======================================================================== The Secunia Weekly Advisory Summary 2008-07-17 - 2008-07-24 This week: 54 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Try the Secunia Network Software Inspector (NSI) 2.0 for free! The Secunia NSI 2.0 is available as a 7-day trial download and can be used to scan up to 3 hosts within your network. Download the Secunia NSI trial version from: https://psi.secunia.com/NSISetup.exe ======================================================================== 2) This Week in Brief: A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions. The problem is that websites are allowed to set cookies for certain country-specific secondary top-level domains. This can e.g. be exploited to fix a session by setting a known session ID in a cookie, which the browser sends to all web sites operating under an affected domain (e.g. co.uk, com.au). The vulnerability is confirmed in Apple Safari for Windows 3.1.2. Other versions may also be affected. For more information, refer to: http://secunia.com/advisories/31128/ -- VIRUS ALERTS: During the past week Secunia collected 164 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA31092] BlackBerry Enterprise Server PDF Processing Vulnerability 2. [SA30975] Microsoft Word Unspecified Code Execution Vulnerability 3. [SA31155] Sun Solaris System Management Agent SNMP Daemon Buffer Overflow 4. [SA31149] IBM WebSphere Application Server Unspecified Vulnerability 5. [SA31143] HP-UX update for bind 6. [SA31159] Vim configure.in Insecure Temporary Files 7. [SA31087] Oracle Products Multiple Vulnerabilities 8. [SA31157] Fedora update for firefox 9. [SA31134] AlstraSoft Video Share Enterprise "UID" SQL Injection 10. [SA31146] Bea Weblogic Apache Connector Buffer Overflow Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA31187] Pre Survey Poll "catid" SQL Injection Vulnerability [SA31170] HRS Multi "key" SQL Injection Vulnerability [SA31158] SWAT 4 Denial of Service Vulnerabilities UNIX/Linux: [SA31195] Red Hat update for thunderbird [SA31183] Debian update for xulrunner [SA31182] Gentoo update for peercast [SA31181] Debian update for ruby1.8 [SA31180] Gentoo BitchX Multiple Vulnerabilities [SA31176] Debian update for iceweasel [SA31167] SUSE Update for Multiple Packages [SA31157] Fedora update for firefox [SA31154] Fedora update for seamonkey [SA31212] OpenBSD BIND Query Port DNS Cache Poisoning [SA31209] Slackware update for dnsmasq [SA31208] IPCop update for perl [SA31206] Debian update for clamav [SA31204] IPCop update for various packages [SA31200] Ubuntu update for php [SA31199] Ubuntu update for dnsmasq [SA31197] dnsmasq Denial of Service and DNS Cache Poisoning [SA31171] Fedora update for mantis [SA31169] rPath update for bind [SA31168] Debian update for libgd2 [SA31163] Fedora update for python-formencode [SA31155] Sun Solaris System Management Agent SNMP Daemon Buffer Overflow [SA31202] SUSE update for kernel [SA31175] Filesys::SmbClientParser Shell Command Injection Vulnerability [SA31194] Fedora update for asterisk [SA31172] Linux Kernel LDT Buffer Size Handling Vulnerability [SA31159] Vim configure.in Insecure Temporary Files [SA31198] Red Hat update for kernel [SA31184] Gentoo Bacula MySQL Director Password Disclosure Weakness [SA31179] OpenSSH "X11UseLocalhost" X11 Forwarding Security Issue Other: [SA31173] Century Systems Routers Cross-Site Request Forgery Cross Platform: [SA31203] SocialEngine SQL Injection and Code Execution [SA31161] YouTube Blog Multiple Vulnerabilities [SA31193] EasyPublish SQL Injection and Cross-Site Scripting [SA31192] EasyE-Cards SQL Injection and Cross-Site Scripting [SA31190] MyReview Disclosure of Sensitive Information [SA31189] EasyDynamicPages SQL Injection and Cross-Site Scripting [SA31185] ZDaemon Denial of Service Vulnerability [SA31174] Def-Blog "article" SQL Injection Vulnerabilities [SA31166] MojoClassifieds "cat_a" SQL Injection Vulnerability [SA31165] MojoPersonals "cat" SQL Injection Vulnerability [SA31164] MojoJobs "cat_a" SQL Injection Vulnerability [SA31162] MojoAuto "cat_a" SQL Injection Vulnerability [SA31156] ShopCartDx "pid" SQL Injection Vulnerability [SA31211] Drupal Session Fixation Vulnerability [SA31201] Claroline Multiple Cross-Site Scripting Vulnerabilities [SA31196] Moodle Script Insertion and Cross-Site Request Forgery [SA31191] EasyBookMarker "rs" Cross-Site Scripting [SA31188] Geeklog Forum Plugin Search Cross-Site Scripting Vulnerability [SA31186] EMC Retrospect Multiple Vulnerabilities [SA31178] Asterisk Two Denial of Service Vulnerabilities ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA31187] Pre Survey Poll "catid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-23 DreamTurk has reported a vulnerability in Pre Survey Poll, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31187/ -- [SA31170] HRS Multi "key" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-22 Mr.SQL has reported a vulnerability in HRS Multi, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31170/ -- [SA31158] SWAT 4 Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-21 Luigi Auriemma has reported some vulnerabilities in SWAT 4, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31158/ UNIX/Linux:-- [SA31195] Red Hat update for thunderbird Critical: Highly critical Where: From remote Impact: Spoofing, Exposure of system information, Exposure of sensitive information, System access Released: 2008-07-24 Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, disclose sensitive information, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31195/ -- [SA31183] Debian update for xulrunner Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-24 Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31183/ -- [SA31182] Gentoo update for peercast Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-22 Gentoo has issued an update for peercast. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31182/ -- [SA31181] Debian update for ruby1.8 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-22 Debian has issued an update for ruby1.8. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31181/ -- [SA31180] Gentoo BitchX Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Privilege escalation, System access Released: 2008-07-22 Gentoo has acknowledged a security issue and a vulnerability in bitchx, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31180/ -- [SA31176] Debian update for iceweasel Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, System access Released: 2008-07-24 Debian has issued an update for iceweasel. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31176/ -- [SA31167] SUSE Update for Multiple Packages Critical: Highly critical Where: From remote Impact: Security Bypass, Manipulation of data, DoS, System access Released: 2008-07-21 SUSE has issued an update for multiple packages. This fixes some security issues and some vulnerabilities, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31167/ -- [SA31157] Fedora update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, System access Released: 2008-07-18 Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31157/ -- [SA31154] Fedora update for seamonkey Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-18 Fedora has issued an update for seamonkey. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31154/ -- [SA31212] OpenBSD BIND Query Port DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-24 OpenBSD has acknowledged a vulnerability in BIND, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31212/ -- [SA31209] Slackware update for dnsmasq Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-24 Slackware has issued an update for dnsmasq. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31209/ -- [SA31208] IPCop update for perl Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-24 An updated version of IPCop has been released, which fixes some vulnerabilities in perl, which can potentially be exploited by malicious people to cause a Denial of Service or to compromise a vulnerable perl application. Full Advisory: http://secunia.com/advisories/31208/ -- [SA31206] Debian update for clamav Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-24 Debian has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31206/ -- [SA31204] IPCop update for various packages Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing, DoS Released: 2008-07-23 An updated version of IPCop has been released, which fixes some vulnerabilities in bzip2, dnsmasq, and snort, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and poison the DNS cache. Full Advisory: http://secunia.com/advisories/31204/ -- [SA31200] Ubuntu update for php Critical: Moderately critical Where: From remote Impact: Unknown, Security Bypass, DoS, System access Released: 2008-07-24 Ubuntu has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31200/ -- [SA31199] Ubuntu update for dnsmasq Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-23 Ubuntu has issued an update for dnsmasq. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31199/ -- [SA31197] dnsmasq Denial of Service and DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing, DoS Released: 2008-07-23 Some vulnerabilities have been reported in dnsmasq, which can be exploited by malicious people to cause a DoS (Denial of Service) and poison the DNS cache. Full Advisory: http://secunia.com/advisories/31197/ -- [SA31171] Fedora update for mantis Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-07-23 Fedora has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks. Full Advisory: http://secunia.com/advisories/31171/ -- [SA31169] rPath update for bind Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-21 rPath has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31169/ -- [SA31168] Debian update for libgd2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-22 Debian has issued an update for libgd2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/31168/ -- [SA31163] Fedora update for python-formencode Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-18 Fedora has issued an update for python-formencode. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31163/ -- [SA31155] Sun Solaris System Management Agent SNMP Daemon Buffer Overflow Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-07-18 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31155/ -- [SA31202] SUSE update for kernel Critical: Less critical Where: From remote Impact: Privilege escalation, DoS Released: 2008-07-23 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, and malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31202/ -- [SA31175] Filesys::SmbClientParser Shell Command Injection Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2008-07-21 Jesus Olmos Gonzalez has discovered a vulnerability in Filesys::SmbClientParser, which can be exploited by malicious people to compromise an application using the module. Full Advisory: http://secunia.com/advisories/31175/ -- [SA31194] Fedora update for asterisk Critical: Less critical Where: From local network Impact: DoS Released: 2008-07-24 Fedora has issued an update for asterisk. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct DoS attacks. Full Advisory: http://secunia.com/advisories/31194/ -- [SA31172] Linux Kernel LDT Buffer Size Handling Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-07-24 A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/31172/ -- [SA31159] Vim configure.in Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-07-18 A security issue has been reported in Vim, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31159/ -- [SA31198] Red Hat update for kernel Critical: Not critical Where: Local system Impact: DoS Released: 2008-07-24 Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31198/ -- [SA31184] Gentoo Bacula MySQL Director Password Disclosure Weakness Critical: Not critical Where: Local system Impact: Exposure of sensitive information Released: 2008-07-22 Gentoo has acknowledged a weakness in bacula, which can be exploited by malicious, local users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/31184/ -- [SA31179] OpenSSH "X11UseLocalhost" X11 Forwarding Security Issue Critical: Not critical Where: Local system Impact: Exposure of sensitive information Released: 2008-07-22 A security issue has been reported in OpenSSH, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31179/ Other:-- [SA31173] Century Systems Routers Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-22 A vulnerability has been reported in various Century Systems routers, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31173/ Cross Platform:-- [SA31203] SocialEngine SQL Injection and Code Execution Critical: Highly critical Where: From remote Impact: Security Bypass, Manipulation of data, System access Released: 2008-07-23 Tim Loshak has reported some vulnerabilities in SocialEngine, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to conduct SQL injection attacks and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31203/ -- [SA31161] YouTube Blog Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access Released: 2008-07-23 Some vulnerabilities have been discovered in YouTube Blog, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31161/ -- [SA31193] EasyPublish SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-07-22 Khashayar Fereidani has discovered two vulnerabilities in EasyPublish, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31193/ -- [SA31192] EasyE-Cards SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-07-22 Khashayar Fereidani has discovered some vulnerabilities in EasyE-Cards, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31192/ -- [SA31190] MyReview Disclosure of Sensitive Information Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-07-22 Julien Thomas has reported a security issue in MyReview, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/31190/ -- [SA31189] EasyDynamicPages SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-07-22 Khashayar Fereidani has discovered two vulnerabilities in EasyDynamicPages, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31189/ -- [SA31185] ZDaemon Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-22 Luigi Auriemma has reported a vulnerability in ZDaemon, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31185/ -- [SA31174] Def-Blog "article" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-21 CWH Underground has discovered some vulnerabilities in Def-Blog, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31174/ -- [SA31166] MojoClassifieds "cat_a" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-22 Mr.SQL has reported a vulnerability in MojoClassifieds, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31166/ -- [SA31165] MojoPersonals "cat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-22 Mr.SQL has reported a vulnerability in MojoPersonals, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31165/ -- [SA31164] MojoJobs "cat_a" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-22 Mr.SQL has reported a vulnerability in MojoJobs, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31164/ -- [SA31162] MojoAuto "cat_a" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-22 Mr.SQL has reported a vulnerability in MojoAuto, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31162/ -- [SA31156] ShopCartDx "pid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-22 Cr_at_zy_King has reported a vulnerability in ShopCartDX, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31156/ -- [SA31211] Drupal Session Fixation Vulnerability Critical: Less critical Where: From remote Impact: Hijacking Released: 2008-07-24 A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct session fixation attacks. Full Advisory: http://secunia.com/advisories/31211/ -- [SA31201] Claroline Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-23 Digital Security Research Group have reported some vulnerabilities in Claroline, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31201/ -- [SA31196] Moodle Script Insertion and Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-23 ProCheckUp Ltd have reported two vulnerabilities in Moodle, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31196/ -- [SA31191] EasyBookMarker "rs" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-22 Khashayar Fereidani has discovered a vulnerability in EasyBookMarker, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31191/ -- [SA31188] Geeklog Forum Plugin Search Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-23 A vulnerability has been reported in the Forum plugin for Geeklog, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31188/ -- [SA31186] EMC Retrospect Multiple Vulnerabilities Critical: Less critical Where: From local network Impact: Brute force, Exposure of sensitive information, DoS Released: 2008-07-22 Some vulnerabilities and a security issue has been reported in EMC Retrospect, which can be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31186/ -- [SA31178] Asterisk Two Denial of Service Vulnerabilities Critical: Less critical Where: From local network Impact: DoS Released: 2008-07-23 Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct DoS attacks. Full Advisory: http://secunia.com/advisories/31178/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Fri Jul 25 2008 - 05:31:22 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 25 2008 - 05:46:51 PDT