Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности Apple QuickTime
дополнено с 12 декабря 2010 г.
Опубликовано:4 июля 2011 г.
Источник:
SecurityVulns ID:11290
Тип:удаленная
Уровень опасности:
8/10
Описание:Повреждения памяти при просмотре MPEG, Sorenson, AVI, JP2, FlashPix, GIF, PICT, QTVR и других.
Затронутые продукты:QUICKTIME : QuickTime 7.6
CVE:CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.)
 CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.)
 CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.)
 CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.)
 CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.)
 CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.)
 CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.)
 CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.)
 CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.)
 CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.)
 CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.)
 CVE-2010-1508 (Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.)
 CVE-2010-0530 (Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.)
Оригинальный текстdocumentZDI, ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-038: Apple Quicktime Sprite Transformation Remote Code Execution Vulnerability (04.02.2011)
 documentCHECKPOINT, Apple Quicktime Memory Corruption - CVE-2010-3801 (17.12.2010)
 documentIDEFENSE, iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability (12.12.2010)
 documentSECUNIA, Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability (12.12.2010)
 documentAPPLE, About the security content of QuickTime 7.6.9 (12.12.2010)

Небезопасный метод в ActiveX Ashampoo 3D CAD
Опубликовано:4 июля 2011 г.
Источник:
SecurityVulns ID:11751
Тип:клиент
Уровень опасности:
5/10
Описание:Небезопасный метод SaveData позволяет создание произвольных файлов.
Оригинальный текстdocumentHigh-Tech Bridge Security Research, Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method (04.07.2011)

DoS против smallftpd
Опубликовано:4 июля 2011 г.
Источник:
SecurityVulns ID:11752
Тип:удаленная
Уровень опасности:
5/10
Описание:Флуд соединениями приводит к отказу сервера.
Затронутые продукты:SMALLFTPD : smallftpd 1.0
Оригинальный текстdocumentYGN Ethical Hacker Group, smallftpd <= 1.0.3-fix | Connection Saturation Remote Denial of Service Vulnerability (04.07.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:4 июля 2011 г.
Источник:
SecurityVulns ID:11753
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Оригинальный текстdocumentMustLive, Уязвимости в модуле Print для Drupal (04.07.2011)

DoS против мессендера pidgin
Опубликовано:4 июля 2011 г.
Источник:
SecurityVulns ID:11756
Тип:удаленная
Уровень опасности:
5/10
Описание:Исчерпание памяти при разборе иконок GIF.
Затронутые продукты:PIDGIN : Pidgin 2.9
CVE:CVE-2011-2485 (The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] pidgin (SSA:2011-178-01) (04.07.2011)

Определение эккаунта пользователя в Asterisk
Опубликовано:4 июля 2011 г.
Источник:
SecurityVulns ID:11757
Тип:удаленная
Уровень опасности:
5/10
Описание:Различные ответы при несовпадении имени пользователя и пароля.
Затронутые продукты:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
CVE:CVE-2011-2536 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.)
Оригинальный текстdocumentASTERISK, AST-2011-011: Possible enumeration of SIP users due to differing authentication responses (04.07.2011)

Переполнение буфера в Citrix EdgeSight
Опубликовано:4 июля 2011 г.
Источник:
SecurityVulns ID:11759
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера при разборе запроса TCP/18747.
Оригинальный текстdocumentZDI, ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability (04.07.2011)

Переполнение буфера в Novell File Reporter Engine
Опубликовано:4 июля 2011 г.
Источник:
SecurityVulns ID:11760
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе HTTPs-запроса по порту TCP/3035.
CVE:CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.)
Оригинальный текстdocumentZDI, ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability (04.07.2011)

Многочисленные уязвимости безопасности в Apple Mac OS X
дополнено с 4 июля 2011 г.
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11754
Тип:удаленная
Уровень опасности:
8/10
Описание:DoS-условия, переполнения буфера, утечка информации, выполнение кода в различных подсистемах.
Затронутые продукты:APPLE : MacOS X 10.6
CVE:CVE-2011-1132 (The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.)
 CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.)
 CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.)
 CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.)
 CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.)
 CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.)
 CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.)
 CVE-2011-0208 (QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.)
 CVE-2011-0207 (The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.)
 CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.)
 CVE-2011-0205 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.)
 CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.)
 CVE-2011-0203 (Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.)
 CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.)
 CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.)
 CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.)
 CVE-2011-0199 (The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.)
 CVE-2011-0198 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.)
 CVE-2011-0197 (App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.)
 CVE-2011-0196 (AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.)
 CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.)
 CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability.")
 CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.)
 CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.)
 CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.)
 CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table.")
 CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.)
 CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.)
 CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.)
 CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments.")
 CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT.")
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.)
 CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.)
 CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.)
 CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.)
 CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability, related to FTP.)
 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.)
Оригинальный текстdocumentZDI, ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability (06.07.2011)
 document[email protected], NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow (06.07.2011)
 document[email protected], NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows (06.07.2011)
 document[email protected], NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow (06.07.2011)
 documentZDI, ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentAPPLE, About the security content of Mac OS X v10.6.8 and Security Update 2011-004 (04.07.2011)

Многочисленные уязвимости безопасности в WinAmp
дополнено с 4 июля 2011 г.
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11755
Тип:клиент
Уровень опасности:
5/10
Описание:Многочисленные уязвимости при разборе файлов flv и midi.
Затронутые продукты:NULLSOFT : WinAmp 5.61
Оригинальный текстdocumentLuigi Auriemma, in_midi multiple vulnerabilities in Winamp 5.61 (06.07.2011)
 documentLuigi Auriemma, Multiple vulnerabilities in Winamp 5.61 (04.07.2011)

Переполнение буфера в Sybase Advantage Server
дополнено с 4 июля 2011 г.
Опубликовано:14 июля 2011 г.
Источник:
SecurityVulns ID:11758
Тип:удаленная
Уровень опасности:
5/10
Описание:Однобайтовое переполнение буфера при разборе трафика TCP/6262, UDP/6262, ошибка форматной строки при разборе TCP/5001.
Затронутые продукты:SYBASE : Sybase Advantage Server 10.0
 SYBASE : Sybase Adaptive Server 15.5
Оригинальный текстdocumentLuigi Auriemma, bcksrvr format string in Sybase Adaptive Server 15.5 (14.07.2011)
 documentLuigi Auriemma, bcksrvr format string in Sybase Adaptive Server 15.5 (06.07.2011)
 documentLuigi Auriemma, Off-by-one in Sybase Advantage Server 10.0.0.3 (04.07.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород