Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)
Sebastian Krahmer discovered that Postfix was not correctly handling
mailbox ownership when dealing with Linux's implementation of hardlinking
to symlinks. In certain mail spool configurations, a local attacker
could exploit this to append data to arbitrary files as the root user.
The default Ubuntu configuration was not vulnerable.
A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)
It was discovered that long transformation matches in libxslt could
overflow. If an attacker were able to make an application linked against
libxslt process malicious XSL style sheet input, they could execute
arbitrary code with user privileges or cause the application to crash,
leading to a denial of serivce. (CVE-2008-1767)
It was discovered that there were new integer overflows in the imageop
module. If an attacker were able to trick a Python application into
processing a specially crafted image, they could execute arbitrary code
with user privileges. (CVE-2008-1679)
A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)
Felipe Andres Manzano discovered that poppler did not correctly initialize
certain page widgets. If a user were tricked into viewing a malicious
PDF file, a remote attacker could exploit this to crash applications
linked against poppler, leading to a denial of service.
A flaw was discovered in Thunderbird that allowed overwriting trusted
objects via mozIJSSubScriptLoader.loadSubScript(). If a user had
Javascript enabled and was tricked into opening a malicious web page,
an attacker could execute arbitrary code with the privileges of the
user invoking the program. (CVE-2008-2803)
It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. (CVE-2007-4782)
Dan Kaminsky discovered weaknesses in the DNS protocol as implemented
by Dnsmasq. A remote attacker could exploit this to spoof DNS entries
and poison DNS caches. Among other things, this could lead to
misdirected email and web traffic.
A flaw was discovered in the browser engine. A variable could be made to
overflow causing the browser to crash. If a user were tricked into opening
a malicious web page, an attacker could cause a denial of service or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2008-2785)
Tavis Ormandy discovered that the PCRE library did not correctly handle
certain in-pattern options. An attacker could cause applications linked
against pcre3 to crash, leading to a denial of service.
Various flaws were discovered in the browser engine. By tricking
a user into opening a malicious web page, an attacker could cause
a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the
program. (CVE-2008-2798, CVE-2008-2799)
Samba developers discovered that nmbd could be made to overrun
a buffer during the processing of GETDC logon server requests.
When samba is configured as a Primary or Backup Domain Controller,
a remote attacker could send malicious logon requests and possibly
cause a denial of service. (CVE-2007-4572)
Drew Yao discovered several vulnerabilities in Ruby which lead to integer
overflows. If a user or automated system were tricked into running a
malicious script, an attacker could cause a denial of service or execute
arbitrary code with the privileges of the user invoking the program.
It was discovered that OpenSSL was vulnerable to a double-free
when using TLS server extensions. A remote attacker could send a
crafted packet and cause a denial of service via application crash
in applications linked against OpenSSL. Ubuntu 8.04 LTS does not
compile TLS server extensions by default. (CVE-2008-0891)
It was discovered that OpenSSL could dereference a NULL pointer.
If a user or automated system were tricked into connecting to a
malicious server with particular cipher suites, a remote attacker
could cause a denial of service via application crash.
(CVE-2008-1672)
It was discovered that the ALSA /proc interface did not write the
correct number of bytes when reporting memory allocations. A local
attacker might be able to access sensitive kernel memory, leading to
a loss of privacy. (CVE-2007-4571)
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
Samba developers discovered that nmbd could be made to overrun
a buffer during the processing of GETDC logon server requests.
When samba is configured as a Primary or Backup Domain Controller,
a remote attacker could send malicious logon requests and possibly
cause a denial of service. (CVE-2007-4572)
Alin Rad Pop of Secunia Research discovered that Samba did not
properly perform bounds checking when parsing SMB replies. A remote
attacker could send crafted SMB packets and execute arbitrary code.
(CVE-2008-1105)
It was discovered that the MIT-SHM extension of X.org did not correctly validate the location of memory during an image copy. An authenticated attacker could exploit this to read arbitrary memory locations within X, exposing sensitive information. (CVE-2008-1379)
