Bala Krishna, Sergey Yakovlev Security Vulnerabilities

Softman Admin SQL Injection

...

Ubuntu Update for linux-ec2 vulnerabilities USN-1080-2

Ubuntu Update for Linux kernel vulnerabilities...

Linux kernel vulnerabilities

Releases Ubuntu 10.04 Packages linux-lts-backport-maverick - Linux kernel, Maverick backport to Lucid LTS Details Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904) Nelson...

About the security content of iTunes 10.2

About the security content of iTunes 10.2 * Last Modified: March 02, 2011 * Article: HT4554 Email this article Print this page Summary This document describes the security content of iTunes 10.2. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1080-2)

Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3865) Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not...

Linux kernel vulnerabilities

Releases Ubuntu 10.04 Packages linux-ec2 - Linux kernel for EC2 Details Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3865)...

Ubuntu 10.04 LTS : linux vulnerabilities (USN-1080-1)

Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3865) Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not...

Google Fixes 19 Bugs in Chrome, Pays $14K in Bug Bounties

Google has released version 9.0.597.107 of its Chrome browser, fixing 19 security vulnerabilities and paying $14,000 in rewards to researchers in the process. The new version of Chrome, which Google released on Monday afternoon, includes fixes for 16 high-severity vulnerabilities and three bugs...

Linux kernel vulnerabilities

Releases Ubuntu 10.04 Packages linux - Linux kernel Details Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3865) Vasiliy Kulikov...

Linux kernel vulnerabilities

Releases Ubuntu 10.04 Packages linux-fsl-imx51 - Linux kernel for FSL IMX51 Details Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904) Nelson Elhage discovered several...

Ubuntu Update for aptdaemon vulnerability USN-1068-1

Ubuntu Update for Linux kernel vulnerabilities...

Linux kernel vulnerabilities

Releases Ubuntu 9.10 Packages linux-fsl-imx51 - Linux kernel for FSL IMX51 Details Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2009-4895) Dan Rosenberg discovered that the MOVE_EXT ext4...

Ubuntu 10.10 : aptdaemon vulnerability (USN-1068-1)

Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain arguments when using its D-Bus interface. A local attacker could use this flaw to bypass security restrictions and view sensitive information by reading arbitrary files. Note that Tenable Network Security has extracted the...

Aptdaemon vulnerability

Releases Ubuntu 10.10 Packages aptdaemon - Details Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain arguments when using its D-Bus interface. A local attacker could use this flaw to bypass security restrictions and view sensitive information by reading arbitrary...

Week in Security: Chinese SCADA Miscommunication and Botnets 2011: The Return

The specter of Stuxnet reared its head again this week, with news of a critical hole in some Chinese SCADA software, while, elsewhere, botnets reloaded following a holiday break, and patches from Microsoft, Google and RIM made headlines. Read on for the full week in review. At the top of the news.....

Google Release Chrome 8.0.552, Pays $14,000 in Bug Bounties

Google has released version 8.0.552.237 of its Chrome browser, which includes fixes for 16 security vulnerabilities. The company also paid out more than $14,000 in bug bounties for the flaws fixed in this release, including the first maximum reward of $3133.7. The new version of Google Chrome has.....

Cyber harassment : Girl's morphed photo and phone number put on web !

BANGALORE: An Information Technology student who is in Bangalore in search of employment has filed a complaint against a youth for harassment. Thyagarajanagar police have registered a case against one Krishna Mohan who hails from Andhra Pradesh under the Information Technology Act 2000. The...

Sonic.net Selected by Google to Operate Stanford Fiber Network !

Sonic.net today announced it has been selected to operate and support the trial fiber-to-the-home network Google is building at Stanford University. This experimental project will test new fiber construction and operation methods, while delivering full gigabit speeds to approximately 850 faculty...

Ubuntu Update for exim4 vulnerability USN-1032-1

Ubuntu Update for Linux kernel vulnerabilities...

Google Fixes High-Risk Bugs in Chrome

Google has pushed out a new version of its Chrome browser, fixing two high-priority security bugs as well as several other flaws. Google Chrome 8.0.552.224 is now available in both the stable and beta channels, and Google also has updated the Chromium OS with the new changes. The company released.....

Exim string_format() buffer overflow

Overview The Exim mail server contains a buffer overflow that could allow a remote attacker to execute arbitrary code on an affected system. Description Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. The internal...

Exim alternate configuration privilege escalation vulnerability

Overview A vulnerability in the way that the Exim mail server handles configuration files may allow a local attacker to gain escalated privileges on an affected system. Description Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to.....

Exim security issue in historical release

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It has come to the attention of The Exim Maintainers that there is an exploit circulating in the wild which affects versions of Exim versions 4.69 and below -- Exim 4.70 was released in November 2009. The flaw permits remote code execution over SMTP...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 : exim4 vulnerability (USN-1032-1)

Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly truncate string expansions. A remote attacker could send specially crafted email traffic to run arbitrary code as the Exim user, which could also lead to root privileges. Note that Tenable Network Security has extracted the...

Exim vulnerability

Releases Ubuntu 9.10 Ubuntu 8.04 Ubuntu 6.06 Packages exim4 - exim MTA Details Sergey Kononenko and Eugene Bujak discovered that Exim did not correctly truncate string expansions. A remote attacker could send specially crafted email traffic to run arbitrary code as the Exim user, which...

FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)

Google Chrome Releases reports : Fixed in 15.0.874.121 : [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120 : [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. [100492] [100543] Medium CVE-2011-3893: Out....

TDL4 Rootkit Now Using Stuxnet Bug

The TDL4 rootkit, which reared its head last month as the latest evolution of the venerable TDSS malware family, is now using one of the Windows bugs that was first seen in use by Stuxnet. The latest modification to TDL4 enables the rootkit to use the unpatched Windows Task Scheduler vulnerability....

SuSE 11 / 11.1 Security Update : Mozilla (SAT Patch Numbers 3417 / 3419)

This update brings Mozilla XULRunner to version 1.9.1.14, fixing various bugs and security issues. The following security issues were fixed : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of...

SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3159 / 3160)

Mozilla Firefox 3.6 was updated to version 3.6.10, fixing various bugs and security issues. The following security issues were fixed : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...

SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456)

This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues. The following security issues were fixed : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of...

SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)

This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

TDL4 Rootkit Bypasses Windows Code-Signing Protection

In recent versions of Windows, specifically Vista and Windows 7, Microsoft has introduced a number of new security features designed to prevent malicious code from running. But attackers are continually finding new ways around those protections, and the latest example is a rootkit that can bypass.....

SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056

Check for the Version of...

SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056

Check for the Version of...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208)

This update brings Mozilla Firefox to version 3.5.15, fixing various bugs and security issues. The following security issues were fixed : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)

This update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)

This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of.....

openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)

This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of.....

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)

This update brings Mozilla XULRunner to version 1.9.1.15, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other...

openSUSE Security Update : seamonkey (seamonkey-3372)

This update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)

This update brings Mozilla Thunderbird to version 3.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based....

openSUSE Security Update : seamonkey (seamonkey-3372)

This update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)

This update brings Mozilla Thunderbird to version 3.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based....

Mozilla Foundation Security Advisory 2010-66

Mozilla Foundation Security Advisory 2010-66 Title: Use-after-free error in nsBarProp Impact: Critical Announced: October 19, 2010 Reporter: Sergey Glazunov Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.11 Firefox 3.5.14 Thunderbird 3.1.5 Thunderbird 3.0.9 SeaMonkey 2.0.9...

Ubuntu Update for thunderbird vulnerabilities USN-998-1

Ubuntu Update for Linux kernel vulnerabilities...

Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-997-1

Ubuntu Update for Linux kernel vulnerabilities...

Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-998-1)

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the...

Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-997-1)

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the...

Firefox Dirty Dozen: Mozilla Fixes Critical Browser Flaws

Mozilla has released Firefox 3.6.11 with patches for a dozen security holes, some serious enough to launch attacks if a user simply surfs to a booby-trapped website. In all, the open-source released nine bulletins documenting 12 security vulnerabilities. Five of the bulletins are rated “critical,”....

Thunderbird vulnerabilities

Releases Ubuntu 10.10 Ubuntu 10.04 Packages thunderbird - mail/news client with RSS and integrated spam filter support Details Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in...