GLSA-200604-18]
[GLSA-200604-12]
[ADV-2006-3749]
[ADV-2006-3391]
[ADV-2006-0413]
[DSA-1051]
[DSA-1046]
[DSA-1044]
[http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm]
[102550]
[1015570]
[22065]
[21622]
[21033]
[20051]
[19950]
[19941]
[19902]
[19863]
[19862]
[19852]
[19823]
[19821]
[19780]
[19759]
[19746]
[19230]
[18709]
[18708]
[18706]
[18705]
[18704]
[18703]
[18700]
[MDKSA-2006:078]
[MDKSA-2006:037]
[MDKSA-2006:036]
[20060201-01-U]
[SCOSA-2006.26]
[oval:org.mitre.oval:def:670]
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.
[php-imap-restriction-bypass(24964)]
[20060228 (PHP) imap functions bypass safemode and open_basedir restrictions]
[http://www.php.net/release_5_1_5.php]
[http://www.php.net/ChangeLog-5.php#5.1.5]
[23535]
[MDKSA-2006:122]
[ADV-2006-0772]
[516]
[21546]
[21050]
[18694]
[MDKSA-2006:122]
[http://bugs.php.net/bug.php?id=37265]
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.
[http://www.php.net/release_5_1_5.php]
[21842]
[21768]
[21546]
[MDKSA-2006:162]
[USN-342-1]
[19582]
[SUSE-SA:2006:052]
[MDKSA-2006:162]
[ADV-2006-3318]
[22039]
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
[VU#845620]
[TA06-333A]
[DSA-1173]
[USN-339-1]
[19849]
[http://www.openssl.org/news/secadv_20060905.txt]
[ADV-2006-3453]
[DSA-1174]
[21709]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[SSRT061239]
[https://issues.rpath.com/browse/RPL-616]
[openssl-rsa-security-bypass(28755)]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02165]
[HPSBUX02165]
[HPSBUX02165]
[HPSBUX02165]
[HPSBUX02165]
[HPSBUX02165]
[HPSBUX02165]
[HPSBUX02165]
[HPSBUX02165]
[20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery]
[20060905 rPSA-2006-0163-1 openssl openssl-scripts]
[RHSA-2008:0629]
[RHSA-2006:0661]
[28549]
[http://www.opera.com/support/search/supsearch.dml?index=845]
[[3.9] 20060908 011: SECURITY FIX: September 8, 2006]
[SUSE-SA:2006:055]
[http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/]
[MDKSA-2006:161]
[[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error]
[ADV-2006-3793]
[ADV-2006-3730]
[ADV-2006-3566]
[http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm]
[SSA:2006-257-02]
[1016791]
[GLSA-200609-18]
[GLSA-200609-05]
[FreeBSD-SA-06:19]
[31492]
[22259]
[22161]
[22036]
[21982]
[21930]
[21927]
[21906]
[21873]
[21870]
[21852]
[21846]
[21823]
[21812]
[21791]
[21785]
[21778]
[21776]
[21767]
[HPSBMA02250]
[SSRT061273]
[MDKSA-2006:178]
[MDKSA-2006:177]
[20060901-01-P]
[SSRT061239]
[https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html]
[https://issues.rpath.com/browse/RPL-1633]
[http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117]
[HPSBUX02153]
[http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html]
[http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html]
[http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html]
[http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html]
[http://www.vmware.com/support/server/doc/releasenotes_server.html]
[http://www.vmware.com/support/player2/doc/releasenotes_player2.html]
[http://www.vmware.com/support/player/doc/releasenotes_player.html]
[http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html]
[http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html]
[http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html]
[http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html]
[http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html]
[http://www.vmware.com/security/advisories/VMSA-2008-0005.html]
[http://www.sybase.com/detail?id=1047991]
[http://www.serv-u.com/releasenotes/]
[28276]
[22083]
[20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues]
[20070110 VMware ESX server security updates]
[HPSBUX02165]
[RHSA-2007:0073]
[RHSA-2007:0072]
[RHSA-2007:0062]
[http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html]
[OpenPKG-SA-2006.029]
[OpenPKG-SA-2006.018]
[SUSE-SA:2007:010]
[SUSE-SA:2006:061]
[SUSE-SR:2006:026]
[MDKSA-2006:207]
[MDKSA-2006:178]
[MDKSA-2006:177]
[GLSA-200610-06]
[ADV-2008-0905]
[ADV-2007-4224]
[ADV-2007-2783]
[ADV-2007-2315]
[ADV-2007-2163]
[ADV-2007-1945]
[ADV-2007-1815]
[ADV-2007-1401]
[ADV-2007-0343]
[ADV-2007-0254]
[ADV-2006-5146]
[ADV-2006-4750]
[ADV-2006-4744]
[ADV-2006-4586]
[ADV-2006-4417]
[ADV-2006-4366]
[ADV-2006-4329]
[ADV-2006-4327]
[ADV-2006-4216]
[ADV-2006-4207]
[ADV-2006-4206]
[ADV-2006-4205]
[ADV-2006-3936]
[ADV-2006-3899]
[ADV-2006-3748]
[20061108 Multiple Vulnerabilities in OpenSSL library]
[20061108 Multiple Vulnerabilities in OpenSSL Library]
[http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html]
[http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf]
[http://support.attachmate.com/techdocs/2137.html]
[http://support.attachmate.com/techdocs/2128.html]
[http://support.attachmate.com/techdocs/2127.html]
[201534]
[201247]
[200708]
[102759]
[102744]
[102722]
[102696]
[102686]
[102657]
[102656]
[102648]
[SSA:2006-310-01]
[1017522]
[28115]
[26893]
[26329]
[25649]
[25399]
[25284]
[24950]
[24930]
[24099]
[23915]
[23841]
[23794]
[23680]
[23455]
[23155]
[22949]
[22948]
[22940]
[22939]
[22938]
[22937]
[22936]
[22934]
[22932]
[22799]
[22758]
[22733]
[22711]
[22689]
[22671]
[22585]
[22545]
[22523]
[22513]
[22509]
[22446]
[22325]
[22284]
[22260]
[22232]
[22226]
[22066]
[22044]
[http://openvpn.net/changelog.html]
[[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]]
[[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues]
[APPLE-SA-2007-12-14]
[APPLE-SA-2006-11-28]
[SSRT071299]
[HPSBMA02250]
[SSRT061273]
[MDKSA-2006:207]
[http://docs.info.apple.com/article.html?artnum=307177]
[http://docs.info.apple.com/article.html?artnum=304829]
[BEA07-169.00]
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
[21591]
[ADV-2006-5002]
[RHSA-2010:0046]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19.1]
[2006-0074]
[23349]
Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.
[VU#939609]
[VU#149457]
[TA07-022A]
[21675]
[ADV-2006-5073]
[102729]
[1017425]
[23650]
[23445]
[http://scary.beasts.org/security/CESA-2005-008.txt]
[SUSE-SA:2007:003]
[HPSBUX02196]
[HPSBUX02196]
[HPSBUX02196]
[HPSBUX02196]
[HPSBUX02196]
[HPSBUX02196]
[HPSBUX02196]
[HPSBUX02196]
[HPSBUX02196]
[HPSBUX02196]
[RHSA-2007:0073]
[RHSA-2007:0072]
[RHSA-2007:0062]
[SUSE-SA:2007:010]
[GLSA-200705-20]
[ADV-2007-4224]
[ADV-2007-1814]
[ADV-2007-0936]
[GLSA-200702-08]
[GLSA-200701-15]
[28115]
[25404]
[25283]
[24468]
[24189]
[24099]
[23835]
[APPLE-SA-2007-12-14]
[HPSBUX02196]
[http://docs.info.apple.com/article.html?artnum=307177]
[BEA07-174.00]
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
[TA07-151A]
[23257]
[http://www.mozilla.org/security/announce/2007/mfsa2007-15.html]
[ADV-2007-1994]
[ADV-2007-1939]
[ADV-2007-1480]
[ADV-2007-1468]
[ADV-2007-1467]
[ADV-2007-1466]
[DSA-1305]
[https://issues.rpath.com/browse/RPL-1424]
[https://issues.rpath.com/browse/RPL-1232]
[https://issues.rpath.com/browse/RPL-1231]
[USN-520-1]
[USN-469-1]
[1018008]
[20070620 FLEA-2007-0027-1: thunderbird]
[20070619 FLEA-2007-0026-1: evolution-data-server]
[20070615 rPSA-2007-0122-1 evolution-data-server]
[20070531 FLEA-2007-0023-1: firefox]
[20070403 Re: APOP vulnerability]
[20070402 APOP vulnerability]
[RHSA-2009:1140]
[RHSA-2007:0402]
[RHSA-2007:0401]
[RHSA-2007:0386]
[RHSA-2007:0385]
[RHSA-2007:0353]
[RHSA-2007:0344]
[[oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))]
[[oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)]
[SUSE-SA:2007:036]
[SUSE-SR:2007:014]
[MDKSA-2007:131]
[MDKSA-2007:119]
[MDKSA-2007:113]
[MDKSA-2007:107]
[MDKSA-2007:105]
[DSA-1300]
[http://www.claws-mail.org/news.php]
[http://sylpheed.sraoss.jp/en/news.html]
[http://sourceforge.net/forum/forum.php?forum_id=683706]
[SSA:2007-152-02]
[GLSA-200706-06]
[35699]
[[balsa-list] 20070704 balsa-2.3.17 released]
[APPLE-SA-2007-05-24]
[SSRT061236]
[SSRT061236]
[SSRT061236]
[SSRT061236]
[SSRT061236]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[HPSBUX02153]
[MDKSA-2007:105]
[http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt]
[http://docs.info.apple.com/article.html?artnum=305530]
[http://balsa.gnome.org/download.html]
[20070602-01-P]
[ADV-2008-0082]
[ADV-2007-2788]
[26415]
[26083]
[25894]
[25858]
[25798]
[25750]
[25664]
[25559]
[25546]
[25534]
[25529]
[25496]
[25476]
[25402]
[25353]
[SSRT061236]
[HPSBUX02153]
The IOS FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote authenticated users to execute arbitrary code and read and write arbitrary files, as demonstrated by reading startup-config, aka bug ID CSCek55259.
Per http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml, authentication is not required.
[20070509 Multiple Vulnerabilities in the IOS FTP Server]
[cisco-ios-ftp-unauthorized-access(34197)]
[1018030]
[23885]
[35334]
[ADV-2007-1749]
[25199]
[20090120 Re: Remote Cisco IOS FTP exploit]
[oval:org.mitre.oval:def:5036]
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
[http://www.php.net/releases/5_2_3.php]
[FEDORA-2007-2215]
[FEDORA-2007-709]
[https://launchpad.net/bugs/173043]
[https://issues.rpath.com/browse/RPL-1702]
[https://issues.rpath.com/browse/RPL-1693]
[php-chunksplit-security-bypass(39398)]
[ADV-2008-0059]
[USN-549-1]
[USN-549-2]
[2007-0023]
[1018186]
[24261]
[HPSBUX02332]
[HPSBUX02332]
[20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow]
[http://www.sec-consult.com/291.html]
[RHSA-2007:0891]
[RHSA-2007:0890]
[RHSA-2007:0888]
[http://www.php.net/releases/4_4_8.php]
[http://www.php.net/ChangeLog-4.php]
[OpenPKG-SA-2007.020]
[MDKSA-2007:187]
[GLSA-200710-02]
[ADV-2007-3386]
[ADV-2007-2061]
[http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm]
[SSA:2007-152-01]
[28318]
[27864]
[27545]
[27377]
[27351]
[27110]
[27102]
[27037]
[26967]
[26930]
[26895]
[26871]
[26838]
[26231]
[26048]
[25535]
[25456]
[RHSA-2007:0889]
[SUSE-SA:2007:044]
[HPSBUX02308]
[HPSBUX02308]
[HPSBUX02308]
[SSRT071447]
[SSRT071447]
[SSRT071447]
[SSRT071447]
[HPSBUX02332]
[ADV-2008-0398]
[SSA:2008-045-03]
[30040]
[28936]
[28750]
[28658]
[SUSE-SA:2008:004]
[HPSBUX02308]
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
Per http://www.securityfocus.com/bid/29106 and http://secunia.com/advisories/32222, this vulnerability is remotely exploitable.
[31681]
[29106]
[http://bugs.mysql.com/bug.php?id=32167]
[mysql-myisam-security-bypass(42267)]
[1019995]
[RHSA-2008:0768]
[RHSA-2008:0510]
[RHSA-2008:0505]
[MDVSA-2008:150]
[MDVSA-2008:149]
[ADV-2008-2780]
[ADV-2008-1472]
[DSA-1608]
[http://support.apple.com/kb/HT3865]
[http://support.apple.com/kb/HT3216]
[36701]
[32222]
[31687]
[31226]
[31066]
[30134]
[SUSE-SR:2008:017]
[APPLE-SA-2009-09-10-2]
[APPLE-SA-2008-10-09]
[http://dev.mysql.com/doc/refman/6.0/en/news-6-0-5.html]
[http://dev.mysql.com/doc/refman/5.1/en/news-5-1-24.html]
[http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html]
[http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html]
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
Per http://www.securityfocus.com/bid/29106 this vulnerability is remotely exploitable.
[mysql-myisam-symlinks-security-bypass(45648)]
[[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079]
[[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079]
[MDVSA-2009:094]
[32759]
[SUSE-SR:2008:025]
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25]
Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin.
Per http://www.fortiguardcenter.com/advisory/FGA-2009-04.html:
"It should be noted that the victim does not necessarily have to open the malicious file for exploitation to occur: the vulnerabilities lie in a DLL that is also used as a plugin for the Windows Explorer shell. A successful attack could take place by merely previewing the IVR file through Windows Explorer. "
[realplayer-ivr-bo(48567)]
[ADV-2010-0178]
[33652]
[20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities]
[http://www.fortiguardcenter.com/advisory/FGA-2009-04.html]
[http://service.real.com/realplayer/security/01192010_player/en/]
[38218]
[33810]
Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin.
[realplayer-ivr-code-execution(48568)]
[http://www.zerodayinitiative.com/advisories/ZDI-10-009/]
[ADV-2010-0178]
[33652]
[20100121 ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability]
[20090206 RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities]
[http://www.fortiguardcenter.com/advisory/FGA-2009-04.html]
[http://service.real.com/realplayer/security/01192010_player/en/]
[38218]
[33810]
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
[35510]
[http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c]
[1022478]
[http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h]
[https://bugzilla.mozilla.org/show_bug.cgi?id=516862]
[https://bugzilla.mozilla.org/show_bug.cgi?id=516396]
[ADV-2010-0094]
[ADV-2009-3334]
[ADV-2009-3299]
[ADV-2009-3297]
[20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)]
[20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)]
[20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)]
[20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)]
[RHSA-2009:1601]
[http://www.opera.com/support/kb/view/942/]
[http://www.mozilla.org/security/announce/2009/mfsa2009-59.html]
[MDVSA-2009:330]
[MDVSA-2009:294]
[272909]
[20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow]
[20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)]
[20091211 Sunbird 0.9 Array Overrun (code execution)]
[20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)]
[20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)]
[20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)]
[20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)]
[20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)]
[20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities]
[20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun]
[http://secunia.com/secunia_research/2009-35/]
[38066]
[37683]
[37682]
[37431]
[SUSE-SR:2009:018]
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
[FEDORA-2009-7763]
[FEDORA-2009-7717]
[FEDORA-2009-7417]
[FEDORA-2009-7358]
[FEDORA-2009-7335]
[https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149]
[ADV-2010-0173]
[ADV-2009-3184]
[USN-797-1]
[RHSA-2009:1159]
[[oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]]
[[oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat]
[[oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat]
[http://www.lan.st/showthread.php?t=1856&page=3]
[DSA-1835]
[http://support.apple.com/kb/HT4013]
[http://support.apple.com/kb/HT4004]
[http://support.apple.com/kb/HT3937]
[267808]
[GLSA-200908-03]
[38241]
[36831]
[36194]
[35912]
[35883]
[35866]
[35716]
[35695]
[APPLE-SA-2010-01-19-1]
[APPLE-SA-2010-02-02-1]
[APPLE-SA-2009-11-09-1]
[http://bugzilla.maptools.org/show_bug.cgi?id=2065]
Multiple SQL injection vulnerabilities in Web Development House Alibaba (aka Alibaba.com) Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php.
[ADV-2009-1838]
[35741]
[http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt]
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.
[ADV-2009-2041]
[35850]
[DSA-1844]
[36051]
[36045]
[35985]
[FEDORA-2009-8144]
[FEDORA-2009-8264]
[ADV-2009-3316]
[http://www.vmware.com/security/advisories/VMSA-2009-0016.html]
[USN-807-1]
[20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components]
[20090728 [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability]
[RHSA-2009:1193]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.4]
[DSA-1845]
[37471]
[36131]
[36116]
[36054]
[http://risesecurity.org/advisories/RISE-2009003.txt]
[SUSE-SR:2009:015]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f151cd2c54ddc7714e2f740681350476cda03a28]
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
[FEDORA-2009-10525]
[https://bugzilla.redhat.com/show_bug.cgi?id=526788]
[http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git;a=commit;h=24e35800cdc4350fc34e2bed37b608a9e13ab3b6]
[RHSA-2010:0046]
[RHSA-2009:1540]
[36576]
[RHSA-2009:1671]
[[oss-security] 20091001 Re: CVE Request (kernel)]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.4]
[37351]
[37075]
[36927]
[[oss-security] 20091009 Re: CVE Request (kernel)]
[[oss-security] 20091002 Re: CVE Request (kernel)]
[[oss-security] 20091001 CVE Request (kernel)]
[[linux-kernel] 20091001 [tip:x86/urgent] x86: Don't leak 64-bit kernel register values to 32-bit processes]
[SUSE-SA:2009:056]
[SUSE-SA:2009:054]
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
[VU#120541]
[36935]
[FEDORA-2009-12229]
[FEDORA-2009-12305]
[FEDORA-2009-12606]
[FEDORA-2009-12604]
[FEDORA-2009-12968]
[FEDORA-2009-12782]
[FEDORA-2009-12775]
[FEDORA-2009-12750]
[https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt]
[https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html]
[https://bugzilla.redhat.com/show_bug.cgi?id=533125]
[https://bugzilla.mozilla.org/show_bug.cgi?id=526689]
[tls-renegotiation-weak-security(54158)]
[ADV-2010-0173]
[ADV-2009-3587]
[ADV-2009-3521]
[ADV-2009-3484]
[ADV-2009-3354]
[ADV-2009-3353]
[ADV-2009-3220]
[ADV-2009-3205]
[ADV-2009-3165]
[ADV-2009-3164]
[http://www.tombom.co.uk/blog/?p=85]
[1023275]
[1023274]
[1023273]
[1023272]
[1023271]
[1023270]
[1023243]
[1023219]
[1023218]
[1023217]
[1023216]
[1023215]
[1023212]
[1023211]
[1023210]
[1023209]
[1023208]
[1023207]
[1023206]
[1023205]
[1023204]
[1023163]
[20091130 TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)]
[20091124 rPSA-2009-0155-1 httpd mod_ssl]
[20091118 TLS / SSLv3 vulnerability explained (DRAFT)]
[http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html]
[http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c]
[[oss-security] 20091123 Re: CVEs for nginx]
[[oss-security] 20091120 CVEs for nginx]
[[oss-security] 20091107 Re: [TLS] CVE-2009-3555 for TLS renegotiation MITM attacks]
[[oss-security] 20091107 Re: CVE-2009-3555 for TLS renegotiation MITM attacks]
[[oss-security] 20091105 Re: CVE-2009-3555 for TLS renegotiation MITM attacks]
[[oss-security] 20091105 CVE-2009-3555 for TLS renegotiation MITM attacks]
[http://www.links.org/?p=789]
[http://www.links.org/?p=786]
[http://www.links.org/?p=780]
[http://www.ingate.com/Relnote.php?ver=481]
[[tls] 20091104 TLS renegotiation issue]
[[tls] 20091104 MITM attack on delayed TLS-client auth through renegotiation]
[http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html]
[DSA-1934]
[20091109 Transport Layer Security Renegotiation Vulnerability]
[http://www.betanews.com/article/1257452450]
[PM00675]
[http://www-01.ibm.com/support/docview.wss?uid=swg24025312]
[http://wiki.rpath.com/Advisories:rPSA-2009-0155]
[http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html]
[http://sysoev.ru/nginx/patch.cve-2009-3555.txt]
[http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released]
[http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES]
[http://support.citrix.com/article/CTX123359]
[http://support.apple.com/kb/HT4004]
[273029]
[1023148]
[GLSA-200912-01]
[38241]
[38056]
[37859]
[37675]
[37656]
[37640]
[37604]
[37504]
[37501]
[37320]
[37292]
[37291]
[20091111 Re: SSL/TLS MiTM PoC]
[60972]
[60521]
[[4.6] 004: SECURITY FIX: November 26, 2009]
[[4.5] 010: SECURITY FIX: November 26, 2009]
[[cryptography] 20091105 OpenSSL 0.9.8l released]
[[announce] 20091107 CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation]
[SUSE-SA:2009:057]
[[gnutls-devel] 20091105 Re: TLS renegotiation MITM]
[APPLE-SA-2010-01-19-1]
[http://kbase.redhat.com/faq/docs/DOC-20491]
[SSRT090249]
[SSRT090249]
[http://extendedsubset.com/Renegotiating_TLS.pdf]
[http://extendedsubset.com/?p=8]
[http://clicky.me/tlsvuln]
[http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during]
[http://blogs.iss.net/archive/sslmitmiscsrf.html]
[http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html]
WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality.
[http://support.apple.com/kb/HT3949]
[APPLE-SA-2009-11-11-1]
[safari-5media-security-bypass(54242)]
[ADV-2009-3217]
[1023167]
[36996]
[http://support.apple.com/kb/HT4013]
[37346]
[59941]
[APPLE-SA-2010-02-02-1]
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.
[http://support.apple.com/kb/HT3949]
[APPLE-SA-2009-11-11-1]
[FEDORA-2009-11491]
[FEDORA-2009-11487]
[https://bugzilla.redhat.com/show_bug.cgi?id=525788]
[safari-ftp-code-execution(54241)]
[ADV-2009-3217]
[1023166]
[36995]
[http://support.apple.com/kb/HT4013]
[37397]
[37393]
[37346]
[59943]
[APPLE-SA-2010-02-02-1]
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
[RHSA-2010:0046]
[https://bugzilla.redhat.com/show_bug.cgi?id=526068]
[[oss-security] 20091113 Re: CVE request: kernel: bad permissions on megaraid_sas sysfs files]
[[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files]
[http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27]
[37909]
[60202]
[SUSE-SA:2009:064]
[SUSE-SA:2009:061]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46]
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
[RHSA-2010:0046]
[https://bugzilla.redhat.com/show_bug.cgi?id=526068]
[[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files]
[38017]
[37909]
[60201]
[SUSE-SA:2010:001]
[SUSE-SA:2009:064]
[SUSE-SA:2009:061]
Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
[ADV-2009-3224]
[37321]
[http://msmtp.sourceforge.net/news.html]
[SUSE-SR:2010:001]
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
[http://www.cups.org/str.php?L3200]
[http://www.cups.org/newsgroups.php/newsgroups.php?v6055+gcups.bugs]
[http://www.cups.org/newsgroups.php/newsgroups.php?v5996+gcups.bugs]
[http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs]
[FEDORA-2009-12652]
[https://bugzilla.redhat.com/show_bug.cgi?id=530111]
[ADV-2010-0173]
[37048]
[RHSA-2009:1595]
[http://support.apple.com/kb/HT4004]
[38241]
[37364]
[37360]
[APPLE-SA-2010-01-19-1]
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=690e744869f3262855b83b4fb59199cf142765b0]
[FEDORA-2009-13098]
[RHSA-2010:0046]
[37068]
[RHSA-2010:0041]
[http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8]
[38017]
[37909]
[37720]
[37435]
[SUSE-SA:2010:001]
[SUSE-SA:2009:064]
[SUSE-SA:2009:061]
Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
[ADV-2009-3306]
[37084]
[[dovecot-news] 20091120 v1.2.8 released]
[[oss-security] 20091123 Re: CVE request: v1.2.8 released to fix the 0777 base_dir creation issue]
[[oss-security] 20091120 CVE request: v1.2.8 released to fix the 0777 base_dir creation issue]
[dovecot-basedir-privilege-escalation(54363)]
[60316]
[MDVSA-2009:306]
[37443]
[[oss-security] 20091123 Re: CVE Request - Dovecot - 1.2.8]
[[oss-security] 20091121 CVE Request - Dovecot - 1.2.8]
[SUSE-SR:2010:001]
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack.
[RHSA-2010:0046]
[https://bugzilla.redhat.com/show_bug.cgi?id=538734]
[kernel-fusedirectio-dos(54358)]
[37069]
[RHSA-2010:0041]
[[oss-security] 20091124 Re: CVE request: kernel: fuse: prevent fuse_put_request on invalid pointer]
[[oss-security] 20091119 CVE request: kernel: fuse: prevent fuse_put_request on invalid pointer]
[38017]
[37909]
[SUSE-SA:2010:001]
[SUSE-SA:2009:064]
[SUSE-SA:2009:061]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f60311d5f7670d9539b424e4ed8b5c0872fc9e83]
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
[https://bugzilla.redhat.com/show_bug.cgi?id=538744]
[FEDORA-2009-12233]
[FEDORA-2009-12218]
[https://www.isc.org/advisories/CVE2009-4022]
[https://www.isc.org/advisories/CVE-2009-4022v6]
[bind-dnssec-cache-poisoning(54416)]
[ADV-2010-0176]
[ADV-2009-3335]
[USN-888-1]
[37118]
[RHSA-2009:1620]
[[oss-security] 20091124 Re: a new bind issue]
[[oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section]
[[oss-security] 20091124 a new bind issue]
[MDVSA-2009:304]
[38240]
[38219]
[37491]
[37426]
[60493]
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
[http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/]
[37135]
[http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdf]
[MS10-002]
[http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/]
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
[https://bugzilla.redhat.com/show_bug.cgi?id=533174]
[http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165]
[FEDORA-2009-12737]
[FEDORA-2009-12716]
[FEDORA-2009-12690]
[1023278]
[37203]
[MDVSA-2009:316]
[DSA-1953]
[273630]
[37537]
[[expat-bugs] 20091108 [ expat-Bugs-2894085 ] expat: buffer over-read and crash in big2_toUtf8()]
[SUSE-SR:2010:001]
[http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165]
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
[http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch]
[RHSA-2010:0046]
[https://bugzilla.redhat.com/show_bug.cgi?id=540736]
[[oss-security] 20091204 CVE-2009-4020 kernel: hfs buffer overflow]
[[linux-mm-commits] 20091203 + hfs-fix-a-potential-buffer-overflow.patch added to -mm tree]
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
[TA09-343A]
[http://zerodayinitiative.com/advisories/ZDI-09-092/]
[ADV-2009-3456]
[RHSA-2009:1658]
[http://www.adobe.com/support/security/bulletins/apsb09-19.html]
[https://bugzilla.redhat.com/show_bug.cgi?id=543857]
[flash-air-jpeg-code-execution(54631)]
[ADV-2010-0173]
[37199]
[20091209 ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability]
[RHSA-2009:1657]
[http://support.apple.com/kb/HT4004]
[1023307]
[1023306]
[38241]
[37902]
[37584]
[60885]
[SUSE-SA:2009:062]
[APPLE-SA-2010-01-19-1]
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
[TA09-343A]
[https://bugzilla.redhat.com/show_bug.cgi?id=543857]
[ADV-2009-3456]
[RHSA-2009:1658]
[RHSA-2009:1657]
[http://www.adobe.com/support/security/bulletins/apsb09-19.html]
[1023307]
[1023306]
[flash-air-data-code-execution(54632)]
[ADV-2010-0173]
[37199]
[http://support.apple.com/kb/HT4004]
[38241]
[37902]
[37584]
[60886]
[SUSE-SA:2009:062]
[APPLE-SA-2010-01-19-1]
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
[TA09-343A]
[https://bugzilla.redhat.com/show_bug.cgi?id=543857]
[ADV-2009-3456]
[RHSA-2009:1657]
[http://www.adobe.com/support/security/bulletins/apsb09-19.html]
[1023307]
[1023306]
[flash-air-corruption-code-execution(54633)]
[ADV-2010-0173]
[37199]
[http://support.apple.com/kb/HT4004]
[38241]
[37902]
[37584]
[SUSE-SA:2009:062]
[APPLE-SA-2010-01-19-1]
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
[TA09-343A]
[https://bugzilla.redhat.com/show_bug.cgi?id=543857]
[ADV-2009-3456]
[RHSA-2009:1658]
[RHSA-2009:1657]
[http://www.adobe.com/support/security/bulletins/apsb09-19.html]
[1023307]
[1023306]
[flash-air-unspecified-code-execution(54634)]
[ADV-2010-0173]
[37199]
[http://support.apple.com/kb/HT4004]
[38241]
[37902]
[37584]
[SUSE-SA:2009:062]
[APPLE-SA-2010-01-19-1]
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
[TA09-343A]
[https://bugzilla.redhat.com/show_bug.cgi?id=543857]
[http://zerodayinitiative.com/advisories/ZDI-09-093/]
[ADV-2009-3456]
[RHSA-2009:1658]
[RHSA-2009:1657]
[http://www.adobe.com/support/security/bulletins/apsb09-19.html]
[1023307]
[1023306]
[flash-air-unspecified-overflow(54635)]
[ADV-2010-0173]
[37199]
[20091209 ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability]
[http://support.apple.com/kb/HT4004]
[38241]
[37902]
[37584]
[60889]
[SUSE-SA:2009:062]
[APPLE-SA-2010-01-19-1]
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
[TA09-343A]
[https://bugzilla.redhat.com/show_bug.cgi?id=543857]
[ADV-2009-3456]
[RHSA-2009:1658]
[RHSA-2009:1657]
[http://www.adobe.com/support/security/bulletins/apsb09-19.html]
[1023307]
[1023306]
[flash-air-multiple-code-execution(54636)]
[ADV-2010-0173]
[37199]
[http://support.apple.com/kb/HT4004]
[38241]
[37902]
[37584]
[SUSE-SA:2009:062]
[APPLE-SA-2010-01-19-1]
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
[TA09-343A]
[ADV-2009-3456]
[http://www.adobe.com/support/security/bulletins/apsb09-19.html]
[1023307]
[flash-activex-information-disclosure(54637)]
[ADV-2010-0173]
[37199]
[http://support.apple.com/kb/HT4004]
[38241]
[37902]
[37584]
[60891]
[SUSE-SA:2009:062]
[APPLE-SA-2010-01-19-1]
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
[TA10-013A]
[VU#508357]
[acro-reader-unspecifed-code-execution(54747)]
[ADV-2010-0103]
[ADV-2009-3518]
[http://www.symantec.com/connect/blogs/zero-day-xmas-present]
[http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214]
[37331]
[http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb]
[http://www.adobe.com/support/security/bulletins/apsb10-02.html]
[http://www.adobe.com/support/security/advisories/apsa09-07.html]
[37690]
[60980]
[SUSE-SA:2010:008]
[http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html]
[http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html]
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
[http://www.postgresql.org/docs/current/static/release-8-4-2.html]
[http://www.postgresql.org/docs/current/static/release-8-3-9.html]
[http://www.postgresql.org/docs/current/static/release-8-2-15.html]
[http://www.postgresql.org/docs/current/static/release-8-1-19.html]
[http://www.postgresql.org/docs/current/static/release-8-0-23.html]
[http://www.postgresql.org/docs/current/static/release-7-4-27.html]
[FEDORA-2009-13381]
[FEDORA-2009-13363]
[ADV-2009-3519]
[1023325]
[37334]
[http://www.postgresql.org/support/security.html]
[MDVSA-2009:333]
[37663]
[61038]
[SUSE-SR:2010:001]
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
[https://bugzilla.redhat.com/show_bug.cgi?id=546321]
[http://www.postgresql.org/docs/current/static/release-8-4-2.html]
[http://www.postgresql.org/docs/current/static/release-8-3-9.html]
[http://www.postgresql.org/docs/current/static/release-8-2-15.html]
[http://www.postgresql.org/docs/current/static/release-8-1-19.html]
[http://www.postgresql.org/docs/current/static/release-8-0-23.html]
[http://www.postgresql.org/docs/current/static/release-7-4-27.html]
[FEDORA-2009-13381]
[FEDORA-2009-13363]
[ADV-2009-3519]
[1023326]
[37333]
[http://www.postgresql.org/support/security.html]
[MDVSA-2009:333]
[37663]
[61039]
[SUSE-SR:2010:001]
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
[https://bugzilla.redhat.com/show_bug.cgi?id=547236]
[[oss-security] 20091215 CVE-2009-4138 kernel: firewire: ohci: handle receive packets with a data length of zero]
[http://patchwork.kernel.org/patch/66747/]
[http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54]
[RHSA-2010:0046]
[37339]
[http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git9.log]
[38017]
[SUSE-SA:2010:001]
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
[FEDORA-2009-13592]
[https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301]
[http://www.wireshark.org/security/wnpa-sec-2009-09.html]
[ADV-2009-3596]
[1023374]
[37407]
[DSA-1983]
[37916]
[37842]
[61178]
The firmware for Intellicom NetBiter WebSCADA uses hard-coded passwords, which makes it easier for remote attackers to obtain access.
[20091214 Exposing HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow (Not patched)]
[http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1]
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
[https://bugzilla.redhat.com/show_bug.cgi?id=555313]
[http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14]
[http://www.yassl.com/release.html]
[http://www.yassl.com/news.html#yassl199]
[ADV-2010-0236]
[ADV-2010-0233]
[37974]
[37943]
[37640]
[61956]
[http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname]
[http://www.intevydis.com/blog/?p=57]
[http://www.intevydis.com/blog/?p=106]
[1023513]
[1023402]
[38364]
[38344]
[37493]
[[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227]
[[dailydave] 20100126 New db bugs]
[http://isc.sans.org/diary.html?storyid=7900]
[http://intevydis.com/mysql_overflow1.py.txt]
[http://intevydis.com/mysql_demo.html]
[http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html]
[http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html]
[http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html]
[http://bugs.mysql.com/bug.php?id=50227]
[http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1]
[[dailydave] 20100106 0day demos]
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
[https://support.zabbix.com/browse/ZBX-1031]
[ADV-2009-3514]
[20091213 Zabbix Server : Multiple remote vulnerabilities]
[37740]
** DISPUTED ** SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report."
[ADV-2010-0014]
[37579]
[http://www.exploit-db.com/exploits/10971]
[[VIM] 20100203 Re: disputed: CVE-2010-0158 JoomlaBamboo (JB) Simpla Admin SQL injection]
[[VIM] 20100203 disputed: CVE-2010-0158 JoomlaBamboo (JB) Simpla Admin SQL injection]
[http://packetstormsecurity.org/1001-exploits/joomlabamboo-sql.txt]
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
[https://launchpad.net/bugs/500625]
[[oss-security] 20100106 Re: CVE Request: Transmission]
[[oss-security] 20100106 CVE Request: Transmission]
[[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)]
[DSA-1967]
[http://trac.transmissionbt.com/wiki/Changes#version-1.77]
[http://trac.transmissionbt.com/changeset/9829/]
[http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz]
[SUSE-SA:2010:008]
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
[https://bugzilla.redhat.com/show_bug.cgi?id=552126]
[37519]
[RHSA-2010:0041]
[RHSA-2010:0020]
[RHSA-2010:0019]
[[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389]
[[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389]
[[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389]
[1023420]
[38031]
[35265]
[http://marc.info/?t=126203102000001&r=1&w=2]
[http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html]
[http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/]
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
[https://bugzilla.redhat.com/show_bug.cgi?id=550907]
[37521]
[RHSA-2010:0041]
[RHSA-2010:0020]
[RHSA-2010:0019]
[[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389]
[[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389]
[[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389]
[http://twitter.com/dakami/statuses/7104238406]
[1023419]
[38031]
[http://marc.info/?t=126202986900002&r=1&w=2]
[[linux-netdev] 20091228 [PATCH RFC] r8169: straighten out overlength frame detection]
[http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html]
[http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/]