Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.
Category Archives: Security
Security
CVE-2007-3701 (tipping_point, tippingpoint_ips_tos)
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode ‘/’ (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
Critical Patch Update – April 2007
CVE-2007-1870
lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. (CVSS:7.8) (Last Update:2008-11-15)
CVE-2007-1869
lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. (CVSS:5.0) (Last Update:2008-11-15)
CVE-2007-1576 (phprojekt)
Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.
DRUPAL-SA-2007-005 – Drupal core – Arbitrary code execution
- Advisory ID: DRUPAL-SA-2007-005
- Project: Drupal core
- Version: 4.7.x, 5.x
- Date: 2007-Jan-29
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Description
Previews on comments were not passed through normal form validation routines, enabling users with the ‘post comments’ permission and access to more than one input filter to execute arbitrary code. By default, anonymous and authenticated users have access to only one input format.
Immediate workarounds include: disabling the comment module, revoking the ‘post comments’ permission for all users or limiting access to one input format.
Versions affected
- Drupal 4.7.x before version 4.7.6.
- Drupal 5.x before version 5.1.
Solution
Install the latest version:
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.6.
- If you are running Drupal 5.0 then upgrade to Drupal 5.1.
- To patch Drupal 4.7.5 use SA-2007-005-4.7.5.patch.
- To patch Drupal 5.0 use SA-2007-005-5.0.patch.
Reported by
The Drupal security team.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
Drupal version:
Critical Patch Update – January 2007
CVE-2007-0236
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. (CVSS:10.0) (Last Update:2008-09-05)
Drupal core – Denial of service
- Advisory ID: DRUPAL-SA-2007-002.
- Project: Drupal Core.
- Version: 4.6, 4.7
- Date: 2007-Jan-05.
- Security risk: Less critical.
- Exploitable from: Remote.
- Vulnerability: Denial of service.
Description
The way page caching was implemented allows a denial of service attack. An attacker has to have the ability to post content on the site. He or she would then be able to poison the page cache, so that it returns cached 404 page not found errors for existing pages.
If the page cache is not enabled, your site is not vulnerable. The vulnerability only affects sites running on top of MySQL.
Versions affected
- Drupal 4.6.x versions before Drupal 4.6.11.
- Drupal 4.7.x versions before Drupal 4.7.5.
Solution
- If you are running Drupal 4.6.x then upgrade to Drupal 4.6.11.
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.5.
- To patch Drupal 4.6.10 use http://drupal.org/files/sa-2007-002/4.6.10.patch.
- To patch Drupal 4.7.4 use http://drupal.org/files/sa-2007-002/4.7.4.patch.
Reported by
The Drupal security team.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.