[USN-543-1] VMWare vulnerabilities

2007-11-16 Thread Kees Cook
=== Ubuntu Security Notice USN-543-1 November 15, 2007 linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 vulnerabilities CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-4496, CVE-2007-4497

[USN-544-1] Samba vulnerabilities

2007-11-16 Thread Jamie Strandboge
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === Ubuntu Security Notice USN-544-1 November 16, 2007 samba vulnerabilities CVE-2007-4572, CVE-2007-5398 === A security issue aff

[ MDKSA-2007:221 ] - Updated kdegraphics packages fix vulnerabilities in kpdf

2007-11-16 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:221 http://www.mandriva.com/security/ ___

AhnLab AntiVirus Remote Kernel Memory Corruption

2007-11-16 Thread Sowhat
AhnLab AntiVirus Remote Kernel Memory Corruption Sowhat of Nevis Labs HTTP://www.nevisnetworks.com http://secway.org/advisory/AD20071116.txt Vendor: AhnLab Inc. Affected: AhnLab Antivirus V3 Internet Security 2008 The other version maybe vulnerable too. This vulnerability has been confirmed

Javamail login username and password same email problem

2007-11-16 Thread thetaung
Javamail login username and password same email problem By Thet Aung Min Latt Yangon Myanmar 16 November 2007 1. First logon to examplemail.com http://examplemail.com/login.jsp And login with [EMAIL PROTECTED] in username and password box. User name: [EMAIL PROTECTED] Password:[EMAIL PR

Re: Breaking RSA: Totient indirect factorization

2007-11-16 Thread Erick Galinkin
Gandlf, I'm working on a bizarrely similar project (you don't happen to hail from New York, do you?) and have found that using the totient function, you'd need an absurdly large number of CPU cycles to factor RSA properly, slightly less than brute force... like, 2^5 cycles less. The algorithm has s

Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability

2007-11-16 Thread cocoruder
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability by cocoruder(frankruder_at_hotmail.com) http://ruder.cdut.net Summary: A remote code execute vulnerability exists in Microsoft Jet Engine. A remote attacker who successfully exploit this vulnerability can execute arbitrary c

Re: Breaking RSA: Totient indirect factorization

2007-11-16 Thread Watson Ladd
This is an exponential space algorithm and therefore utterly and completely useless with regards to factoring. > > Algorithm > - > > - Repeat "a = a^n mod m" with n from 2 to m, saving all the results in > a table until a == 1 (Statement 4). > - Examine the table from end to begining prin

PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter)

2007-11-16 Thread research
Date Found: 6th March 2007 Vendor informed: 26th June 2007 Description: Liferay Portal login page is vulnerable to Cross-Site Scripting within the "login" field processed by the "/c/portal/login" server-side script. Consequences: An attacker may be able to cause the execution of malici

[USN-542-2] KOffice vulnerabilities

2007-11-16 Thread Jamie Strandboge
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === Ubuntu Security Notice USN-542-2 November 15, 2007 koffice vulnerabilities CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 === A s

[RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability

2007-11-16 Thread RISE Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability http://risesecurity.org/advisory/RISE-2007004/ Published: November 16, 2007 Updated: November 16, 2007 INTRODUCTION There exists a vulnerability within an architecture depend