Информационная безопасность
[RU] switch to English


Уязвимости безопасности в HAProxy
дополнено с 6 мая 2013 г.
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13061
Тип:удаленная
Уровень опасности:
6/10
Описание:Несколько повреждений памяти.
Затронутые продукты:HAPROXY : haproxy 1.4
 HAPROXY : haproxy 1.5
CVE:CVE-2013-2175 (HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.)
 CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.)
 CVE-2012-2942 (Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.)
Оригинальный текстdocumentUBUNTU, [USN-1889-1] HAProxy vulnerability (01.07.2013)
 documentUBUNTU, [USN-1800-1] HAProxy vulnerabilities (06.05.2013)

Многочисленные уязвимости безопасности в OpenStack
дополнено с 17 июня 2013 г.
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13128
Тип:библиотека
Уровень опасности:
6/10
Описание:Обход защиты и обход аутентификации в Keystone, DoS через Nova.
Затронутые продукты:OPENSTACK : Nova 2012.2
 OPENSTACK : KeyStone 2012.2
 OPENSTACK : Grizzly 2013.1
 OPENSTACK : Nova 2013.1
 OPENSTACK : OpenStack Object Storage 1.7
CVE:CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.)
 CVE-2013-2161 (XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.)
 CVE-2013-2157 (OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.)
 CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.)
 CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.)
 CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.)
 CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.)
 CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.)
Оригинальный текстdocumentUBUNTU, [USN-1887-1] OpenStack Swift vulnerabilities (01.07.2013)
 documentUBUNTU, [USN-1831-1] OpenStack Nova vulnerability (17.06.2013)
 documentUBUNTU, [USN-1830-1] OpenStack Keystone vulnerability (17.06.2013)
 documentUBUNTU, [USN-1875-1] OpenStack Keystone vulnerabilities (17.06.2013)

Выполнение кода в puppet
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13139
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода через десериализацию объекта в YAML.
Затронутые продукты:PUPPET : puppet 2.7
 PUPPET : puppet 2.8
 PUPPET : Puppet 3.2
CVE:CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.)
Файлы:CVE-2013-3567 (Unauthenticated Remote Code Execution Vulnerability)

Подмена сертификата в Ruby
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13140
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Возможно обойти проверку имени в сертификате.
Затронутые продукты:RUBY : ruby 1.9
CVE:CVE-2013-4073 (The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] ruby (SSA:2013-178-01) (01.07.2013)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13141
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, выполнение кода, утечка информации, межсайтовый скриптинг, обход защиты.
Затронутые продукты:MOZILLA : Thunderbird 17.0
 MOZILLA : Firefox ESR 17.0
 MOZILLA : Firefox 21.0
CVE:CVE-2013-1700 (The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location.)
 CVE-2013-1699 (The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters.)
 CVE-2013-1698 (The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements.)
 CVE-2013-1697 (The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.)
 CVE-2013-1696 (Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.)
 CVE-2013-1695 (Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.)
 CVE-2013-1694 (The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag.)
 CVE-2013-1693 (The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code.)
 CVE-2013-1692 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.)
 CVE-2013-1690 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.)
 CVE-2013-1688 (The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.)
 CVE-2013-1687 (The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.)
 CVE-2013-1686 (Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2013-1685 (Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.)
 CVE-2013-1684 (Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.)
 CVE-2013-1683 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2013-1682 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
Файлы:Mozilla Foundation Security Advisory 2013-57
 Mozilla Foundation Security Advisory 2013-56
 Mozilla Foundation Security Advisory 2013-55
 Mozilla Foundation Security Advisory 2013-54
 Mozilla Foundation Security Advisory 2013-53
 Mozilla Foundation Security Advisory 2013-52
 Mozilla Foundation Security Advisory 2013-51
 Mozilla Foundation Security Advisory 2013-50
 Mozilla Foundation Security Advisory 2013-49
 Mozilla Foundation Security Advisory 2013-62
 Mozilla Foundation Security Advisory 2013-61
 Mozilla Foundation Security Advisory 2013-60
 Mozilla Foundation Security Advisory 2013-59
 Mozilla Foundation Security Advisory 2013-58

Уязвимости безопасности в xml-security-c
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13142
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение стека, переполнение буфера динамической памяти.
Затронутые продукты:APACHE : xml-security-c 1.7
CVE:CVE-2013-2210 (Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.)
 CVE-2013-2156 (Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute.)
 CVE-2013-2155 (Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions.)
 CVE-2013-2154 (Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.)
 CVE-2013-2153 (The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue.")
Оригинальный текстdocumentCantor, Scott E., Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability (01.07.2013)
 documentCantor, Scott E., CVE-2013-2155: Apache Santuario C++ denial of service vulnerability (01.07.2013)
 documentCantor, Scott E., CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability (01.07.2013)
 documentCantor, Scott E., CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability (01.07.2013)
 documentCantor, Scott E., CVE-2013-2210 (01.07.2013)
 documentDEBIANAN, [SECURITY] [DSA 2710-1] xml-security-c security update (01.07.2013)
 documentDEBIANAN, [SECURITY] [DSA 2717-1] xml-security-c security update (01.07.2013)

Обращение к неинициализированной памяти в libcurl
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13144
Тип:библиотека
Уровень опасности:
5/10
Описание:Запись неинициализированной памяти в curl_easy_unescape().
Затронутые продукты:CURL : libcurl 7.24
CVE:CVE-2013-2174 (Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:180 ] curl (01.07.2013)

Уязвимость mmap+ptrace в FreeBSD
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13145
Тип:локальная
Уровень опасности:
7/10
Описание:Возможна модификация файлов отображенных в память через mmap с использованием ptrace.
Затронутые продукты:FREEBSD : FreeBSD 9.1
CVE:CVE-2013-2171 (The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.)
Оригинальный текстdocumentHunger, Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :) (01.07.2013)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-13:06.mmap [REVISED] (01.07.2013)
Файлы:FreeBSD 9.{0,1} mmap/ptrace exploit

Повреждение памяти в libRaw / libKDcraw
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13146
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждение памяти при разборе полноцветных изображений.
Затронутые продукты:LIBRAW : libraw 0.14
 LIBKDCRAW : libkdcraw 4.8
CVE:CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.)
Оригинальный текстdocumentUBUNTU, [USN-1885-1] libKDcraw vulnerability (01.07.2013)
 documentUBUNTU, [USN-1884-1] LibRaw vulnerability (01.07.2013)

Несанкционированный доступ к персональным хотспотам Apple iOS
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13147
Тип:удаленная
Уровень опасности:
5/10
Описание:Генерируется пароль по короткому словорю.
Затронутые продукты:APPLE : iPhone 5
 APPLE : iPhone 4GS
 APPLE : iPhone 4G
Оригинальный текстdocumentJeffrey Walton, Apple and Wifi Hotspot Credentials Management Vulnerability (01.07.2013)

Повышение привилегий в rpc.gssd из nfs-utils
Опубликовано:1 июля 2013 г.
Источник:
SecurityVulns ID:13148
Тип:удаленная
Уровень опасности:
4/10
Описание:В качестве защитного механизма используется небезопасный механизм проверки обратной записи DNS.
Затронутые продукты:NFSUTILS : nfs-utils 1.2
CVE:CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:178 ] nfs-utils (01.07.2013)

Многочисленные уязвимости безопасности в Barracuda CudaTel
дополнено с 1 июля 2013 г.
Опубликовано:29 июля 2013 г.
Источник:
SecurityVulns ID:13143
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости веб-интерфейса.
Затронутые продукты:BARRACUDA : CudaTel 2.6
Оригинальный текстdocumentVulnerability Lab, Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability (29.07.2013)
 documentVulnerability Lab, Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability (29.07.2013)
 documentVulnerability Lab, Barracuda CudaTel 2.6.02.04 - Multiple Client Side Cross Site Vulnerabilities (Bug Bounty #17) (19.07.2013)
 documentVulnerability Lab, Barracuda CudaTel 2.6.02.040 - Client Side Cross Site Scripting Vulnerability (17.07.2013)
 documentVulnerability Lab, Barracuda CudaTel 2.6.02.04 - Multiple Web Vulnerabilities (01.07.2013)
 documentVulnerability Lab, Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability (01.07.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород