Информационная безопасность
[RU] switch to English


Повреждение памяти в QEMU
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:12606
Тип:локальная
Уровень опасности:
5/10
Описание:Повреждение памяти при эмуляции терминала.
Затронутые продукты:QEMU : qemu 1.0
CVE:CVE-2012-3515 (Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space.")
Оригинальный текстdocumentUBUNTU, [USN-1590-1] QEMU vulnerability (04.10.2012)

Уязвимость STARTTLS во многих почтовых приложениях
дополнено с 10 марта 2011 г.
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:11492
Тип:m-i-t-m
Уровень опасности:
3/10
Описание:Атакующий может внедрить команды в открытом виде но начала фазы TLS.
Затронутые продукты:POSTFIX : Postfix 2.4
 PUREFTPD : Pure-FTPd 1.0
 CYRUS : cyrus-imapd 2.4
 INN : inn 2.5
CVE:CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.)
 CVE-2011-1926 (The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.)
 CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.)
 CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:156 ] inn (04.10.2012)
 documentMANDRIVA, [ MDVSA-2011:100 ] cyrus-imapd (25.05.2011)
 documentWietse Venema, Plaintext injection in STARTTLS (multiple implementations) (10.03.2011)

Повышение привилегий в CA License
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:12607
Тип:локальная
Уровень опасности:
5/10
Описание:Выполнение кода с правами системы, перезапись файлов.
Затронутые продукты:CA : CA License 1.90
CVE:CVE-2012-0692 (CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors.)
 CVE-2012-0691 (CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors.)
Оригинальный текстdocumentCA, CA20121001-01: Security Notice for CA License (04.10.2012)

Переполнение буфера в DartWebserver
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:12608
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе HTTP-запроса.
Затронутые продукты:DART : DartWebserver.dll 1.9
CVE:CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request.)
Оригинальный текстdocumentKen, CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9 (04.10.2012)

Проблемы с реализацией https в RubyGems
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:12609
Тип:m-i-t-m
Уровень опасности:
4/10
Описание:Недостаточная проверка сертификата и возможность редиректа в небезопасные протоколы.
Затронутые продукты:RUBY : RubyGems 1.8
CVE:CVE-2012-2126 (RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.)
 CVE-2012-2125 (RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.)
Оригинальный текстdocumentUBUNTU, [USN-1582-1] RubyGems vulnerabilities (04.10.2012)

Многочисленные уязвимости безопасности в Apple TV
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:12610
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные уязвимости при разборе различных форматов и протоколов.
Затронутые продукты:APPLE : Apple TV 5.1
CVE:CVE-2012-3726 (Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.)
 CVE-2012-3725 (The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets.)
 CVE-2012-3722 (The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.)
 CVE-2012-3679 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.)
 CVE-2012-3678 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.)
 CVE-2012-3592 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.)
 CVE-2012-3591 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.)
 CVE-2012-3590 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.)
 CVE-2012-3589 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.)
 CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.)
 CVE-2012-0683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.)
 CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.)
 CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.)
 CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-3328 (The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.)
 CVE-2011-3048 (The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.)
 CVE-2011-3026 (Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.)
 CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.)
 CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.)
 CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.)
 CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2012-09-24-1 Apple TV 5.1 (04.10.2012)

Переполнение буфера в guacamole
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:12611
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе запроса.
Затронутые продукты:GUACAMOLE : guacamole 0.6
CVE:CVE-2012-4415 (Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.)
Оригинальный текстdocumentTimo Juhani Lindfors, CVE-2012-4415: guacamole local root vulnerability (04.10.2012)

Обратный путь в каталогах Novell Groupwise
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:12612
Тип:удаленная
Уровень опасности:
6/10
Описание:Обратный путь в каталогах в HTTP-интерфейсе.
Затронутые продукты:NOVELL : GroupWise 8.0
CVE:CVE-2012-0419 (Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.)
Оригинальный текстdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419) (04.10.2012)

Многочисленные уязвимости безопасности в Tochiba ConfigFree
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:12613
Тип:удаленная
Уровень опасности:
4/10
Описание:Многочисленные проблемы при разборе файлов CF7
Затронутые продукты:TOCHIBA : Configfree 8.0
CVE:CVE-2012-4981
 CVE-2012-4980
Оригинальный текстdocumentJoseph Sheridan, Toshiba ConfigFree CF7 File Remote Command Execution (04.10.2012)
 documentJoseph Sheridan, Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field (04.10.2012)
 documentJoseph Sheridan, Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName) (04.10.2012)

Повышение привилегий через dbus
Опубликовано:4 октября 2012 г.
Источник:
SecurityVulns ID:12614
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема с обработкой переменных среды окрежения.
Затронутые продукты:DBUS : dbus 1.5
CVE:CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus.")
Оригинальный текстdocumentUBUNTU, [USN-1576-1] DBus vulnerability (04.10.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород