Category: Security

New xterm packages fix remote code execution

Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383).  – ————————————————————————Debian Security Advisory DSA-1694-1 security@debian.orghttp://www.debian.org/security/ Florian WeimerJanuary 02, 2009 http://www.debian.org/security/faq– ———————————————————————— Package : xtermVulnerability : design flawProblem type : local (remote)Debian-specific: noCVE Id(s) : CVE-2008-2383Debian Bug : […]

Read More

Vulnerabilities in Firefox and Xulrunner – Ubuntu

Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked intoviewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking theprogram. (CVE-2009-1563) . A security issue affects […]

Read More

GD library vulnerabilities

Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2009-3546).  =========================================================== Ubuntu Security Notice USN-854-1 November […]

Read More

OpenLDAP vulnerability – Ubuntu

It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. =========================================================== Ubuntu Security Notice USN-858-1 November 12, 2009 openldap2.2 vulnerability CVE-2009-3767 =========================================================== A security issue […]

Read More

Botnet shutdown by Panda Security

Panda Security and Defence Intelligence Coordinate Massive Botnet Shutdown with International Law Enforcement. Collaborative cybercrime investigation results in three arrests, more pending — Personal and financial data compromised from massive cyber attack impacting nearly 13 million unique IP addresses, 50 percent of Fortune 1000 companies — Preliminary damages estimated to be in the millions of […]

Read More

Ups.com hacked

Numerous people noticed that the UPS.com website was defaced yesterday. While groups like LulzSec and Anonymous have been receiving most of the publicity recently, there are still other people out there looking to attack sites and today a group calling themselves TurkGuvenligi (translated to Turkish Trust League) is responsible for the defacement. The group appears […]

Read More
Back to top