Информационная безопасность
[RU] switch to English


Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:4 декабря 2008 г.
Источник:
SecurityVulns ID:9479
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:MVNFORUM : mvnForum 1.2
 PROCLANMANAGER : Pro Clan Manager 0.4
Оригинальный текстdocumentr3d.w0rm_(at)_yahoo.com, Joomla Component GameQ (04.12.2008)
 documentoffice_(at)_hackattack.at, [HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation (04.12.2008)
 documentSecurity Vulnerability Research Team, [Full-disclosure] [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM (04.12.2008)

Переполнение буфера в OptiPNG
Опубликовано:4 декабря 2008 г.
Источник:
SecurityVulns ID:9480
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе BMP.
Затронутые продукты:OPTIPNG : OptiPNG 0.6
CVE:CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow.")
Оригинальный текстdocumentGENTOO, [ GLSA 200812-01 ] OptiPNG: User-assisted execution of arbitrary code (04.12.2008)

Обходограниченной среды в VMWare
Опубликовано:4 декабря 2008 г.
Источник:
SecurityVulns ID:9481
Тип:локальная
Уровень опасности:
6/10
Описание:Возможен полный доступ к физической памяти из гостевой машины.
Затронутые продукты:VMWARE : VMware Server 1.0
 VMWARE : VMWare Workstation 6.0
 VMWARE : VMWare Player 2.0
 VMWARE : VMWare ACE 2.0
 VMWARE : VMware ESX 3.0
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESX 3.5
CVE:CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.)
Оригинальный текстdocumentVMWARE, VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 (04.12.2008)

DoS против HP-UX
Опубликовано:4 декабря 2008 г.
Источник:
SecurityVulns ID:9482
Тип:локальная
Уровень опасности:
5/10
CVE:CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02389 SSRT080141 rev.1 - HP-UX, Local Denial of Service (DoS) (04.12.2008)

Обратный путь в каталогах PHP ZipArchive::extractTo()
Опубликовано:4 декабря 2008 г.
Источник:
SecurityVulns ID:9484
Тип:библиотека
Уровень опасности:
6/10
Описание:Обратный путь в каталогах при распаковке ZIP-файлов.
Затронутые продукты:PHP : PHP 5.2
Оригинальный текстdocumentStefan Esser, [Full-disclosure] Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability (04.12.2008)

DoS против Orb media server
Опубликовано:4 декабря 2008 г.
Источник:
SecurityVulns ID:9485
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе запроса HTTP.
Затронутые продукты:ORB : Orb 2.01
Оригинальный текстdocumentDDI.VulnerabilityAlert_(at)_ddifrontline.com, DDIVRT-2008-18 Orb Denial of Service (04.12.2008)

Проблема символьных линков в perl (symbolic links)
дополнено с 27 декабря 2004 г.
Опубликовано:4 декабря 2008 г.
Источник:
SecurityVulns ID:4314
Тип:локальная
Уровень опасности:
5/10
Описание:File::Path::rmtree меняет разрешения файла перед удалением небезопасным способом, что приводит к кратковременной возможности использования символьных линков для повышения привилегий.
Затронутые продукты:PERL : perl 5.8
 PERL : Perl 5.9
CVE:CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.)
 CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.)
 CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.)
 CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1678-1] New perl packages fix privilege escalation (04.12.2008)
 documentSECUNIA, [SA13643] Perl "File::Path::rmtree" Race Condition (27.12.2004)

Многочисленные уязвимости безопасности в Sun Java JRE / JDK / Web Start
дополнено с 4 декабря 2008 г.
Опубликовано:23 апреля 2009 г.
Источник:
SecurityVulns ID:9483
Тип:библиотека
Уровень опасности:
9/10
Описание:JNLP может переписать системные опции java.home java.ext.dirs user.home. Переполнение буфера динамической памяти и целочисленные переполнения при разборе шрифтов TrueType, повреждение памяти при разборе GIF, целочисленное переполнение при извлечении Pack200. Многочисленные возможности выхода за пределы ограниченной среды.
Затронутые продукты:SUN : JRE 1.6
 ORACLE : OpenJDK 6
CVE:CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.)
 CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.)
 CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.)
 CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.)
 CVE-2008-5353 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets and applications to gain privileges via unknown vectors related to "deserializing calendar objects.")
 CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.)
 CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.)
 CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.)
 CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.)
 CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.)
 CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.)
 CVE-2008-2086
Оригинальный текстdocumentThierry Zoller, [TZO-12-2009] SUN / Oracle JVM Remote code execution (23.04.2009)
 documentUBUNTU, [USN-713-1] openjdk-6 vulnerabilities (31.01.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA08-340A -- Sun Java Updates for Multiple Vulnerabilities (10.12.2008)
 documentZDI, ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities (09.12.2008)
 documentZDI, ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java Web Start GIF Decoding Memory Corruption Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Heap Overflow Vulnerability (09.12.2008)
 documentVSR Advisories, [Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override (04.12.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород