Bugtraq

[ GLSA 200911-01 ] Horde: Multiple vulnerabilities

Fri, 06 Nov 2009 16:05:11 GMT

Posted by Alex Legler on Nov 06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200911-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Horde: Multiple vulnerabilities
Date: November 06,...

Php 5.3.0 pdflib extension open_basedir bypass

Fri, 06 Nov 2009 15:53:00 GMT

Posted by r3d . w0rm on Nov 06

Description:
------------
Via this bug , attacker can save a file in path that not allowed in
open_basedir .

Reproduce code:
---------------
<?php
// Author : Sina Yazdanmehr (R3d.W0rm) ; Our Site : http://IrCrash.com
if(!extension_loaded('pdf')){
die('pdf extension required .');
}else{
$__PATH = $_GET['p']; /*The path that u want save file in .ex:
/etc/file.php*/
$__VALUE = $_GET['v']; /*The text that u want save in file .ex:...

[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities

Fri, 06 Nov 2009 15:43:42 GMT

Posted by dann frazier on Nov 06

----------------------------------------------------------------------
Debian Security Advisory DSA-1929-1 security () debian org
http://www.debian.org/security/ Dann Frazier
November 5, 2009 http://www.debian.org/security/faq
----------------------------------------------------------------------

Package : linux-2.6
Vulnerability : privilege escalation/denial of...

[ MDVSA-2009:294 ] firefox

Fri, 06 Nov 2009 15:34:50 GMT

Posted by security on Nov 06

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:294
http://www.mandriva.com/security/
_______________________________________________________________________

Package : firefox
Date : November 5, 2009
Affected: 2010.0
_______________________________________________________________________

Problem Description:

Security issues were identified...

Using Blended Browser Threats involving Chrome to steal files on your computer

Fri, 06 Nov 2009 15:25:01 GMT

Posted by Inferno on Nov 06

For complete post with images, please visit
http://securethoughts.com/2009/11/using-blended-browser-threats-involving-ch
rome-to-steal-files-on-your-computer/

SECURETHOUGHTS.COM ADVISORY
=============================================
- CVE-ID : CVE-2009-XXXX (Chrome) {Pending}
- Release Date : November 05, 2009
- Severity : Medium
- Discovered by : Inferno
=============================================

I. TITLE...

[SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities

Fri, 06 Nov 2009 15:18:34 GMT

Posted by dann frazier on Nov 06

----------------------------------------------------------------------
Debian Security Advisory DSA-1928-1 security () debian org
http://www.debian.org/security/ Dann Frazier
November 5, 2009 http://www.debian.org/security/faq
----------------------------------------------------------------------

Package : linux-2.6.24
Vulnerability : privilege escalation/denial of...

[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities

Thu, 05 Nov 2009 21:04:17 GMT

Posted by dann frazier on Nov 05

----------------------------------------------------------------------
Debian Security Advisory DSA-1927-1 security () debian org
http://www.debian.org/security/ dann frazier
November 5, 2009 http://www.debian.org/security/faq
----------------------------------------------------------------------

Package : linux-2.6
Vulnerability : privilege escalation/denial of...

[USN-854-1] GD library vulnerabilities

Thu, 05 Nov 2009 20:58:34 GMT

Posted by Marc Deslauriers on Nov 05

===========================================================
Ubuntu Security Notice USN-854-1 November 05, 2009
libgd2 vulnerabilities
CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2009-3293,
CVE-2009-3546
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the...

[USN-855-1] libhtml-parser-perl vulnerability

Thu, 05 Nov 2009 20:51:41 GMT

Posted by Marc Deslauriers on Nov 05

===========================================================
Ubuntu Security Notice USN-855-1 November 05, 2009
libhtml-parser-perl vulnerability
CVE-2009-3627
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu....

ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability

Thu, 05 Nov 2009 20:43:31 GMT

Posted by ZDI Disclosures on Nov 05

ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-081
November 5, 2009

-- CVE ID:
CVE-2009-2685

-- Affected Vendors:
Hewlett-Packard

-- Affected Products:
Hewlett-Packard Power Manager

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID...

CORE-2009-0912: Blender .blend Project Arbitrary Command Execution

Thu, 05 Nov 2009 20:39:22 GMT

Posted by CORE Security Technologies Advisories on Nov 05

Blender .blend Project Arbitrary Command Execution

1. *Advisory Information*

Title: Blender .blend Project Arbitrary Command Execution
Advisory Id: CORE-2009-0912
Advisory URL:
http://www.coresecurity.com/content/blender-scripting-injection
Date published: 2009-11-05
Date of last update: 2009-11-04
Vendors contacted: Blender Foundation
Release mode: User release

2. *Vulnerability Information*

Class: Failure to Sanitize Data into a Different...

[security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code

Thu, 05 Nov 2009 16:52:17 GMT

Posted by security-alert on Nov 05

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01905743
Version: 1

HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-11-04
Last Updated: 2009-11-04

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team...

[Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report

Thu, 05 Nov 2009 16:40:02 GMT

Posted by Bkis on Nov 05

eoCMS SQL injection vulnerability

1. General information

eoCMS is an open source code software which is used to develop Internet
forum (http://eocms.com/). On October 15, 2009, Bkis Security detected a
SQL injection vulnerability in some functions of eoCMS.

This is a critical vulnerability which allows hacker to access the data
in the database and execute unauthorized tasks. Bkis has informed the
software developer team, and they have...

CONFidence 2.0 schedule online - last time to register

Thu, 05 Nov 2009 16:30:42 GMT

Posted by Andrzej Targosz on Nov 05

Dear Madame/Sir,

CONFidence is the one of the most technical conference in Eastern
Europe. You can find videos from the latest edition here:
http://200902.confidence.org.pl/materialy-maj-2009

You can find all informations here:
http://200902.confidence.org.pl

Speakers list (alfabetical order):
* Chema Alonso
* Jacob Appelbaum – keynote
* Jesse Burns
* Frank Breedijk
* Łukasz Bromirski
* Raoul Chiesa
* Gynvael...

Re: /proc filesystem allows bypassing directory permissions on

Thu, 05 Nov 2009 16:21:36 GMT

Posted by Pavel Kankovsky on Nov 05

It is required to do nothing:

F_SETFL
Set the file status flags, defined in <fcntl.h>, for the file
description associated with fildes from the corresponding bits in the
third argument, arg, taken as type int. Bits corresponding to the file
access mode and the file creation flags, as defined in <fcntl.h>, that are
set in arg shall be ignored. If any bits in arg other than those mentioned
here are changed by the application,...