http://www.alienvault.com/free_nessus_feed.php AlienVault nessus feed updates. Sync using the updater. (c) 2008, AlienVault. All rights reserved. Name: "[DSA-1683]DSA-1683-1 streamripper -- buffer overflow"
Script OID: "1.3.6.1.4.1.25623.1.3.1000829"
Script CVE: "CVE-2007-4337", "CVE-2008-4829"
Description: Multiple buffer overflows involving HTTP header and playlist
parsing have been discovered in streamripper (CVE-2007-4337,
CVE-2008-4829).For the stable distribution (etch), these problems have been
fixed in version 1.61.27-1+etch1.For the unstable distribution (sid) and the testing distribution
(lenny), these problems have been fixed in version 1.63.5-2.We recommend that you upgrade your streamripper package.
Solution : http://www.debian.org/security/2008/dsa-1683.en.htmlRisk factor : High

]]> Dec 10 10:25 GMT Name: "[DSA-1681]DSA-1681-1 linux-2.6.24 -- denial of service/privilege escalation"
Script OID: "1.3.6.1.4.1.25623.1.3.1000828"
Script CVE: "CVE-2008-3528", "CVE-2008-4554", "CVE-2008-4576", "CVE-2008-4618", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5134", "CVE-2008-5182", "CVE-2008-5300"
Description: Several vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or privilege escalation. The
Common Vulnerabilities and Exposures project identifies the
following problems:For the stable distribution (etch), these problems have been
fixed in version 2.6.24-6~etchnhalf.7.We recommend that you upgrade your linux-2.6.24 packages.
Solution : http://www.debian.org/security/2008/dsa-1681.en.htmlRisk factor : High

]]> Dec 10 10:24 GMT Name: "[DSA-1680]DSA-1680-1 clamav -- buffer overflow, stack consumption"
Script OID: "1.3.6.1.4.1.25623.1.3.1000827"
Script CVE: "CVE-2008-5050", "CVE-2008-5314"
Description: Moritz Jodeit discovered that ClamAV, an anti-virus solution,
suffers from an off-by-one-error in its VBA project file
processing, leading to a heap-based buffer overflow and potentially
arbitrary code execution (CVE-2008-5050).Ilja van Sprundel discovered that ClamAV contains a denial of
service condition in its JPEG file processing because it does not
limit the recursion depth when processing JPEG thumbnails (CVE-2008-5314).For the stable distribution (etch), these problems have been ...

(check full advisory/plugin to read more)

]]> Dec 10 10:24 GMT Name: "[DSA-1679]DSA-1679-1 awstats -- cross-site scripting"
Script OID: "1.3.6.1.4.1.25623.1.3.1000826"
Script CVE: "CVE-2008-3714"
Description: Morgan Todd discovered a cross-site scripting vulnerability in
awstats, a log file analyzer, involving the "config" request
parameter (and possibly others; CVE-2008-3714).For the stable distribution (etch), this problem has been fixed
in version 6.5+dfsg-1+etch1.The unstable (sid) and testing (lenny) distribution will be
fixed soon.We recommend that you upgrade your awstats package.
Solution : http://www.debian.org/security/2008/dsa-1679.en.htmlRisk factor : High

]]> Dec 10 10:24 GMT Name: "[DSA-1677]DSA-1677-1 cupsys -- integer overflow"
Script OID: "1.3.6.1.4.1.25623.1.3.1000824"
Script CVE: "CVE-2008-5286"
Description: An integer overflow has been discovered in the image validation
code of cupsys, the Common UNIX Printing System. An attacker could
trigger this bug by supplying a malicious graphic that could lead
to the execution of arbitrary code.For the stable distribution (etch) this problem has been fixed
in version 1.2.7-4etch6.For testing distribution (lenny) this issue will be fixed
soon.For the unstable distribution (sid) this problem has been fixed
in version 1.3.8-1lenny4.We recommend that you upgrade your cupsys packages. ...

(check full advisory/plugin to read more)

]]> Dec 10 10:24 GMT Name: "[DSA-1676]DSA-1676-1 flamethrower -- insecure temp file generation"
Script OID: "1.3.6.1.4.1.25623.1.3.1000823"
Script CVE: "CVE-2008-5141"
Description: Dmitry E. Oboukhov discovered that flamethrower creates
predictable temporary filenames, which may lead to a local denial
of service through a symlink attack.For the stable distribution (etch), this problem has been fixed
in version 0.1.8-1+etch1.For the unstable distribution (sid), this problem has been fixed
in version 0.1.8-2.We recommend that you upgrade your flamethrower package.
Solution : http://www.debian.org/security/2008/dsa-1676.en.htmlRisk factor : High

]]> Dec 10 10:23 GMT Name: "[DSA-1675]DSA-1675-1 phpmyadmin -- insufficient input sanitising"
Script OID: "1.3.6.1.4.1.25623.1.3.1000822"
Script CVE: "CVE-2008-4326"
Description: Masako Oono discovered that phpMyAdmin, a web-based
administration interface for MySQL, insufficiently sanitises input
allowing a remote attacker to gather sensitive data through cross
site scripting, provided that the user uses the Internet Explorer
web browser.This update also fixes a regression introduced in DSA 1641, that
broke changing of the language and encoding in the login
screen.For the stable distribution (etch), these problems have been
fixed in version 4:2.9.1.1-9.For the unstable distribution (sid), these problems have been ...

(check full advisory/plugin to read more)

]]> Dec 10 10:23 GMT Name: "[DSA-1674]DSA-1674-1 jailer -- insecure temp file generation"
Script OID: "1.3.6.1.4.1.25623.1.3.1000821"
Script CVE: "CVE-2008-5139"
Description: Javier Fernandez-Sanguino Pena discovered that updatejail, a
component of the chroot maintenance tool Jailer, creates a
predictable temporary file name, which may lead to local denial of
service through a symlink attack.For the stable distribution (etch), this problem has been fixed
in version 0.4-9+etch1.For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version
0.4-10.We recommend that you upgrade your jailer package. ...

(check full advisory/plugin to read more)

]]> Dec 10 10:23 GMT Name: "[DSA-1673]DSA-1673-1 wireshark -- several vulnerabilities"
Script OID: "1.3.6.1.4.1.25623.1.3.1000820"
Script CVE: "CVE-2008-3137", "CVE-2008-3138", "CVE-2008-3141", "CVE-2008-3145", "CVE-2008-3933", "CVE-2008-4683", "CVE-2008-4684", "CVE-2008-4685"
Description: Several remote vulnerabilities have been discovered in network
traffic analyzer Wireshark. The Common Vulnerabilities and
Exposures project identifies the following problems:For the stable distribution (etch), these problems have been
fixed in version 0.99.4-5.etch.3.For the upcoming stable distribution (lenny), these problems
have been fixed in version 1.0.2-3+lenny2.For the unstable distribution (sid), these problems will be
fixed soon.We recommend that you upgrade your wireshark packages. ...

(check full advisory/plugin to read more)

]]> Dec 10 10:12 GMT Name: "[DSA-1672]DSA-1672-1 imlib2 -- buffer overflow"
Script OID: "1.3.6.1.4.1.25623.1.3.1000819"
Script CVE: "CVE-2008-5187"
Description: Julien Danjou and Peter De Wachter discovered that a buffer
overflow in the XPM loader of Imlib2, a powerful image loading and
rendering library, might lead to arbitrary code execution.For the stable distribution (etch), this problem has been fixed
in version 1.3.0.0debian1-4+etch2.For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version
1.4.0-1.2.We recommend that you upgrade your imlib2 packages.
Solution : http://www.debian.org/security/2008/dsa-1672.en.html ...

(check full advisory/plugin to read more)

]]> Dec 10 10:12 GMT Name: "[DSA-1671]DSA-1671-1 iceweasel -- several vulnerabilities"
Script OID: "1.3.6.1.4.1.25623.1.3.1000818"
Script CVE: "CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"
Description: Several remote vulnerabilities have been discovered in the
Iceweasel webbrowser, an unbranded version of the Firefox browser.
The Common Vulnerabilities and Exposures project identifies the
following problems:For the stable distribution (etch), these problems have been
fixed in version 2.0.0.18-0etch1.For the upcoming stable distribution (lenny) and the unstable
distribution (sid), these problems have been fixed in version
3.0.4-1 of iceweasel and version 1.9.0.4-1 of xulrunner. Packages ...

(check full advisory/plugin to read more)

]]> Dec 10 10:12 GMT Name: "[DSA-1670]DSA-1670-1 enscript -- buffer overflows"
Script OID: "1.3.6.1.4.1.25623.1.3.1000817"
Script CVE: "CVE-2008-3863", "CVE-2008-4306"
Description: Several vulnerabilities have been discovered in Enscript, a
converter from ASCII text to Postscript, HTML or RTF. The Common
Vulnerabilities and Exposures project identifies the following
problems:For the stable distribution (etch), these problems have been
fixed in version 1.6.4-11.1.For the upcoming stable distribution (lenny) and the unstable
distribution (sid), these problems have been fixed in version
1.6.4-13.We recommend that you upgrade your enscript package.
Solution : http://www.debian.org/security/2008/dsa-1670.en.html ...

(check full advisory/plugin to read more)

]]> Dec 10 10:08 GMT Name: "[DSA-1669]DSA-1669-1 xulrunner -- several vulnerabilities"
Script OID: "1.3.6.1.4.1.25623.1.3.1000816"
Script CVE: "CVE-2008-0016", "CVE-2008-3835", "CVE-2008-3836", "CVE-2008-3837", "CVE-2008-4058", "CVE-2008-4059", "CVE-2008-4060", "CVE-2008-4061", "CVE-2008-4062", "CVE-2008-4065", "CVE-2008-4066", "CVE-2008-4067", "CVE-2008-4068", "CVE-2008-4069", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-0017", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"
Description: Several remote vulnerabilities have been discovered in
Xulrunner, a runtime environment for XUL applications. The Common
Vulnerabilities and Exposures project identifies the following
problems:For the stable distribution (etch), these problems have been
fixed in version 1.8.0.15~pre080614h-0etch1. Packages for mips will
be provided later.For the upcoming stable distribution (lenny) and the unstable
distribution (sid), these problems have been fixed in version
1.9.0.4-1.We recommend that you upgrade your xulrunner packages. ...

(check full advisory/plugin to read more)

]]> Dec 10 10:08 GMT Name: "[DSA-1668]DSA-1668-1 hf -- programming error"
Script OID: "1.3.6.1.4.1.25623.1.3.1000815"
Script CVE: "CVE-2008-2378"
Description: Steve Kemp discovered that hf, an amateur-radio protocol suite
using a soundcard as a modem, insecurely tried to execute an
external command which could lead to the elevation of privileges
for local users.For the stable distribution (etch), this problem has been fixed
in version 0.7.3-4etch1.For the unstable distribution (sid), this problem has been fixed
in version 0.8-8.1.We recommend that you upgrade your hf package.
Solution : http://www.debian.org/security/2008/dsa-1668.en.html ...

(check full advisory/plugin to read more)

]]> Dec 10 10:07 GMT Name: "[DSA-1667]DSA-1667-1 python2.4 -- several vulnerabilities"
Script OID: "1.3.6.1.4.1.25623.1.3.1000814"
Script CVE: "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"
Description: Several vulnerabilities have been discovered in the interpreter
for the Python language. The Common Vulnerabilities and Exposures
project identifies the following problems:For the stable distribution (etch), these problems have been
fixed in version 2.4.4-3+etch2.For the unstable distribution (sid) and the upcoming stable
distribution (lenny), these problems have been fixed in version
2.4.5-5.We recommend that you upgrade your python2.4 packages.
Solution : http://www.debian.org/security/2008/dsa-1667.en.html ...

(check full advisory/plugin to read more)

]]> Dec 10 10:07 GMT Name: "[DSA-1666]DSA-1666-1 libxml2 -- several vulnerabilities"
Script OID: "1.3.6.1.4.1.25623.1.3.1000813"
Script CVE: "CVE-2008-4225", "CVE-2008-4226"
Description: Several vulnerabilities have been discovered in the GNOME XML
library. The Common Vulnerabilities and Exposures project
identifies the following problems:For the stable distribution (etch), these problems have been
fixed in version 2.6.27.dfsg-6.For the upcoming stable distribution (lenny) and the unstable
distribution (sid), these problems will be fixed soon.We recommend that you upgrade your libxml2 packages.
Solution : http://www.debian.org/security/2008/dsa-1666.en.htmlRisk factor : High

