LD Software

Vuln: Pidgin OSCAR Protocol Web Message Denial of Service V

Monty@ld-software.co.uk — Fri, 03 Jul 2009 11:29:35 +0100

Author: Monty

Posted: Fri 03 Jul 2009, 10:29

Vuln: Pidgin OSCAR Protocol Web Message Denial of Service Vulnerability
Pidgin OSCAR Protocol Web Message Denial of Service Vulnerability

Publish Date: 2009-07-03
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Vuln: APOP Protocol Insecure MD5 Hash Weakness

Monty@ld-software.co.uk — Fri, 03 Jul 2009 11:29:35 +0100

Author: Monty

Posted: Fri 03 Jul 2009, 10:29

Vuln: APOP Protocol Insecure MD5 Hash Weakness
APOP Protocol Insecure MD5 Hash Weakness

Publish Date: 2009-07-03
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Vuln: Ruby 'OCSP_basic_verify()' X.509 Certificate Verifica

Monty@ld-software.co.uk — Fri, 03 Jul 2009 11:29:35 +0100

Author: Monty

Posted: Fri 03 Jul 2009, 10:29

Vuln: Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability

Publish Date: 2009-07-03
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Vuln: Ruby BigDecimal Library Denial Of Service Vulnerabili

Monty@ld-software.co.uk — Fri, 03 Jul 2009 11:29:34 +0100

Author: Monty

Posted: Fri 03 Jul 2009, 10:29

Vuln: Ruby BigDecimal Library Denial Of Service Vulnerability
Ruby BigDecimal Library Denial Of Service Vulnerability

Publish Date: 2009-07-03
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Bugtraq: Multiple Flaws in Axesstel MV 410R

Monty@ld-software.co.uk — Fri, 03 Jul 2009 11:29:34 +0100

Author: Monty

Posted: Fri 03 Jul 2009, 10:29

Bugtraq: Multiple Flaws in Axesstel MV 410R
Multiple Flaws in Axesstel MV 410R

Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Bugtraq: [ GLSA 200907-02 ] ModSecurity: Denial of Service

Monty@ld-software.co.uk — Fri, 03 Jul 2009 11:29:34 +0100

Author: Monty

Posted: Fri 03 Jul 2009, 10:29

Bugtraq: [ GLSA 200907-02 ] ModSecurity: Denial of Service
[ GLSA 200907-02 ] ModSecurity: Denial of Service

Quote:

Gentoo Linux Security Advisory GLSA 200907-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: ModSecurity: Denial of Service
Date: July 02, 2009
Bugs: #262302
ID: 200907-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Two vulnerabilities in ModSecurity might lead to a Denial of Service.

Background
==========

ModSecurity is a popular web application firewall for the Apache HTTP
server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apache/mod_security < 2.5.9 >= 2.5.9

Description
===========

Multiple vulnerabilities were discovered in ModSecurity:

* Juan Galiana Lara of ISecAuditors discovered a NULL pointer
dereference when processing multipart requests without a part header
name (CVE-2009-1902).

* Steve Grubb of Red Hat reported that the "PDF XSS protection"
feature does not properly handle HTTP requests to a PDF file that do
not use the GET method (CVE-2009-1903).

Impact
======

A remote attacker might send requests containing specially crafted
multipart data or send certain requests to access a PDF file, possibly
resulting in a Denial of Service (crash) of the Apache HTTP daemon.
NOTE: The PDF XSS protection is not enabled by default.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All ModSecurity users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/mod_security-2.5.9"

References
==========

[ 1 ] CVE-2009-1902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1902
[ 2 ] CVE-2009-1903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1903

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200907-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEABECAAYFAkpNDLgACgkQk+oqhfPAZGkRbwCeIRVMW4CjMKvWK0JVslza1vnl
f9QAn27cJI7xa2ynOxRhSrrDTHlngn8O
=tqn1
-----END PGP SIGNATURE-----

Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Bugtraq: [ GLSA 200907-01 ] libwmf: User-assisted execution

Monty@ld-software.co.uk — Fri, 03 Jul 2009 11:29:34 +0100

Author: Monty

Posted: Fri 03 Jul 2009, 10:29

Bugtraq: [ GLSA 200907-01 ] libwmf: User-assisted execution of arbitrary code
[ GLSA 200907-01 ] libwmf: User-assisted execution of arbitrary code

Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Bugtraq: [USN-795-1] Nagios vulnerability

Monty@ld-software.co.uk — Fri, 03 Jul 2009 11:29:33 +0100

Author: Monty

Posted: Fri 03 Jul 2009, 10:29

Bugtraq: [USN-795-1] Nagios vulnerability
[USN-795-1] Nagios vulnerability

Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

XHTML 2 Working Group Expected to Stop Work End of 2009, W3

Solereaper@ld-software.co.uk — Fri, 03 Jul 2009 11:29:32 +0100

Author: Solereaper

Posted: Fri 03 Jul 2009, 10:29

XHTML 2 Working Group Expected to Stop Work End of 2009, W3C to Increase Resources on HTML 5
2009-07-02: Today the Director announces that when the XHTML 2 Working Group charter expires as scheduled at the end of 2009, the charter will not be renewed. By doing so, and by increasing resources in the Working Group, W3C hopes to accelerate the progress of HTML 5 and clarify W3C's position regarding the future of HTML. A FAQ answers questions about the future of deliverables of the XHTML 2 Working Group, and the status of various discussions related to HTML. Learn more about the HTML Activity. (Permalink)

Read more...

Summary of Workshop on Speaker Biometrics and VoiceXML 3.0

Solereaper@ld-software.co.uk — Fri, 03 Jul 2009 11:29:32 +0100

Author: Solereaper

Posted: Fri 03 Jul 2009, 10:29

Summary of Workshop on Speaker Biometrics and VoiceXML 3.0 Available
2009-07-02: W3C has published a summary and full minutes of the Workshop on Speaker biometrics and VoiceXML 3.0, that took place in Menlo Park, California on 5-6 March. Participants from 15 organizations focused discussion on Speaker Identification and Verification (SIV) functionality within VoiceXML 3.0, and identifying and prioritizing directions for the functionality. The major "takeaway" from the Workshop was confirmation that SIV fits into the VoiceXML space and generating the "Menlo Park Model", a SIV available VoiceXML architecture. The Working Group will continue to discuss how to include the requirements expressed at the Workshop into VoiceXML 3.0 and improve the specification. Learn more about the Voice Browser Activity. (Permalink)

Read more...

First Draft of SPARQL New Features and Rationale

Solereaper@ld-software.co.uk — Fri, 03 Jul 2009 11:29:32 +0100

Author: Solereaper

Posted: Fri 03 Jul 2009, 10:29

First Draft of SPARQL New Features and Rationale
2009-07-02: The SPARQL Working Group has published the First Public Working Draft of SPARQL New Features and Rationale. This document provides an overview of the main new features of SPARQL and their rationale. This is an update to SPARQL adding several new features that have been agreed by the SPARQL WG. These language features were determined based on real applications and user and tool-developer experience. Learn more about the Semantic Web Activity. (Permalink)

Read more...

Vuln: Linux Kernel Frame Size Integer Overflow Remote Infor

Monty@ld-software.co.uk — Thu, 02 Jul 2009 11:34:33 +0100

Author: Monty

Posted: Thu 02 Jul 2009, 10:34

Vuln: Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability

Publish Date: 2009-07-02
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Vuln: Linux Kernel 'inet6_hashtables.c' NULL Pointer Derefe

Monty@ld-software.co.uk — Thu, 02 Jul 2009 11:34:33 +0100

Author: Monty

Posted: Thu 02 Jul 2009, 10:34

Vuln: Linux Kernel 'inet6_hashtables.c' NULL Pointer Dereference Denial of Service Vulnerability
Linux Kernel 'inet6_hashtables.c' NULL Pointer Dereference Denial of Service Vulnerability

Publish Date: 2009-07-02
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Vuln: Linux Kernel 'exit_notify()' CAP_KILL Verification Lo

Monty@ld-software.co.uk — Thu, 02 Jul 2009 11:34:33 +0100

Author: Monty

Posted: Thu 02 Jul 2009, 10:34

Vuln: Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability

Publish Date: 2009-07-02
Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.

Bugtraq: VMSA-2009-0008 ESX Service Console update for krb5

Monty@ld-software.co.uk — Thu, 02 Jul 2009 11:34:33 +0100

Author: Monty

Posted: Thu 02 Jul 2009, 10:34

Bugtraq: VMSA-2009-0008 ESX Service Console update for krb5
VMSA-2009-0008 ESX Service Console update for krb5

Read more...

Source: SecurityFocus Vulnerabilities
Description: SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.