Информационная безопасность
[RU] switch to English


Повреждение памяти в file
дополнено с 9 марта 2012 г.
Опубликовано:3 сентября 2014 г.
Источник:
SecurityVulns ID:12228
Тип:локальная
Уровень опасности:
4/10
Описание:Повреждения памяти при анализе формата CDF
Затронутые продукты:FILE : file 5.04
CVE:CVE-2014-3587 (Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.)
 CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:167 ] file (03.09.2014)
 documentDEBIAN, [SECURITY] [DSA 2422-1] file security update (09.03.2012)

Переполнение буфера в Lua
Опубликовано:3 сентября 2014 г.
Источник:
SecurityVulns ID:13952
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера при вызове функции с большим количеством аргументов.
Затронутые продукты:LUA : lua 5.2
CVE:CVE-2014-5461 (Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3016-1] lua5.2 security update (03.09.2014)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 3 сентября 2014 г.
Опубликовано:15 сентября 2014 г.
Источник:
SecurityVulns ID:13950
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждения памяти, доступ к локальным файлам.
Затронутые продукты:MOZILLA : Firefox 31
 MOZILLA : Thunderbird 31
CVE:CVE-2014-1567 (Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.)
 CVE-2014-1566 (Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515.)
 CVE-2014-1565 (The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls.)
 CVE-2014-1564 (Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.)
 CVE-2014-1563 (Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.)
 CVE-2014-1562 (Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2014-1554 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2014-1553 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentMichal Zalewski, Uninit memory disclosure via truncated images in Firefox (15.09.2014)
Файлы:Mozilla Foundation Security Advisory 2014-67
 Mozilla Foundation Security Advisory 2014-68
 Mozilla Foundation Security Advisory 2014-69
 Mozilla Foundation Security Advisory 2014-70
 Mozilla Foundation Security Advisory 2014-71
 Mozilla Foundation Security Advisory 2014-72

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 3 сентября 2014 г.
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13951
Тип:удаленная
Уровень опасности:
7/10
Описание:DoS через SCTP, многочисленные DoS условия и утечка информации в ALSA, DoS через autofs.
Затронутые продукты:LINUX : kernel 3.15
CVE:CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.)
 CVE-2014-5471 (Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.)
 CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.)
 CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.)
 CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.)
 CVE-2014-4655 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.)
 CVE-2014-4654 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.)
 CVE-2014-4653 (sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.)
 CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.)
 CVE-2014-4508 (arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.)
 CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.)
 CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.)
Оригинальный текстdocumentUBUNTU, [USN-2359-1] Linux kernel vulnerabilities (29.09.2014)
 documentUBUNTU, [USN-2332-1] Linux kernel vulnerabilities (03.09.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород