LinuxSecurity.com: Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS spoofing and cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
LinuxSecurity.com: Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
LinuxSecurity.com: Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. The updated packages have been patched to fix
LinuxSecurity.com: Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.15. This update provides the latest Firefox to correct these issues.
LinuxSecurity.com: Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.
LinuxSecurity.com: A very serious flaw in the Internet's DNS servers may have been ripe for a significant exploit, though a familiar security researcher might have sounded the alarm just in time. Now, Microsoft and Linux vendors are responding urgently. In
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the products not sufficiently randomising the DNS transaction ID and the source port number,
rPath has issued an update for vsftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a memory leak when using PAM and can be
A vulnerability has been reported in various Juniper Network products, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the products not sufficiently randomising the DNS transaction ID and the source
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the products not sufficiently randomising the DNS transaction ID and the source port number,
Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
Nominum has acknowledged a vulnerability in Nominum CNS and Vantio, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the DNS servers not sufficiently randomising the DNS query port number, which
Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. 1) An
Some vulnerabilities have been reported in Pidgin, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to integer overflow errors in the "msn_slplink_process_msg" function in libpurple/protocols/msnp9/slplink.c and libpurple/protocols/msn/slplink.c, and can potentially
A vulnerability has been reported in FFmpeg, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "str_read_packet()" function in libavformat/psxstr.c. This can be exploited to
nnposter has reported a vulnerability in F5 FirePass 1200 SSL VPN, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when traversing certain OID branches (e.g. hrSWInstalled