]]> Nov 18 09:30 GMT Name: "[DSA-1665]DSA-1665-1 libcdaudio -- heap overflow"
Script OID: "1.3.6.1.4.1.25623.1.3.1000812"
Script CVE: "CVE-2008-5030"
Description: It was discovered that a heap overflow in the CDDB retrieval
code of libcdaudio, a library for controlling a CD-ROM when playing
audio CDs, may result in the execution of arbitrary code.For the stable distribution (etch), this problem has been fixed
in version 0.99.12p2-2+etch1. A package for hppa will be provided
later.For the upcoming stable distribution (lenny) and the unstable
distribution (sid), this problem has been fixed in version
0.99.12p2-7.We recommend that you upgrade your libcdaudio packages. ...

(check full advisory/plugin to read more)

]]> Nov 18 09:30 GMT Name: "[DSA-1664]DSA-1664-1 ekg -- missing input sanitising"
Script OID: "1.3.6.1.4.1.25623.1.3.1000811"
Script CVE: "CVE-2008-4776"
Description: It was discovered that ekg, a console Gadu Gadu client performs
insufficient input sanitising in the code to parse contact
descriptions, which may result in denial of service.For the stable distribution (etch), this problem has been fixed
in version 1:1.7~rc2-1etch2.For the unstable distribution (sid) and the upcoming stable
distribution (lenny), this problem has been fixed in version
1:1.8~rc1-2 of libgadu.We recommend that you upgrade your ekg package.
Solution : http://www.debian.org/security/2008/dsa-1664.en.html ...

(check full advisory/plugin to read more)

]]> Nov 18 09:30 GMT Name: "[DSA-1663]DSA-1663-1 net-snmp -- several vulnerabilities"
Script OID: "1.3.6.1.4.1.25623.1.3.1000810"
Script CVE: "CVE-2008-0960", "CVE-2008-2292", "CVE-2008-4309"
Description: Several vulnerabilities have been discovered in NET SNMP, a
suite of Simple Network Management Protocol applications. The
Common Vulnerabilities and Exposures project identifies the
following problems:For the stable distribution (etch), these problems has been
fixed in version 5.2.3-7etch4.For the testing distribution (lenny) and unstable distribution
(sid) these problems have been fixed in version 5.4.1~dfsg-11.We recommend that you upgrade your net-snmp package.
Solution : http://www.debian.org/security/2008/dsa-1663.en.html ...

(check full advisory/plugin to read more)

]]> Nov 18 09:30 GMT Name: "[DSA-1662]DSA-1662-1 mysql-dfsg-5.0 -- authorization bypass"
Script OID: "1.3.6.1.4.1.25623.1.3.1000809"
Script CVE: "CVE-2008-4098"
Description: A symlink traversal vulnerability was discovered in MySQL, a
relational database server. The weakness could permit an attacker
having both CREATE TABLE access to a database and the ability to
execute shell commands on the database server to bypass MySQL
access controls, enabling them to write to tables in databases to
which they would not ordinarily have access.The Common Vulnerabilities and Exposures project identifies this
vulnerability as CVE-2008-4098.
Note that a closely aligned issue, identified as CVE-2008-4097, ...

(check full advisory/plugin to read more)

]]> Nov 18 09:30 GMT Name: "Trend Micro OfficeScan CGI Parsing Buffer Overflow Vulnerability"
Script OID: "1.3.6.1.4.1.25623.1.3.900164"
Script BID: 31859
Script CVE: "CVE-2008-3862"
Description:
Overview: This host is installed with Trend Micro OfficeScan and is prone to
stack based buffer overflow vulnerability.

The vulnerability is caused due to boundary error in the CGI modules when
processing specially crafted HTTP request.

Impact:
Allows an attacker to execute arbitrary code, which may facilitate a complete
compromise of vulnerable system.

Impact Level: Application

Affected Software/OS:
TrendMicro OfficeScan Corporate Edition 7.3 Build prior to 1374. ...

(check full advisory/plugin to read more)

]]> Oct 30 10:42 GMT Name: "RealVNC VNC Viewer Remote Code Execution Vulnerability (Win
Script OID: "1.3.6.1.4.1.25623.1.3.900162"
Script BID: 31832
Description:
Overview: This host has RealVNC VNC Viewer installed and is prone to security
vulnerability.

The flaw is caused due to error in 'CMsgReader::readRect()' function in
common/rfb/CMsgReader.cxx processing encoding types, and is exploited by
sending specially crafted messages to the application.

Impact:
Successful exploitation will allow execution of arbitrary code when user
connects to a malicious server.

Impact Level: Application ...

(check full advisory/plugin to read more)

]]> Oct 30 10:41 GMT Name: "RealVNC VNC Viewer Remote Code Execution Vulnerability (Linux
Script OID: "1.3.6.1.4.1.25623.1.3.900163"
Script BID: 31832
Description:
Overview: This host has RealVNC VNC Viewer installed and is prone to security
vulnerability.

The flaw is caused due to error in 'CMsgReader::readRect()' function in
common/rfb/CMsgReader.cxx processing encoding types, and is exploited by
sending specially crafted messages to the application.

Impact:
Successful exploitation will allow execution of arbitrary code when user
connects to a malicious server.

Impact Level: Application ...

(check full advisory/plugin to read more)

]]> Oct 30 10:41 GMT Name: "[DSA-1661]DSA-1661-1 openoffice.org -- several vulnerabilities"
Script OID: "1.3.6.1.4.1.25623.1.3.1000808"
Script CVE: "CVE-2008-2237", "CVE-2008-2238"
Description: Several vulnerabilities have been discovered in the
OpenOffice.org office suite:For the stable distribution (etch) these problems have been
fixed in version 2.0.4.dfsg.2-7etch6.For the unstable distribution (sid) these problems have been
fixed in version 2.4.1-12.For the experimental distribution these problems have been fixed
in version 3.0.0~rc3-1.We recommend that you upgrade your OpenOffice.org package.
Solution : http://www.debian.org/security/2008/dsa-1661.en.htmlRisk factor : High

]]> Oct 30 10:38 GMT Name: "[DSA-1660]DSA-1660-1 clamav -- null pointer dereference, resource exhaustation"
Script OID: "1.3.6.1.4.1.25623.1.3.1000807"
Script CVE: "CVE-2008-3912", "CVE-2008-3913", "CVE-2008-3914"
Description: Several denial-of-service vulnerabilities have been discovered
in the ClamAV anti-virus toolkit:Insufficient checking for out-of-memory conditions results in
null pointer dereferences (CVE-2008-3912).Incorrect error handling logic leads to memory leaks (CVE-2008-3913)
and file descriptor leaks (CVE-2008-3914).For the stable distribution (etch), these problems have been
fixed in version 0.90.1dfsg-4etch15.For the unstable distribution (sid) and the testing distribution
(lenny), these problems have been fixed in version 0.94.dfsg-1.We recommend that you upgrade your clamav package. ...

(check full advisory/plugin to read more)

]]> Oct 27 10:06 GMT Name: "[DSA-1659]DSA-1659-1 libspf2 -- buffer overflow"
Script OID: "1.3.6.1.4.1.25623.1.3.1000806"
Script CVE: "CVE-2008-2469"
Description: Dan Kaminsky discovered that libspf2, an implementation of the
Sender Policy Framework (SPF) used by mail servers for mail
filtering, handles malformed TXT records incorrectly, leading to a
buffer overflow condition (CVE-2008-2469).Note that the SPF configuration template in Debians Exim
configuration recommends to use libmail-spf-query-perl, which does
not suffer from this issue.For the stable distribution (etch), this problem has been fixed
in version 1.2.5-4+etch1.For the testing distribution (lenny), this problem has been ...

(check full advisory/plugin to read more)

]]> Oct 27 10:06 GMT Name: "[DSA-1658]DSA-1658-1 dbus -- programming error"
Script OID: "1.3.6.1.4.1.25623.1.3.1000805"
Script CVE: "CVE-2008-3834"
Description: Colin Walters discovered that the dbus_signature_validate
function in dbus, a simple interprocess messaging system, is prone
to a denial of service attack.For the stable distribution (etch), this problem has been fixed
in version 1.0.2-1+etch2.For the testing distribution (lenny) and unstable distribution
(sid) this problem will be fixed soon.We recommend that you upgrade your dbus package.
Solution : http://www.debian.org/security/2008/dsa-1658.en.htmlRisk factor : High

