Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. (CVSS:10.0) (Last Update:2008-09-05)
All posts by 007admin
Drupal core – Denial of service
- Advisory ID: DRUPAL-SA-2007-002.
- Project: Drupal Core.
- Version: 4.6, 4.7
- Date: 2007-Jan-05.
- Security risk: Less critical.
- Exploitable from: Remote.
- Vulnerability: Denial of service.
Description
The way page caching was implemented allows a denial of service attack. An attacker has to have the ability to post content on the site. He or she would then be able to poison the page cache, so that it returns cached 404 page not found errors for existing pages.
If the page cache is not enabled, your site is not vulnerable. The vulnerability only affects sites running on top of MySQL.
Versions affected
- Drupal 4.6.x versions before Drupal 4.6.11.
- Drupal 4.7.x versions before Drupal 4.7.5.
Solution
- If you are running Drupal 4.6.x then upgrade to Drupal 4.6.11.
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.5.
- To patch Drupal 4.6.10 use http://drupal.org/files/sa-2007-002/4.6.10.patch.
- To patch Drupal 4.7.4 use http://drupal.org/files/sa-2007-002/4.7.4.patch.
Reported by
The Drupal security team.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
Drupal core – Cross site scripting
- Advisory ID: DRUPAL-SA-2007-001.
- Project: Drupal Core.
- Version: 4.6, 4.7.
- Date: 2007-Jan-05.
- Security risk: Less critical.
- Exploitable from: Remote.
- Vulnerability: Cross site scripting.
Description
A few arguments passed via URLs are not properly sanitized before display. When an attacker is able to entice an administrator to follow a specially crafted link, arbitrary HTML and script code can be injected and executed in the victim’s session. Such an attack may lead to administrator access if certain conditions are met. Learn more about XSS on Wikipedia.
Versions affected
- Drupal 4.6.x versions before Drupal 4.6.11.
- Drupal 4.7.x versions before Drupal 4.7.5.
Solution
- If you are running Drupal 4.6.x then upgrade to Drupal 4.6.11.
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.5.
- To patch Drupal 4.6.10 use http://drupal.org/files/sa-2007-001/4.6.10.patch.
- To patch Drupal 4.7.4 use http://drupal.org/files/sa-2007-001/4.7.4.patch.
Reported by
Anonymous via JPCERT.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
Critical Patch Update – October 2006
DRUPAL-SA-2006-026 – Drupal core – Form action attribute injection
- Advisory ID: DRUPAL-SA-2006-026
- Project: Drupal core
- Date: 2006-Oct-18
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: HTML attribute injection
Description
A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such a url, for example, will submit all data, such as his/her e-mail address, but also possible private profile data, to a third-party site.
Versions affected
- Drupal 4.6.x versions before Drupal 4.6.10
- Drupal 4.7.x versions before Drupal 4.7.4
Solution
- If you are running Drupal 4.6.x then upgrade to Drupal 4.6.10.
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.4.
- To patch Drupal 4.6.9 use http://drupal.org/files/sa-2006-026/4.6.9.patch.
- To patch Drupal 4.7.3 use http://drupal.org/files/sa-2006-026/4.7.3.patch.
Please note that the patches only contain changes related to this advisory, and do not fix bugs that were solved in 4.6.10 or 4.7.4.
Reported by
Frederic Marand.
Contact
The security contact for Drupal can be reached at security at drupal.org or using the form at http://drupal.org/contact.
CVE-2006-2489
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. (CVSS:7.5) (Last Update:2008-09-05)
CVE-2006-2162
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. (CVSS:5.0) (Last Update:2008-09-05)
Critical Patch Update – April 2006
CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) “.” (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. (CVSS:5.0) (Last Update:2008-09-05)
CVE-2006-0760
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for “.php” names. (CVSS:2.6) (Last Update:2008-09-05)