Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple Mac OS X
дополнено с 4 июля 2011 г.
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11754
Тип:удаленная
Уровень опасности:
8/10
Описание:DoS-условия, переполнения буфера, утечка информации, выполнение кода в различных подсистемах.
Затронутые продукты:APPLE : MacOS X 10.6
CVE:CVE-2011-1132 (The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.)
 CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.)
 CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.)
 CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.)
 CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.)
 CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.)
 CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.)
 CVE-2011-0208 (QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.)
 CVE-2011-0207 (The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.)
 CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.)
 CVE-2011-0205 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.)
 CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.)
 CVE-2011-0203 (Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.)
 CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.)
 CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.)
 CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.)
 CVE-2011-0199 (The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.)
 CVE-2011-0198 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.)
 CVE-2011-0197 (App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.)
 CVE-2011-0196 (AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.)
 CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.)
 CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability.")
 CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.)
 CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.)
 CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.)
 CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table.")
 CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.)
 CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.)
 CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.)
 CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments.")
 CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT.")
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.)
 CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.)
 CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.)
 CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.)
 CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability, related to FTP.)
 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.)
Оригинальный текстdocumentZDI, ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability (06.07.2011)
 document[email protected], NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow (06.07.2011)
 document[email protected], NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows (06.07.2011)
 document[email protected], NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow (06.07.2011)
 documentZDI, ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentAPPLE, About the security content of Mac OS X v10.6.8 and Security Update 2011-004 (04.07.2011)

Многочисленные уязвимости безопасности в WinAmp
дополнено с 4 июля 2011 г.
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11755
Тип:клиент
Уровень опасности:
5/10
Описание:Многочисленные уязвимости при разборе файлов flv и midi.
Затронутые продукты:NULLSOFT : WinAmp 5.61
Оригинальный текстdocumentLuigi Auriemma, in_midi multiple vulnerabilities in Winamp 5.61 (06.07.2011)
 documentLuigi Auriemma, Multiple vulnerabilities in Winamp 5.61 (04.07.2011)

Слабые разрешения в клиенте Cisco VPN
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11762
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения при установке позволяют непривилегированному пользователю перезаписать исполняемый файл.
Оригинальный текстdocument[email protected], NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation (06.07.2011)

Обратный путь в каталогах PHP
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11763
Тип:библиотека
Уровень опасности:
7/10
Описание:Обратный путь в каталогах при загрузке файлов RFC 1867.
Затронутые продукты:PHP : PHP 5.3
CVE:CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability.")

Переполнение буфера в сетевых функциях NetBSD
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11765
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера при длинном аргументе в getservbyname() и getservbyport().
Затронутые продукты:NETBSD : NetBSD 5.1
CVE:CVE-2011-1656
Оригинальный текстdocumentMaksymilian Arciemowicz, NetBSD 5.1 libc/net multiple functions stack buffer overflow (06.07.2011)

Переполнение буфера в OpenSSH
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11766
Тип:удаленная
Уровень опасности:
8/10
Описание:Переполнение буфера на длинном имени пользователя при использовании pam_opie
Затронутые продукты:OPENSSH : OpenSSH 3.4
Оригинальный текстdocumentHI-TECH ., Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD) (06.07.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11767
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WORDPRESS : WordPress 3.1
 JOOMLA : Joomla 1.6
 WEBCALENDAR : Webcalendar 1.2
 WORDPRESS : WordPress 3.2
Оригинальный текстdocumentpierre.ernst_(at)_ca.ibm.com, Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used (06.07.2011)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress (06.07.2011)
 documentsschurtz_(at)_t-online.de, Multiple Cross-Site Scripting vulnerabilities in WebCalendar (06.07.2011)
 documentYGN Ethical Hacker Group, Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities (06.07.2011)
 documentSee Me, FCKeditor Multiple 0day Vulnerabilities (06.07.2011)

Многочисленные уязвимости безопасности в HP OpenView Storage Data Protector
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11768
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости в службе TCP/5555
Затронутые продукты:HP : OpenView Storage Data Protector 6.00
 HP : OpenView Storage Data Protector 6.11
 HP : OpenView Storage Data Protector 6.10
 HP : OpenView Storage Data Protector 6.20
CVE:CVE-2011-1866 (Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.)
 CVE-2011-1865 (Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.)
 CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters.)
 CVE-2011-1514 (The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing crafted parameters.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability (06.07.2011)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0514: Multiple vulnerabilities in HP Data Protector (06.07.2011)
 documentHP, [security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code (06.07.2011)

Выполнение кода в HP Intelligent Management Center User Access Manager
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11769
Тип:удаленная
Уровень опасности:
5/10
Описание: Переполнение буфера при обработке данных TCP/9090.
Затронутые продукты:HP : HP Intelligent Management Center 5.0
CVE:CVE-2011-1867 (Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.)
Оригинальный текстdocumentHP, ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability (06.07.2011)
 documentHP, [security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code (06.07.2011)

Обратный путь в каталогах Novell ZenWorks Handheld Management
Опубликовано:6 июля 2011 г.
Источник:
SecurityVulns ID:11770
Тип:удаленная
Уровень опасности:
6/10
Описание:Обратный путь в каталогах при обработке запроса TCP/2398.
Затронутые продукты:NOVELL : ZenWorks Handheld Management 7.0
Оригинальный текстdocumentLuigi Auriemma, Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2 (06.07.2011)

DoS против DNS-сервера ISC bind named
дополнено с 6 июля 2011 г.
Опубликовано:9 июля 2011 г.
Источник:
SecurityVulns ID:11761
Тип:удаленная
Уровень опасности:
7/10
Описание:Отказ при обработке запроса.
Затронутые продукты:ISC : bind 9.6
 ISC : bind 9.7
 BIND : bind 9.8
CVE:CVE-2011-2465 (Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.)
 CVE-2011-2464 (Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.)
Оригинальный текстdocumentISC, Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations (09.07.2011)
 documentISC, Security Advisory: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers (09.07.2011)
 documentUBUNTU, [USN-1163-1] Bind vulnerability (06.07.2011)

Выполнение кода в kvm
дополнено с 6 июля 2011 г.
Опубликовано:26 июля 2011 г.
Источник:
SecurityVulns ID:11764
Тип:локальная
Уровень опасности:
5/10
Описание:Выполнение кода через команды virtio.
Затронутые продукты:LINUX : kvm 0.14
CVE:CVE-2011-2527 (The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.)
 CVE-2011-2512 (The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.)
 CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests.")
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2282-1] qemu-kvm security update (26.07.2011)
 documentDEBIAN, [SECURITY] [DSA 2270-1] qemu-kvm security update (06.07.2011)

DoS через HP OpenView Performance Agent
дополнено с 6 июля 2011 г.
Опубликовано:1 августа 2011 г.
Источник:
SecurityVulns ID:11771
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно удаление произвольных файлов через HTTP-запрос по порту TCP/383.
Затронутые продукты:HP : OpenView Performance Agent 6.20
CVE:CVE-2011-2608 (ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02691 SSRT100483 rev.2 - HP Performance Agent and HP Operations Agent, Remote Arbitrary File Deletion (01.08.2011)
 documentLuigi Auriemma, Arbitrary files deletion in HP OpenView Performance Agent (06.07.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород