Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Sharepoint Server
дополнено с 11 сентября 2013 г.
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13278
Тип:удаленная
Уровень опасности:
8/10
Описание:DoS, межсайтовый скриптинг, повреждения памяти, выполнение кода.
Затронутые продукты:MICROSOFT : SharePoint Server 2007
 MICROSOFT : SharePoint Server 2010
 MICROSOFT : SharePoint Server 2013
 MICROSOFT : SharePoint Portal Server 2003
 MICROSOFT : SharePoint Portal Server 2007
 MICROSOFT : SharePoint Portal Server 2010
 MICROSOFT : SharePoint Portal Server 2013
CVE:CVE-2013-3858 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.)
 CVE-2013-3857 (Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability.")
 CVE-2013-3849 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.)
 CVE-2013-3848 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.)
 CVE-2013-3847 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.)
 CVE-2013-3180 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability.")
 CVE-2013-3179 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability.")
 CVE-2013-1330 (The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability.")
 CVE-2013-1315 (Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.")
 CVE-2013-0081 (Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability.")
Оригинальный текстdocumentVulnerability Lab, Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Web Vulnerability (03.10.2013)
Файлы:Microsoft Security Bulletin MS13-067 - Critical Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 3 октября 2013 г.
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13318
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPBB : phpBB 3.0
 WIKKA : WikkaWiki 1.3
 SILVERSTRIPE : SilverStripe CMS 3.0
 EPROLOG : elproLOG MONITOR WebAccess 2.1
 SEMPERFIWEBDESIG : All in One SEO Pack 2.0
 VTIGER : vtiger CRM 5.4
 EXPRESSIONENGINE : ExpressionEngine 2.6
 MEDIAWIKI : mediawiki 1.20
 MOODLE : Moodle 2.5
 OWASP : ESAPI 2.0
 WORDPRESS : Design-approval-system 3.6
 WORDPRESS : Event Easy Calendar 1.0
CVE:CVE-2013-5679 (The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.)
 CVE-2013-5586 (Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.)
 CVE-2013-5091 (SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.)
 CVE-2013-4303
 CVE-2013-4302 ((1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php.)
 CVE-2013-4301 (includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.)
Оригинальный текстdocumentroguecoder_(at)_hush.com, Event Easy Calendar 1.0.0 WP plugin (03.10.2013)
 documentDEBIAN, [SECURITY] [DSA 2752-1] phpbb3 security update (03.10.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in WikkaWiki (03.10.2013)
 documentAlexandro Silva, [iBliss Security Advisory] Cross-Site Scripting (XSS) vulnerability in Design-approval-system wordpress plugin (03.10.2013)
 documentKevin W. Wall, OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption (03.10.2013)
 documentEmilio Pinna, Moodle 2.5.0-1 (badges/external.php) PHP Object Injection Vulnerability (03.10.2013)
 documentMANDRIVA, [ MDVSA-2013:235 ] mediawiki (03.10.2013)
 documentRichard Clifford, ExpressionEngine 2.6 Persistent XSS (03.10.2013)
 documentHigh-Tech Bridge Security Research, SQL Injection in vtiger CRM (03.10.2013)
 documentVulnerability Lab, SilverStripe Framework CMS 3.0.5 - Multiple Web Vulnerabilities (03.10.2013)
 documentVulnerability Lab, elproLOG MONITOR WebAccess 2.1 - Multiple Web Vulnerabilities (03.10.2013)
 documentVulnerability Lab, WebAssist PowerCMS PHP - Multiple Web Vulnerabilities (03.10.2013)

Переполнение буфера в Security Guard CMS QT
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13317
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при обработке клиентского запроса.
Затронутые продукты:SECURITYGUARD : Security Guard CMS QT 4.7
Оригинальный текстdocumentVulnerability Lab, Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability (03.10.2013)

DoS против Citrix NetScaler
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13319
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при обработке запроса службой nsconfigd TCP/3008, TCP/3010.
Затронутые продукты:NETSCALER : NetScaler 10.0
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler (03.10.2013)

Обход защиты в Apple Face-Time
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13320
Тип:локальная
Уровень опасности:
4/10
Описание:Можно получить доступ к изображениям.
Затронутые продукты:APPLE : Face-Time 1.0
Оригинальный текстdocumentVulnerability Lab, Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability (03.10.2013)

Повреждение памяти в Apple iTunes
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13321
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждение памяти в элементе ActiveX.
Затронутые продукты:APPLE : iTunes 11.0
CVE:CVE-2013-1035 (The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-09-18-1 iTunes 11.1 (03.10.2013)

Уязвимости безопасности в Cisco Prime Data Center / Prime Central
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13322
Тип:удаленная
Уровень опасности:
6/10
Описание:Утечка информации, выполнение кода, DoS условия.
Затронутые продукты:CISCO : Prime Central for HCS Assurance 9.1
 CISCO : Prime Central for HCS Assurance 1.1
CVE:CVE-2013-5490 (Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.)
 CVE-2013-5487 (DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.)
 CVE-2013-5486 (Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.)
 CVE-2013-3473 (The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600.)
 CVE-2013-3390 (Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug ID CSCub59158.)
 CVE-2013-3389 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port (1) 61615 or (2) 61616, aka Bug ID CSCtz90114.)
 CVE-2013-3388 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776.)
 CVE-2013-3387 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (disk consumption) via a flood of TCP packets to port 5400, leading to large error-log files, aka Bug ID CSCua42724.)
Файлы:Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
 Cisco Prime Central for Hosted Collaboration Solution Assurance Unauthenticated Username and Password Enumeration Vulnerability
 Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities

Обход авторизации polkit во многих приложениях
дополнено с 2 октября 2013 г.
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13316
Тип:локальная
Уровень опасности:
4/10
Описание:Некорректное использование авторизации Policy Kit authorization usage.
Затронутые продукты:UBUNTU : usb-creator 0.2
 UBUNTU : ubuntu-system-service 0.2
CVE:CVE-2013-4327 (systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-4326 (RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.)
 CVE-2013-1066 (language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1065 (backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1064 (apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1063 (usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1062 (ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1061 (dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
Оригинальный текстdocumentUBUNTU, [USN-1962-1] ubuntu-system-service vulnerability (03.10.2013)
 documentUBUNTU, [USN-1963-1] usb-creator vulnerability (02.10.2013)

Уязвимости безопасности в Chrony
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13323
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера и обращение по неинициализированному указателю при разборе ответа сервера.
Затронутые продукты:CHRONY : chrony 1.24
CVE:CVE-2012-4503 (cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.)
 CVE-2012-4502 (Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2760-1] chrony security update (03.10.2013)

Replay-атака против VMWare Zimbra Collaboration Suite
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13325
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Возможно обойти авторизацию путем воспроизведения перехваченного сеанса.
Затронутые продукты:VMWARE : Zimbra Collaboration Suite 6.0
CVE:CVE-2013-5119 (Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.)
Оригинальный текстdocumentbrianwarehime_(at)_gmail.com, Zimbra Collaboration Suite (ZCS) Session Replay Vulnerability (03.10.2013)

Уязвимости безопасности в Apple Safari
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13326
Тип:клиент
Уровень опасности:
8/10
Описание:Повреждения памяти.
Затронутые продукты:APPLE : Safari 5.1
CVE:CVE-2013-0997 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-09-12-2 Safari 5.1.10 (03.10.2013)

Слабые разрешения в lightdm
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13328
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения на файлы .Xauthority.
Затронутые продукты:LIGHTDM : lightdm 1.6
CVE:CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.)
Оригинальный текстdocumentUBUNTU, [USN-1950-1] Light Display Manager vulnerability (03.10.2013)

Проблема символьных линков в Gnome gdm
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13329
Тип:локальная
Уровень опасности:
5/10
Описание:Небезопасное создание временных файлов.
Затронутые продукты:GNOME : gdm 2.21
CVE:CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:230 ] gdm (03.10.2013)

Слабые PRNG-генератор в GSTOOL
Опубликовано:3 октября 2013 г.
Источник:
SecurityVulns ID:13330
Тип:библиотека
Уровень опасности:
5/10
Описание:Слабый PRNG-генератор в реализации CHIASMUS.
Затронутые продукты:GSTOOL : gstool 4.7
Оригинальный текстdocumentJan Schejbal, Insecure CHIASMUS encryption in GSTOOL (03.10.2013)

Многочисленные уязвимости безопасности в Apple Mac OS X
дополнено с 3 октября 2013 г.
Опубликовано:5 октября 2013 г.
Источник:
SecurityVulns ID:13327
Тип:библиотека
Уровень опасности:
8/10
Описание:Различные уязвимости в компонентах системы.
Затронутые продукты:APPLE : MacOS X 10.8
CVE:CVE-2013-5163 (Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.)
 CVE-2013-1033 (Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.)
 CVE-2013-1032 (QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.)
 CVE-2013-1031 (Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.)
 CVE-2013-1030 (mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.)
 CVE-2013-1029 (The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.)
 CVE-2013-1028 (The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.)
 CVE-2013-1027 (Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.)
 CVE-2013-1026 (Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.)
 CVE-2013-1025 (Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update (05.10.2013)
 documentAPPLE, APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 (03.10.2013)

Уязвимости безопасности в glibc
дополнено с 3 октября 2013 г.
Опубликовано:1 декабря 2013 г.
Источник:
SecurityVulns ID:13324
Тип:библиотека
Уровень опасности:
7/10
Описание:Целочисленные переполнения в pvalloc, valloc, posix_memalign/memalign/aligned_alloc, некорректная реализация PTR_MANGLE, переполнение стека в getaddrinfo(), целочисленное переполнение и переполнение буфера в strcoll_l.c.
Затронутые продукты:GNU : glibc 2.15
 GNU : glibc 2.5
 GNU : glibc 2.18
CVE:CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.)
 CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.)
 CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.)
 CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.)
 CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:284 ] glibc (01.12.2013)
 documentgeinblues_(at)_gmail.com, glibc 2.5 <= reloc types to crash bug (28.10.2013)
 documentSLACKWARE, [slackware-security] glibc (SSA:2013-260-01) (03.10.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород