Информационная безопасность
[RU] switch to English


Повышение привилегий через hardlink'и в Postfix
дополнено с 14 августа 2008 г.
Опубликовано:2 сентября 2008 г.
Источник:
SecurityVulns ID:9222
Тип:локальная
Уровень опасности:
4/10
Описание:Возможно заставить Postfix записать письмо в системный файл через использование hardlink'ов на symlink'и (что, в нарушение стандартов, возможно в Linux, IRIX, Solaris).
Затронутые продукты:POSTFIX : Postfix 2.3
 POSTFIX : Postfix 2.4
 POSTFIX : postfix 2.5
 POSTFIX : postfix 2.6
CVE:CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.)
 CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.)
Оригинальный текстdocumentRoman Medina, PoCfix (PoC for Postfix local root vuln - CVE-2008-2936) (02.09.2008)
 documentWietse Venema, Postfix local privilege escalation via hardlinked symlinks (14.08.2008)
Файлы:PoC for Postfix local root vuln - CVE-2008-2936

DoS против Postfix
Опубликовано:2 сентября 2008 г.
Источник:
SecurityVulns ID:9252
Тип:локальная
Уровень опасности:
4/10
Описание:Утечка файловых дискрипторов на Linux.
Затронутые продукты:POSTFIX : Postfix 2.4
 POSTFIX : postfix 2.5
 POSTFIX : postfix 2.6
Оригинальный текстdocumentWietse Venema, Postfix Linux-only local denial of service (02.09.2008)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:2 сентября 2008 г.
Источник:
SecurityVulns ID:9253
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:MYPHPNUKE : myPHPNuke 1.8
 VTIGER : vtigerCRM 5.0
 PLESK : Plesk 8.6
CVE:CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.)
 CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.)
 CVE-2008-2231
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1633-1] New slash packages fix multiple vulnerabilities (02.09.2008)
 documentFelix Buenemann, Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges (02.09.2008)
 documentFabian Fingerle, Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101 (02.09.2008)
 documentMustLive, SQL Injection vulnerability in myPHPNuke (02.09.2008)

DoS против Dreambox DM500
Опубликовано:2 сентября 2008 г.
Источник:
SecurityVulns ID:9254
Тип:удаленная
Уровень опасности:
4/10
Описание:Отказ устройства на длинном HTTP-запросе.
Затронутые продукты:DREAMMULTIMEDIAT : Dreambox DM500
Оригинальный текстdocumentMarc Ruef, [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service (02.09.2008)

Многочисленные уязвимости безопасности в продуктах VMWare
Опубликовано:2 сентября 2008 г.
Источник:
SecurityVulns ID:9255
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости в ActiveX элементах, повышение привилегий, DoS против ISAPI-фильтра, обновление сторонних компонентов.
Затронутые продукты:VMWARE : VMware Workstation 5.5
 VMWARE : VMware Player 1.0
 VMWARE : VMware Server 1.0
 VMWARE : VMware ACE 1.0
 VMWARE : VMWare Workstation 6.0
 VMWARE : VMware Player 2.0
 VMWARE : VMWare ACE 2.0
 VMWARE : VMware ESX 3.0
CVE:CVE-2008-3698 (Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.)
 CVE-2008-3697 (An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request.)
 CVE-2008-3696 (Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695.)
 CVE-2008-3695 (Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696.)
 CVE-2008-3694 (Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696.)
 CVE-2008-3693 (Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.)
 CVE-2008-3692 (Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.)
 CVE-2008-3691 (Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.)
 CVE-2008-2101 (The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.)
 CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.)
 CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.)
 CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.)
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.")
 CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.)
 CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in EMC VMware Player might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.)
 CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.)
Оригинальный текстdocumentVMWARE, VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (02.09.2008)

Многочисленные переполнения буфера в библиотеке WordNet
Опубликовано:2 сентября 2008 г.
Источник:
SecurityVulns ID:9256
Тип:библиотека
Уровень опасности:
5/10
Затронутые продукты:WORDNET : WordNet 3.0
CVE:CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges, this issue only crosses privilege boundaries when WordNet is invoked as a third party component.)
 CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end.)
Оригинальный текстdocumentRob Holland, [oCERT-2008-014] WordNet stack and heap overflows (02.09.2008)

Многочисленные уязвимости безопасности в Netscape / RedHat Directory Server
Опубликовано:2 сентября 2008 г.
Источник:
SecurityVulns ID:9257
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый скриптинг, DoS.
CVE:CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via % (percent) encoded HTTP input to unspecified CGI scripts in Fedora Directory Server. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-2929.)
 CVE-2008-2930 (Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.)
 CVE-2008-2929 (Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.)
 CVE-2008-2928 (Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.)
Оригинальный текстdocumentHP, HPSBUX02354 SSRT080113 rev.1 - HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS) (02.09.2008)

DoS против Softalk IMAP Server
Опубликовано:2 сентября 2008 г.
Источник:
SecurityVulns ID:9259
Тип:удаленная
Уровень опасности:
5/10
Описание:Проблема при обработке команды APPEND.
Затронутые продукты:SOFTALK : Softalk IMAP Server 8.5
Оригинальный текстdocumentJoгo Antunes, [AJECT] Softalk IMAP Server 8.5.1 DoS vulnerability (02.09.2008)

DoS против HP OpenView Network Node Manager
дополнено с 2 сентября 2008 г.
Опубликовано:27 октября 2008 г.
Источник:
SecurityVulns ID:9258
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : OpenView Network Node Manager 7.01
 HP : OpenView Network Node Manager 7.51
 HP : OpenView Network Node Manager 7.53
 HP : OpenView Report 3.70
 HP : HP Performance Agent 4.70
CVE:CVE-2008-3545 (Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536, CVE-2008-3537, and CVE-2008-3544. NOTE: due to insufficient details from the vendor, it is not clear whether this is the same as CVE-2008-1853.)
 CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536.)
 CVE-2008-3536\7
 CVE-2008-3536 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3537.)
 CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.)
Оригинальный текстdocumentSECUNIA, Secunia Research: HP OpenView Products Shared Trace Service Denial of Service (27.10.2008)
 documentHP, [security bulletin] HPSBMA02374 SSRT080046 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) (09.10.2008)
 documentHP, [security bulletin] HPSBMA02362 SSRT080044, SSRT080045, SSRT080042 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS), Execute Arbitrary Code (09.10.2008)
 documentHP, [security bulletin] HPSBMA02362 SSRT080044, SSRT080045 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) (02.09.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород