Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Mozilla Firefox / Thunderbird / Seamonkey (multiple bugs)
дополнено с 27 февраля 2007 г.
Опубликовано:6 марта 2007 г.
Источник:
SecurityVulns ID:7309
Тип:удаленная
Уровень опасности:
7/10
Описание:Обход фильтрации HTML-содержимого, межсайтовый скриптинг, слабая хэширующая функция, повреждение памяти, переполнение буфера и др.
Затронутые продукты:MOZILLA : Thunderbird 1.5
 MOZILLA : Firefox 1.5
 MOZILLA : Seamonkey 1.0
 MOZILLA : Firefox 2.0
CVE:CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.)
 CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.)
 CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.)
 CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.)
 CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.)
 CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.)
 CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.)
 CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.)
 CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-09 (06.03.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-10 (06.03.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-05 (27.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-04 (27.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-03 (27.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-02 (27.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-01 (27.02.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:6 марта 2007 г.
Источник:
SecurityVulns ID:7350
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SQLLEDGER : SQL-Ledger 2.6
 LEDGERSMB : LedgerSMB 1.1
 RPS : Rigter Portal System 6.2
 WEBMIN : Webmin 1.320
 MONITORLINE : Links Management Application 1.0
CVE:CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.)
 CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.)
 CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.)
Оригинальный текстdocumentChris Travers, DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25 (06.03.2007)
Файлы:Links Management Application V1.0 (lcnt) Remote BLIND SQL Injection Exploit

Подстановка неподписанного содержимого во многих приложениях использующих GnuPG
Опубликовано:6 марта 2007 г.
Источник:
SecurityVulns ID:7351
Тип:клиент
Уровень опасности:
6/10
Описание:При отображении содержимого сообщения некорректно показываются границы подписанного текста.
Затронутые продукты:MUTT : mutt 1.5
 GNU : GnuPG 1.4
 KDE : KMail 1.9
 ENIGMAIL : Enigmail 0.94
 GNOME : Evolution 2.8
 SYLPHEED : Sylpheed 2.2
 GNUMAIL : GNUMail 1.1
CVE:CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.)
 CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.)
 CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.)
 CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.)
 CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.)
 CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.)
 CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability (06.03.2007)

Переполнение буфера в сервере IMAP Mercury/32 (buffer overflow)
Опубликовано:6 марта 2007 г.
Источник:
SecurityVulns ID:7352
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в команде LOGIN.
Затронутые продукты:PMAIL : Mercury/32 4.01
CVE:CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.)
Оригинальный текстdocumentmu-b, [Full-disclosure] Mercury/32 4.01b (06.03.2007)
Файлы:Mercury/32 <v4.01b (win32) remote exploit
 Exploits Mercury/32 LOGIN buffer overflow - multy

Переполнение буфера в функциях mssql_connect() / mssql_pconnect() PHP (buffer overflow)
Опубликовано:6 марта 2007 г.
Источник:
SecurityVulns ID:7353
Тип:локальная
Уровень опасности:
6/10
Описание:Переполнение буфера позволяет выполнение кода, приводящее к обходу ограничений.
Затронутые продукты:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.)
Оригинальный текстdocumentretrog_(at)_alice.it, PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow and safe_mode bypass (06.03.2007)
Файлы:PHP <= 4.4.6 mssql_connect() & mssql_pconnect() local buffer overflow poc exploit (and safe_mode bypass)

Обход защиты mod_security (protection bypass)
дополнено с 6 марта 2007 г.
Опубликовано:6 марта 2007 г.
Источник:
SecurityVulns ID:7354
Тип:удаленная
Уровень опасности:
5/10
Описание:Некорректная обработка нулевого байта в данных формы POST-запроса приводит к возможности обхода проверок.
Затронутые продукты:MODSECURITY : mod_security 2.1
CVE:CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.)
Оригинальный текстdocumentPHP-SECURITY, BONUS-12-2007:mod_security POST Rules Bypass Vulnerability (06.03.2007)

Утечка информации через php_binary / WDDX в PHP (information leak)
Опубликовано:6 марта 2007 г.
Источник:
SecurityVulns ID:7355
Тип:удаленная
Уровень опасности:
5/10
Описание:Не проверяется значение длины переменной, что позволяет чтение фрагмента данных из динамической памяти.
Затронутые продукты:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.)
 CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.)
Оригинальный текстdocumentPHP-SECURITY, MOPB-11-2007:PHP WDDX Session Deserialization Information Leak Vulnerability (06.03.2007)
 documentPHP-SECURITY, MOPB-10-2007:PHP php_binary Session Deserialization Information Leak Vulnerability (06.03.2007)
Файлы:Exploits PHP php_binary Session Deserialization Information Leak
 PHP WDDX Session Deserialization Stack Information Leak

Обход ограничений PHP через расширение Ovrimos
Опубликовано:6 марта 2007 г.
Источник:
SecurityVulns ID:7356
Тип:локальная
Уровень опасности:
4/10
Описание:Существуют многочисленные возможности выполнения кода.
Затронутые продукты:PHP : PHP 4.4
CVE:CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.)
 CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.)
Оригинальный текстdocumentPHP-SECURITY, MOPB-13-2007:PHP 4 Ovrimos Extension Multiple Vulnerabilities (06.03.2007)

Многочисленные уязвимости в Apple QuickTime (multiple bugs)
дополнено с 6 марта 2007 г.
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7349
Тип:клиент
Уровень опасности:
6/10
Описание:Целочисленные переполнения, переполнения буфера и повреждения памяти при разборе различных форматов.
Затронутые продукты:APPLE : QuickTime 7.1
CVE:CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.)
 CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.)
 CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.)
 CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.)
 CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.)
 CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.)
 CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.)
 CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.)
Оригинальный текстdocumentZDI, ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability (09.03.2007)
 documentReversemode, [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption (06.03.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-065A -- Apple Releases Security Updates for QuickTime (06.03.2007)
 documentSowhat ., [Full-disclosure] Apple QuickTime udta ATOM Integer Overflow (06.03.2007)
 documentPiotr Bania, [Full-disclosure] Apple QuickTime Player Remote Heap Overflow (06.03.2007)
 documentIDEFENSE, iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability (06.03.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород