Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в RealNetworks RealPlayer
дополнено с 21 января 2010 г.
Опубликовано:2 февраля 2010 г.
Источник:
SecurityVulns ID:10548
Тип:клиент
Уровень опасности:
6/10
Описание:Повреждения памяти, переполнения буфера на различных кодеках и форматах данных.
Затронутые продукты:REAL : RealPlayer 10.0
 REAL : RealPlayer 11.0
CVE:CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.)
 CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.)
 CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.)
 CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.)
 CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.)
 CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow.")
 CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.)
 CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 02.01.10: RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability (02.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.01.10: Real Networks RealPlayer Compressed GIF Handling Integer Overflow (02.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.01.10: RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability (02.02.2010)
 documentZDI, ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability (21.01.2010)

Переполнение буфера в rpc.cmsd IBM AIX
дополнено с 9 октября 2009 г.
Опубликовано:2 февраля 2010 г.
Источник:
SecurityVulns ID:10303
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе RPC-запроса.
Затронутые продукты:IBM : AIX 5.3
 IBM : AIX 6.1
 IBM : VIOS 1.4
 IBM : VIOS 1.5
 IBM : VIOS 2.1
Оригинальный текстdocumentRodrigo Rubira Branco (BSDaemon), Remote Vulnerability in AIX RPC.cmsd released by iDefense (02.02.2010)
 documentIDEFENSE, iDefense Security Advisory 10.07.09: IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability (09.10.2009)
Файлы:RPC.cmsd remote PoC for AIX 6.1 and lower

DoS против Oracle (Sun) Solaris
Опубликовано:2 февраля 2010 г.
Источник:
SecurityVulns ID:10571
Тип:локальная
Уровень опасности:
5/10
Описание:Обращение по нулевому указателю при обработке IOCTL UCODE_GET_VERSION
Затронутые продукты:ORACLE : Solaris 10
CVE:CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.)
Оригинальный текстdocumenttk_(at)_trapkit.de, [TKADV2010-001] Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL Pointer Dereference (02.02.2010)

Повышение привилегий в Qihoo 360 Security Guard
Опубликовано:2 февраля 2010 г.
Источник:
SecurityVulns ID:10572
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий через IOCTL.
Затронутые продукты:QUIHOO360 : 360 Security Guard 6.1
Оригинальный текстdocumentqiqiguaiguai_(at)_gmail.com, 360 Security Guard breg device drivers Privilege Escalation Vulnerabilitie (02.02.2010)
Файлы:360 Security Guard breg device drivers Privilege Escalation exploit

DoS против lighttpd
Опубликовано:2 февраля 2010 г.
Источник:
SecurityVulns ID:10573
Тип:удаленная
Уровень опасности:
6/10
Описание:Исчерпание памяти при разборе HTTP-запроса.
Затронутые продукты:LIGHTTPD : lighttpd 1.4
CVE:CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service (02.02.2010)

Повышение привилегий в HP Enterprise Cluster Master Toolkit
Опубликовано:2 февраля 2010 г.
Источник:
SecurityVulns ID:10574
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:HP : ECMT 05.00
CVE:CVE-2009-4184 (Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02464 SSRT090210 rev.1 - HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local (02.02.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород