CVE-2008-1673

The asn1 implementation in a the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ipnatsnmpbasic modules; and b the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of servi...

CVE-2008-1673

The CVE-2008-1673 vulnerability affects the Linux kernel ASN.1 BER decoding in CIFS and ip_nat_snmp_basic modules (and gxsnmp). Root cause: improper validation of ASN.1 BER lengths, enabling a remote attacker to crash the system or execute arbitrary code via: (1) a length greater than the working...

Sun Solaris TCP SYN Flood远程拒绝服务漏洞

BUGTRAQ ID: 29089 Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris的TCP实现中的安全漏洞可能允许远程非特权用户在TCP SYN洪水的情况下导致接受新的网络连接速度变慢，可能无法创建网络连接便已超时。此外，单处理器系统还可能由于高CPU使用率而总体变慢，导致整个系统拒绝服务。 这个漏洞影响ndd1M可调节值tcpconnreqmaxq0明显高于默认值1024的主机。该值越大，漏洞被利用后对主机的影响越大。如果这个漏洞被利用，控制台中可看到以下消息： WARNING: High TCP connect timeout rate! Syst...

Hackers social engineering attacks new technologies:opportunities and-attack-vulnerability warning-the black bar safety net

Opportunities type of attack refers to a specific time, place, event, environmental conditions, take special tools for the invasion and destruction of the means, it belongs to social engineering attacks, and in 2 0 0 8 years will frequently appear. Trendy attacks As social engineering attacks,...

Gentoo Linux multiple packages incalid SSL certificates generation

Certificate may be leaked to public file due to invalid ssl-cert eclass implementation...

[SECURITY] Fedora 8 Update: libtirpc-0.1.7-15.fc8

This package contains SunLib's implementation of transport-independent RPC TI-RPC documentation. This library forms a piece of the base of Open Network Computing ONC, and is derived directly from the Solaris 2.3 source. TI-RPC is an enhanced version of TS-RPC that requires the UNIX System V...

[SECURITY] Fedora 8 Update: odccm-0.11-1.fc8

Odccm is a dccm-implementation for Windows Mobile devices...

Cisco IP Phone 7921不安全PEAP实现漏洞

BUGTRAQ ID: 27935 Cisco 7921是一部无线的IP电话。 Cisco IP Phone 7921认证机制实现上存在漏洞，远程攻击者可能利用此漏洞获取口令相关的信息。 如果将Cisco 7921 IP电话配置为使用PEAP （MS-CHAPv2）的话，就不会验证服务器证书。如果恶意用户建立了恶意的接入点且RADIUS后端的签名数字证书声明与客户端使用相同证书的话，由于客户端不会检查签名，因此就会认为正在与可信任的服务器通讯，可能会向服务器发送哈希口令或PIN。 Cisco IP Phone 7921 厂商补丁： Cisco -----...

Design/Logic Flaw

Unspecified vulnerability in the Internet Protocol IP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service panic via unknown vectors, possibly related to ICMP packets and IP fragment reassembly...

CVE-2008-1095

Unspecified vulnerability in the Internet Protocol IP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service panic via unknown vectors, possibly related to ICMP packets and IP fragment reassembly...

CVE-2008-1095

CVE-2008-1095 affects the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10. The vulnerability is described as an unspecified issue that allows remote attackers to bypass firewall policies or cause a denial of service (panic) via unknown vectors, with possible involvement of ICMP ...

LSrunasE and Supercrypt cryptogoraphic vulnerabilities

Cryptography is implemented in insecure way...

SOL8331 - OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. Information...

Debian Security Advisory DSA 1183-1 (kernel-source-2.4.27)

The remote host is missing an update to kernel-source-2.4.27 announced via advisory DSA 1183-1. OpenVAS Vulnerability Test $Id: deb11831.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1183-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1210-1 (mozilla-firefox)

The remote host is missing an update to mozilla-firefox announced via advisory DSA 1210-1. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:...

Debian: Security Advisory (DSA-1183-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-0294

Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors...

Update Protection against IBM Lotus Domino IMAP Server Buffer Overflow

IBM Lotus Domino Server is a collaboration software that provides mail, messaging, calendaring and scheduling capabilities across multiple OS platforms. The product implements numerous services based on open standards, including SMTP, IMAP, and POP3. Lotus Notes is the client implementation of th...

SuSE 10 Security Update : mutt (ZYPP Patch Number 3752)

This update of mutt fixes a vulnerability in the APOP implementation that allows an active attacker to guess three bytes of the password. CVE-2007-1558 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

squids ICAP implementation lacks a defer check when reading from ICAP server

squids ICAP implementation does not check mem-store size before reading from an ICAP-server. If the user does not confirm browsers download-message-box, squid keeps on reading data from the ICAP server into the memory store, whilst no more data can be delivered to the client. Thus the memory stor...