]]> Oct 27 10:06 GMT Name: "[DSA-1657]DSA-1657-1 qemu -- insecure temporary files"
Script OID: "1.3.6.1.4.1.25623.1.3.1000804"
Script CVE: "CVE-2008-4553"
Description: Dmitry E. Oboukhov discovered that the qemu-make-debian-root
script in qemu, fast processor emulator, creates temporary files
insecurely, which may lead to a local denial of service through
symlink attacks.For the stable distribution (etch), this problem has been fixed
in version 0.8.2-4etch2.For the testing (lenny) and unstable distribution (sid), this
problem has been fixed in version 0.9.1-6.We recommend that you upgrade your qemu package.
Solution : http://www.debian.org/security/2008/dsa-1657.en.html ...

(check full advisory/plugin to read more)

]]> Oct 27 10:06 GMT Name: "[DSA-1656]DSA-1656-1 cupsys -- several vulnerabilities"
Script OID: "1.3.6.1.4.1.25623.1.3.1000803"
Script CVE: "CVE-2008-3639", "CVE-2008-3640", "CVE-2008-3641"
Description: Several local vulnerabilities have been discovered in the Common
UNIX Printing System. The Common Vulnerabilities and Exposures
project identifies the following problems:For the stable distribution (etch), these problems have been
fixed in version 1.2.7-4etch5.For the unstable distribution (sid) and the upcoming stable
distribution (lenny), these problems have been fixed in version
1.3.8-1lenny2 of the source package cups.We recommend that you upgrade your cupsys package.
Solution : http://www.debian.org/security/2008/dsa-1656.en.html ...

(check full advisory/plugin to read more)

]]> Oct 27 10:06 GMT Name: "[DSA-1655]DSA-1655-1 linux-2.6.24 -- denial of service/information leak/privilege escalation"
Script OID: "1.3.6.1.4.1.25623.1.3.1000802"
Script CVE: "CVE-2008-1514", "CVE-2008-3525", "CVE-2008-3831", "CVE-2008-4113", "CVE-2008-4445"
Description: Several vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service, privilege escalation or a
leak of sensitive data. The Common Vulnerabilities and Exposures
project identifies the following problems:For the stable distribution (etch), these problems have been
fixed in version 2.6.24-6~etchnhalf.6.We recommend that you upgrade your linux-2.6.24 packages.
Solution : http://www.debian.org/security/2008/dsa-1655.en.htmlRisk factor : High

]]> Oct 27 10:05 GMT Name: "[GLSA-200810-02]Portage: Untrusted search path local root vulnerability"
Script OID: "1.3.6.1.4.1.25623.1.3.1011312"
Description: The remote host is affected by the vulnerability described in GLSA-200810-02
Portage: Untrusted search path local root vulnerability

Synopsis:

A search path vulnerability in Portage allows local attackers to
execute commands with root privileges if emerge is called from
untrusted directories.

Background:

Portage is Gentoos package manager which is responsible for
installing, compiling and updating all packages on the system
through the Gentoo rsync tree. ...

(check full advisory/plugin to read more)

]]> Oct 27 09:58 GMT Name: "Server Service Could Allow Remote Code Execution Vulnerability (958644
Script OID: "1.3.6.1.4.1.25623.1.3.900055"
Script BID: 31874
Script CVE: "CVE-2008-4250"
Description:
MS08-067

Overview: This host has critical security update missing according to
Microsoft Bulletin MS08-067.

Vulnerability Insight:
Flaw is due to an error in the Server Service, that does not properly
handle specially crafted RPC requests.

Impact: Successful exploitation could allow remote attackers to take
complete control of an affected system.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior. ...

(check full advisory/plugin to read more)

]]> Oct 27 09:39 GMT Name: "[GLSA-200810-01]WordNet: Execution of arbitrary code —Gentoo Linux Documentation"
Script OID: "1.3.6.1.4.1.25623.1.3.1011311"
Description: The remote host is affected by the vulnerability described in GLSA-200810-01
WordNet: Execution of arbitrary code —Gentoo Linux Documentation

Synopsis:

Multiple vulnerabilities were found in WordNet, possibly
allowing for the execution of arbitrary code.

Background:

WordNet is a large lexical database of English.

Description:

Jukka Ruohonen initially reported a boundary error within the
searchwn() function in src/wn.c. A thorough investigation by the ...

(check full advisory/plugin to read more)

]]> Oct 15 10:01 GMT Name: "[GLSA-200809-18]ClamAV: Multiple Denials of Service —Gentoo Linux Documentation"
Script OID: "1.3.6.1.4.1.25623.1.3.1011310"
Description: The remote host is affected by the vulnerability described in GLSA-200809-18
ClamAV: Multiple Denials of Service —Gentoo Linux Documentation

Synopsis:

Multiple vulnerabilities in ClamAV may result in a Denial of
Service.

Background:

Clam AntiVirus is a free anti-virus toolkit for UNIX, designed
especially for e-mail scanning on mail gateways.

Description:

Hanno boeck reported an error in libclamav/chmunpack.c when
processing CHM files (CVE-2008-1389). Other unspecified ...

(check full advisory/plugin to read more)

]]> Oct 15 10:01 GMT Name: "[GLSA-200809-17]Wireshark: Multiple Denials of Service —Gentoo Linux Documentation"
Script OID: "1.3.6.1.4.1.25623.1.3.1011309"
Description: The remote host is affected by the vulnerability described in GLSA-200809-17
Wireshark: Multiple Denials of Service —Gentoo Linux Documentation

Synopsis:

Multiple Denial of Service vulnerabilities have been discovered
in Wireshark.

Background:

Wireshark is a network protocol analyzer with a graphical
front-end.

Description:

The following vulnerabilities were reported:

Impact:

A remote attacker could exploit these vulnerabilities by sending ...

(check full advisory/plugin to read more)

]]> Oct 15 10:01 GMT Name: "[GLSA-200809-16]Git: User-assisted execution of arbitrary code— Gentoo Linux Documentation"
Script OID: "1.3.6.1.4.1.25623.1.3.1011308"
Description: The remote host is affected by the vulnerability described in GLSA-200809-16
Git: User-assisted execution of arbitrary code— Gentoo Linux Documentation

Synopsis:

Multiple buffer overflow vulnerabilities have been discovered in
Git.

Background:

Git is a distributed version control system.

Description:

Multiple boundary errors in the functions diff_addremove() and
diff_change() when processing overly long repository path names ...

(check full advisory/plugin to read more)

]]> Oct 15 10:01 GMT Name: "[GLSA-200809-15]GNU ed: User-assisted execution of arbitrary code— Gentoo Linux Documentation"
Script OID: "1.3.6.1.4.1.25623.1.3.1011307"
Description: The remote host is affected by the vulnerability described in GLSA-200809-15
GNU ed: User-assisted execution of arbitrary code— Gentoo Linux Documentation

Synopsis:

A buffer overflow vulnerability in ed may allow for the remote
execution of arbitrary code.

Background:

GNU ed is a basic line editor. red is a restricted version of ed
that does not allow shell command execution.

Description:

Alfredo Ortega from Core Security Technologies reported a ...

(check full advisory/plugin to read more)

]]> Oct 15 10:00 GMT Name: "[GLSA-200809-14]BitlBee: Security bypass — Gentoo LinuxDocumentation"
Script OID: "1.3.6.1.4.1.25623.1.3.1011306"
Description: The remote host is affected by the vulnerability described in GLSA-200809-14
BitlBee: Security bypass — Gentoo LinuxDocumentation

Synopsis:

Multiple vulnerabilities in Bitlbee may allow to bypass security
restrictions and hijack accounts.

Background:

BitlBee is an IRC to IM gateway that support multiple IM
protocols.

Description:

Multiple unspecified vulnerabilities were reported, including a
NULL pointer dereference. ...

(check full advisory/plugin to read more)

]]> Oct 15 10:00 GMT Name: "[GLSA-200809-13]R: Insecure temporary file creation —Gentoo Linux Documentation"
Script OID: "1.3.6.1.4.1.25623.1.3.1011305"
Description: The remote host is affected by the vulnerability described in GLSA-200809-13
R: Insecure temporary file creation —Gentoo Linux Documentation

Synopsis:

R is vulnerable to symlink attacks due to an insecure usage of
temporary files.

Background:

R is a GPL licensed implementation of S, a language and
environment for statistical computing and graphics.

Description:

Dmitry E. Oboukhov reported that the "javareconf" script uses ...

(check full advisory/plugin to read more)

]]> Oct 15 10:00 GMT