Информационная безопасность
[RU] switch to English


Многочисленыне уязвимости безопасности в Ruby
дополнено с 27 июня 2008 г.
Опубликовано:3 июля 2008 г.
Источник:
SecurityVulns ID:9117
Тип:библиотека
Уровень опасности:
6/10
Затронутые продукты:RUBY : ruby 1.8
 RUBY : ruby 1.9
CVE:CVE-2008-2726 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.)
 CVE-2008-2725 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.)
 CVE-2008-2664 (The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.)
 CVE-2008-2663 (Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.)
 CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.)
Оригинальный текстdocumentsnagg_(at)_securenetwork.it, Vuln name: Ruby rb_ary_fill() DOS (03.07.2008)
 documentRPATH, rPSA-2008-0206-1 ruby (27.06.2008)

DoS против игрового сервера SÖLDNER - Secret Wars
Опубликовано:3 июля 2008 г.
Источник:
SecurityVulns ID:9124
Тип:удаленная
Уровень опасности:
5/10
Описание:Исчерпание процессора при разборе игрового пакета.
Затронутые продукты:SOLDNER : SÖLDNER 33724
Оригинальный текстdocumentLuigi Auriemma, Endless loop in Soldner 33724 (03.07.2008)
Файлы:Exploits Soldner <= 33724 endless loop

Повышение привилегий через phgrafx в QNX
Опубликовано:3 июля 2008 г.
Источник:
SecurityVulns ID:9125
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера в suid root утилите при разборе файлов .pal.
Затронутые продукты:QNX : QNX 6.3
Оригинальный текстdocumentScanit Labs, [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability (03.07.2008)

Межсайтовый скриптинг в - HP System Management Homepage
Опубликовано:3 июля 2008 г.
Источник:
SecurityVulns ID:9126
Тип:удаленная
Уровень опасности:
4/10
Затронутые продукты:HP : HP System Management Homepage 2.1
CVE:CVE-2008-1663
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02345 SSRT080039 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) (03.07.2008)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
Опубликовано:3 июля 2008 г.
Источник:
SecurityVulns ID:9127
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, выполнение кода, подмена сертификата, подмена подписи файлов .jar и др.
Затронутые продукты:MOZILLA : Firefox 2.0
 MOZILLA : SeaMonkey 1.1
 MOZILLA : Firefox 3.0
CVE:CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.)
 CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.)
 CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.)
 CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.)
 CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.)
 CVE-2008-2806 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.)
 CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.)
 CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.)
 CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level.")
 CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.)
 CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.)
 CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.)
 CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2008-33 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-32 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-31 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-30 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-29 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-28 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-27 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-25 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-24 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-23 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-22 (03.07.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-21 (03.07.2008)

Целочисленное переполнение в VLC Media Player
дополнено с 3 июля 2008 г.
Опубликовано:9 сентября 2008 г.
Источник:
SecurityVulns ID:9123
Тип:клиент
Уровень опасности:
6/10
Описание:Целочисленное переполнение при разборе файлов WAV, TTA.
Затронутые продукты:VLC : VLC Media Player 0.8
CVE:CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.)
 CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
 CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.)
Оригинальный текстdocumentGENTOO, [ GLSA 200809-06 ] VLC: Multiple vulnerabilities (09.09.2008)
 documentSECUNIA, Secunia Research: VLC Media Player WAV Processing Integer Overflow (03.07.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород