Информационная безопасность
[RU] switch to English


Многочисленные переполнения буфера в Microsoft Excel (buffer overflow)
дополнено с 9 января 2007 г.
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7027
Тип:клиент
Уровень опасности:
7/10
Описание:Переполнение буфера динамической памяти в значениях столбцах типа BIFF8. Переполнение буфера при длинном значении палитра столбца типа BIFF8.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.)
 CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.)
 CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability.")
 CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.)
 CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.)
Оригинальный текстdocumentLifeAsaGeek_(at)_gmail.com, MS07-002 EXCEL Malformed Palette Record Vulnerability DOS POC (01.02.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) (09.01.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability (09.01.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability (09.01.2007)
Файлы:Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

Очередной набор ошибок в Oracle (multiple bugs)
дополнено с 18 января 2007 г.
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7064
Тип:удаленная
Уровень опасности:
9/10
Описание:Очередной набор исправлений для Oracle включает в себя: 17 исправлений для базы данных Oracle, 9 исправлений для Oracle HTTP Server, 12 исправлений для Oracle Application Server, 7 исправлений для Oracle E-Business Suite, 6 исправлений Oracle Enterprise Manager, 3 исправления Oracle PeopleSoft Enterprise PeopleTools. Существует огромное количество других ошибок, многие из которых давно известны и до сих пор не исправлены, что позволяет говорить о нулевом уровне безопасности всех продуктов. Для обеспечения безопасности продуктов Oracle используйте разработки сторонних производителей.
Затронутые продукты:ORACLE : Oracle 9i
 ORACLE : Oracle E-Business Suite 11.0
 ORACLE : Oracle 10g
CVE:CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.)
 CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.)
 CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.)
 CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.)
 CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.)
 CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE-2007-0222.)
 CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.)
 CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).)
 CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.)
 CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.)
 CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.)
 CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.)
 CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.)
 CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.)
 CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.)
 CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.)
 CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.)
 CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).)
 CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.)
 CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).)
 CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.)
 CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).)
 CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.)
 CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.)
 CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.)
 CVE-2007-0272 (Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and attack vectors related to the Oracle Spatial component and mdsys.md privileges, aka DB05. NOTE: Oracle has not disputed a reliable researcher report that claims this is for multiple buffer overflows and other issues in unspecified public procedures.)
 CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution.)
 CVE-2007-0270 (Unspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors related to the Data Guard and sys.dbms_drs privileges, aka DB03. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the GET_PROPERTY function in SYS.DBMS_DRS, which can be exploited for arbitrary code execution or a denial of service.)
 CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.)
 CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.)
 CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).)
Оригинальный текстdocumentNGS Software Insight Security Research, Oracle 10g R2 Enterprise Manager Directory Traversal (01.02.2007)
 documentSHATTER, Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL (25.01.2007)
 documentSHATTER, Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME (25.01.2007)
 documentSYMANTEC, SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal (18.01.2007)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS (18.01.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-017A -- Oracle Releases Patches for Multiple Vulnerabilities (18.01.2007)
Файлы:Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
 Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
 Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
 Remote Oracle dbms_export_extension exploit (any version) Grant or revoke dba permission to unprivileged user
 Remote Oracle KUPV$FT.ATTACH_JOB exploit (10g)
 Remote Oracle KUPW$WORKER.MAIN exploit (10g)
 Remote Oracle DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION exploit (9i/10g)
 Remote Oracle DBMS_METADAT.GET_DDL exploit (9i/10g)
 Remote Oracle dbms_export_extension exploit
 [0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7135
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SIPS : SIPS 0.3
 EXOSCRIPTS : ExoPHPDesk 1.2
 ZENPHOTO : zenphoto 1.0
 OPENEMR : OpenEMR 2.8
 EXTCAL : ExtCalendar 2.0
 CADRE : Cadre 20020724
 L2JPROPCALC : L2J Dropcalc 4
 PHPMYRING : PhpMyRing 4.1
 EXTCALENDAR : Extcalendar 2
 PHPBBTWEAKED : Phpbb Tweaked 3
 HAILBOARDS : Hailboards 1.2
 OMEGABOARD : Omegaboard 1.2
 CERULEAN : Cerulean Portal System 0.7
 PHPEVENTMAN : phpEventMan 1.0
 SUN : Java System Access Manager 6.1
 SUN : Java System Access Manager 6.2
 SUN : Java System Access Manager 7.0
CVE:CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.)
 CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.)
 CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.)
 CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.)
 CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.)
 CVE-2007-0677 (PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.)
 CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0662 (PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.)
 CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.)
Оригинальный текстdocumentajannhwt_(at)_hotmail.com, phpEventMan v1.0.2 (level) Remote File Include Exploit (01.02.2007)
 documentajannhwt_(at)_hotmail.com, SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Cerulean Portal System (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Hailboards v1.2.0 (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Phpbb Tweaked (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentajannhwt_(at)_hotmail.com, PhpMyRing <= 4.1.3b (path) Remote File Include Vulnerability (01.02.2007)
 documentajannhwt_(at)_hotmail.com, ExoPHPDesk <= 1.2.1 (faq.php) Remote SQL Injection Vulnerability (01.02.2007)
 documentadmin_(at)_hacklive.org, Hunkaray Duyuru Scripti (tr) == SQL Injection Vulnerability (01.02.2007)
 documentadmin_(at)_hacklive.org, Fullaspsite Asp Hosting (tr) == SQL Injection Vulnerability (01.02.2007)
 documentCodebreak, Michelle's L2J Dropcalc (01.02.2007)
 documenty3dips_(at)_gmail.com, [ECHO_ADV_63$2007] Cadre remote file inclusion (01.02.2007)
 documentKabusTR.coM , Speedy Asp Discussion Forum (forum.mdb) Remote Password Disclosure Vulnerablity (01.02.2007)
Файлы:Extcalendar <= 2 (profile.php) Remote User Pass Change Exploit

DoS против маршрутизаторов IP-телефонии Cisco
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7136
Тип:удаленная
Уровень опасности:
6/10
Описание:SIP-пакет (UDP/5060) на устройство с функциями IP-телефонии, но с выключенной поддержкой SIP приводит к отказу устройства.
Затронутые продукты:CISCO : IOS 12.3
 CISCO : IOS 12.4
CVE:CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: SIP Packet Reloads IOS Devices Not Configured for SIP (01.02.2007)

Дешифрование пароля в Windows Live Messenger / Windows MSN Messenger (weak encryption)
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7137
Тип:локальная
Уровень опасности:
4/10
Описание:Пароль хранится в реестре в обратимой форме.
Затронутые продукты:MICROSOFT : Live Messenger 8.0
 MICROSOFT : MSN Messenger 7.5
Файлы:MSN Messenger v7.5 Password Decrypter Source Code for Windows XP & 2003
 Windows Live Messenger v8.0 Password Finder for Windows XP & 2003

Утечка информации в thttpd (information leak)
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7138
Тип:удаленная
Уровень опасности:
3/10
Описание:Если thttpd запускается из корневого каталога, то к качестве корневого каталога веб-сервера используется корень системы.
Затронутые продукты:THTTPD : thttpd 2.25
CVE:CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.)
Оригинальный текстdocumentGENTOO, [ GLSA 200701-28 ] thttpd: Unauthenticated remote file access (01.02.2007)

Повышение привилегий через Comodo Firewall Pro (privilege escalation)
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7139
Тип:локальная
Уровень опасности:
5/10
Описание:Недостаточная фильтрация аргументов перехватываемых системных вызовов потенциально может приводить к выполнению кода в контексте системы.
Затронутые продукты:COMODO : Comodo Firewall Pro 2.4
CVE:CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.)
 CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.)
Оригинальный текстdocumentMatousec - Transparent security Research, [Full-disclosure] Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability (01.02.2007)

Многочисленные DoS условия в Apple iChat bonjour
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7140
Тип:клиент
Уровень опасности:
5/10
Описание:Многочисленные проблемы свящанные с использвоанием динамических запиcей DNS.
Затронутые продукты:APPLE : iChat 3.1
CVE:CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.)
 CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.)
 CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.)
Оригинальный текстdocumentMOAB, MOAB-29-01-2007: Apple iChat Bonjour Multiple Denial of Service Vulnerabilities (01.02.2007)
Файлы:basic proof of concept for Apple iChat Bonjour

Ошибки форматной строки во многих продуктах Apple
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7141
Тип:клиент
Уровень опасности:
7/10
Описание:Ошибки форматной строки во многих клиентских приложениях.
Затронутые продукты:APPLE : Mac OS X 10.4
 APPLE : Safari 2.0
 APPLE : Help Viewer 3.0
 APPLE : iMovie HD 6.0
 APPLE : iPhoto 6.0
CVE:CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.)
 CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.)
 CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.)
 CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.)
Оригинальный текстdocumentMOAB, MOAB-30-01-2007: Multiple Apple Software Format String Vulnerabilities (01.02.2007)

Многочисленные уязвимости в снифере Wireshark (multiple bugs)
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7142
Тип:удаленная
Уровень опасности:
5/10
Описание:Проблемы при разборе фреймов Ethernet, пакетов HTTP, LLT.
CVE:CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.)
 CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.)
 CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.)
 CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.)
Оригинальный текстdocumentWIRESHARK, Wireshark: wnpa-sec-2007-01 (01.02.2007)

Многочисленные поблемы с iFTPAddU / iFTPAddH в IPSwitch WS_FTP (multiple bugs)
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7143
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файлов iFTPAddU, iFTPAddH.
Затронутые продукты:IPSWITCH : WS_FTP Server 5.04
CVE:CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.)
Оригинальный текстdocumentMichal Bucko, Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities (01.02.2007)

Переполнение буфера в Bloodshed Dev-C++ (buffer overflow)
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7144
Тип:локальная
Уровень опасности:
3/10
Описание:Переполнение буфера при длинной троке в файле .cpp.
Затронутые продукты:BLLODSHED : Dev-C++ 4.9
CVE:CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.)
Файлы:Exploits Dev-C++ 4.9.9.2 Stack Overflow

Проблема с SNMP в ZABBIX
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7145
Тип:клиент
Уровень опасности:
5/10
Затронутые продукты:ZABBIX : ZABBIX 1.1.
CVE:CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses.")

Слабые разрешения в inotify (weak permissions)
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7146
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:INOTIFY : inotify 0.3
CVE:CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files.")

Утечка информации в gtalkbot (information leak)
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7148
Тип:локальная
Уровень опасности:
4/10
Описание:Имя и пароль пользователя передаются в командной строке и видны в списке процессов.
Затронутые продукты:GTALKBOT : gtalkbot 1.1
CVE:CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.)

Проблема с аутентификацией в сервисах POP3 и IMAP IBM AIX
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7149
Тип:удаленная
Уровень опасности:
6/10
Затронутые продукты:IBM : AIX 5.3
CVE:CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability.")

DoS через ICMP в Sun Solaris
дополнено с 1 февраля 2007 г.
Опубликовано:13 января 2008 г.
Источник:
SecurityVulns ID:7147
Тип:удаленная
Уровень опасности:
7/10
Описание:Определенные ICMP-пакеты приводят к краху системы.
Затронутые продукты:ORACLE : Solaris 10
CVE:CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.)
Файлы:SunOS 5.10 ICMP Remote Kernel Crash Exploit Code

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород