Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в glibc
Опубликовано:4 декабря 2011 г.
Источник:
SecurityVulns ID:12065
Тип:библиотека
Уровень опасности:
8/10
Описание:Повышение привилегий через разделяемые библиотеки, переполнение буфера в fnmatch(), слабая реализация шифрования blowfish в crypt(), DoS-условия.
Затронутые продукты:GNU : glibc 2.12
CVE:CVE-2011-2483 (crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.)
 CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.)
 CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.)
 CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.)
 CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.)
 CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.)
 CVE-2011-0536 (Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:178 ] glibc (04.12.2011)

Выполнение кода через libc в FreeBSD
Опубликовано:4 декабря 2011 г.
Источник:
SecurityVulns ID:12067
Тип:библиотека
Уровень опасности:
9/10
Описание:Подгружается библиотека lib/nss_compat.so.1 в chroot-окружении. Уязвимость используется в т.ч. для удаленной эксплуатации через FTP-серверы.
Затронутые продукты:FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD 8.1
 FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 8.2
Файлы:FreeBSD ftpd/ProFTPD remote exploit

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 4 декабря 2011 г.
Опубликовано:5 декабря 2011 г.
Источник:
SecurityVulns ID:12064
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:ROUNDCUBE : RoundCube 0.6
 ARIADNECMS : Ariadne 2.7
 PHPWARES : PHP Inventory 1.3
 WIKKA : WikkaWiki 1.3
 SUGARCRM : SugarCRM 6.3
 ORANGEGRM : OrangeHRM 2.6
 CLEARSILVER : clearsilver 0.10
 JCRYPTON : jCryption 1.2
 ELLISLAB : ExpressionEngine 2.2
 ELLISLAB : CodeIgniter 2.0
CVE:CVE-2011-4448 (SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.)
 CVE-2011-4357 (Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.)
 CVE-2011-4025
 CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information.)
 CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.)
 CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Оригинальный текстdocumentmarian.ventuneac_(at)_gmail.com, MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter (05.12.2011)
 documentNick Freeman, Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits (05.12.2011)
 documentDaniel Roethlisberger, Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2 (05.12.2011)
 documentDEBIAN, [SECURITY] [DSA 2355-1] clearsilver security update (05.12.2011)
 documentAmir_(at)_irist.ir, Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities (04.12.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in OrangeHRM (04.12.2011)
 documentHigh-Tech Bridge Security Research, Sql injection in SugarCRM (04.12.2011)
 documentn0b0d13s_(at)_gmail.com, WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities (04.12.2011)
 documentAmir_(at)_irist.ir, Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities (04.12.2011)
 documentAmir_(at)_irist.ir, Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities (04.12.2011)
 documentsecurity_(at)_infoserve.de, PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability (04.12.2011)
 documentsschurtz_(at)_t-online.de, Ariadne 2.7.6 Multiple XSS vulnerabilities (04.12.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-43] Database information disclosure in Kayako Fusion (04.12.2011)
 documentMustLive, Multiple vulnerabilities in RoundCube (04.12.2011)
 documentMustLive, Уязвимости в Zeema CMS (04.12.2011)

Повреждение памяти в ActiveX HP Device Access Manager for Protect Tools Information Store
дополнено с 4 декабря 2011 г.
Опубликовано:9 июля 2012 г.
Источник:
SecurityVulns ID:12066
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера во многих методах.
Затронутые продукты:HP : HP Device Access Manager for Protect Tools Information Store 6.1
 HP : HP ProtectTools Enterprise Device Access Manager 5
CVE:CVE-2011-4162 (The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN02750 SSRT100795 rev.1 - HP ProtectTools Enterprise Device Access Manager Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) (09.07.2012)
 documentHP, [security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (04.12.2011)
 documentHigh-Tech Bridge Security Research, Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store (04.12.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород