BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses

Overview A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses. Description BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC: There was an error in the DNSSEC NSEC/NSEC3 validation code that cou...

iDefense Security Advisory 08.06.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability

iDefense Security Advisory 08.04.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 04, 2009 I. BACKGROUND Pack200 is a compression method introduced by Sun in the 1.5 release of the JRE. It is used to compress JAR files, and is optimized for the compression of Java class files. A Java...

iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 03.25.09 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 25, 2009 I. BACKGROUND The Sun Java JRE is Sun's implementation of the Java runtime. For more information, see the vendor's site found at the following link...

iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 12.02.08 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 02, 2008 I. BACKGROUND The Sun Java JRE is Sun's implementation of the Java runtime. For more information, see the vendor's site found at the following link...

MIT Kerberos kadmind principal renaming stack buffer overflow

Overview The MIT Kerberos administration daemon kadmind contains a stack buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the principal renaming operation used by the Kerberos...

libpng denial of service vulnerability

Overview The libpng library contains a denial-of-service vulnerability. Description The libpng library can be used to allow other applications to render PNG images.The libpng library contains a denial-of-service vulnerability. From the Libpng-1.2.16-ADVISORY: This vulnerability could be used to...

Solaris 10 - sysinfo() Local Kernel Memory Disclosure (1)

Solaris 10 - sysinfo Local Kernel Memory Disclosure 1 / Sun Microsystems Solaris sysinfo Kernel Memory Disclosure exploit =================================================================== Local exploitation of an integer overflow vulnerability in Sun Microsystems Inc. Solaris allows attackers t...

Sun Java System Web Proxy Server vulnerable to buffer overflow

Overview Buffer overflow vulnerabilities in the Java System Web Proxy Server may allow remote attackers to execute arbitrary code or cause a denial-of-service condition. Description The Java System Web Proxy Server is a caching HTTP proxy server. A lack of bounds checking in the Java System Web...