Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в ядре Linux
Опубликовано:4 мая 2009 г.
Источник:
SecurityVulns ID:9889
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные DoS условия, повышения привилегий, утечка информации, повреждения памяти.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.)
 CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command.)
 CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.)
 CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.)
 CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.)
 CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.)
 CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "an off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.)
 CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.)
 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.)
 CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities (04.05.2009)

Использование памяти после освобождения в libwmf
Опубликовано:4 мая 2009 г.
Источник:
SecurityVulns ID:9890
Тип:библиотека
Уровень опасности:
6/10
Описание:Использование освобожденной памяти при обработке изображения WMF.
Затронутые продукты:LIBWMF : libwmf 0.2
CVE:CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.)
Оригинальный текстdocumentUBUNTU, [USN-769-1] libwmf vulnerability (04.05.2009)

Переполнение буфера в Grabit
Опубликовано:4 мая 2009 г.
Источник:
SecurityVulns ID:9891
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файлов .NZB
Затронутые продукты:SHEMES : Grabit 1.7
Оригинальный текстdocumentNiels Teusink, Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow (04.05.2009)
Файлы:Grabit<=1.7.2 Beta 3 (.nzb) SEH Overwrite Exploit

Переполнение буфера IBM Tivoli Storage Manager Remote Agent
Опубликовано:4 мая 2009 г.
Источник:
SecurityVulns ID:9892
Тип:удаленная
Уровень опасности:
6/10
Описание:Несколько различных переполнений буфера.
Затронутые продукты:IBM : Tivoli Storage Manager Express Client 5.3
CVE:CVE-2008-4828 (Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.)
Оригинальный текстdocumentSECUNIA, Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows (04.05.2009)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:4 мая 2009 г.
Источник:
SecurityVulns ID:9893
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:COPPERMINE : Coppermine Photo Gallery 1.4
 OPENX : OpenX 2.6
 MYBB : MyBB 1.4
 OPENX : OpenX 2.8
 PROJECTCMS : ProjectCMS 1.1
Оригинальный текстdocumenty3nh4ck3r_(at)_gmail.com, MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta--> (04.05.2009)
 documentJacques Copeau, “Cross-Site Scripting” vulnerability in MyBB 1.4.5 (04.05.2009)
 documentdarkz.gsa_(at)_gmail.com, Coppermine Photo Gallery 1.4.21 Cross-Site Scripting (04.05.2009)
 documentMustLive, Vulnerabilities in OpenX (04.05.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород