Информационная безопасность
[RU] switch to English


Повышение привилегий в Nessus
дополнено с 24 марта 2014 г.
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13622
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения на подключаемую библиотеку, проблема временных файлов.
Затронутые продукты:TEANABLE : Nessus 5.2
Оригинальный текстdocument0a29 40, 0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day] (07.04.2014)
 documentNCC Group Research, NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation (24.03.2014)

Многочисленные уязвимости безопасности в RSA BSAFE
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13663
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнения буфера, атаки на SSL, обход защиты.
Затронутые продукты:EMC : RSA BSAFE SSL-J
 EMC : RSA BSAFE SSL-C
CVE:CVE-2014-0627 (The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.)
 CVE-2014-0626 (The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.)
 CVE-2014-0625 (The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.)
 CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.)
 CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.)
 CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
 CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.)
Оригинальный текстdocumentEMC, ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities (07.04.2014)
 documentEMC, ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities (07.04.2014)
 documentEMC, ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities (07.04.2014)

Обратный путь в каталогах CA Erwin Web Portal
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13664
Тип:удаленная
Уровень опасности:
5/10
Описание:Не проверяется запрос к файлам.
Затронутые продукты:CA : ERwin Web Portal 9.5
CVE:CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.)
Оригинальный текстdocumentCA, CA20140403-01: Security Notice for CA Erwin Web Portal (07.04.2014)

Несанкционированный доступ к HP Integrated Lights-Out
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13665
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации о пароле доступа.
Затронутые продукты:HP : Integrated Lights-Out 3
 HP : Integrated Lights-Out 4
 HP : Integrated Lights-Out 2
CVE:CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.)
Оригинальный текстdocumentHP, [security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) (07.04.2014)

DoS против Microsoft Outlook
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13666
Тип:клиент
Уровень опасности:
5/10
Описание:Отказ при разборе XML.
Затронутые продукты:MICROSOFT : Outlook 2008
 MICROSOFT : Outlook 2010
 MICROSOFT : Outlook 2013
 MICROSOFT : Outlook 2011 for Mac
Оригинальный текстdocumentLubomir Stroetmann, [softScheck] Denial of Service in Microsoft Office 2007-2013 (07.04.2014)

Обход аутентификации в MobileIron
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13667
Тип:удаленная
Уровень опасности:
5/10
Описание:Несанкционированный доступ к XML файлам.
CVE:CVE-2014-1409
 CVE-2013-7286
Оригинальный текстdocumentFlorent Daigniere, [MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability (07.04.2014)

Многочисленные уязвимости безопасности в Rhythm File Manager
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13668
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, повышение привилегий, выполнение кода.
Затронутые продукты:RHYTHM : Rhythm File Manager 1.16
 RHYTHM : Rhythm File Manager HD 1.11
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager (07.04.2014)

Уязвимости безопасности в EMC RSA Adaptive Authentication
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13669
Тип:удаленная
Описание:Межсайтовый скриптинг.
Затронутые продукты:EMC : RSA Adaptive Authentication 7.1
CVE:CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue.)
 CVE-2014-0637 (Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentEMC, ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities (07.04.2014)

Выполнение кода в a2ps
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13671
Тип:библиотека
Уровень опасности:
5/10
Описание:Не вырезаются макросы при обработке Postscript.
Затронутые продукты:A2PS : a2ps 4.14
CVE:CVE-2014-0466 (The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.)
 CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2892-1] a2ps security update (07.04.2014)

DoS против OpenLDAP
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13672
Тип:удаленная
Уровень опасности:
5/10
Описание:Исчерпание ресурсов.
Затронутые продукты:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:026 ] openldap (07.04.2014)

Повышение привилегий в Apple BootCamp
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13673
Тип:локальная
Уровень опасности:
5/10
Описание:Повреждение памяти ядра при разборе файлов PE.
Затронутые продукты:APPLE : Boot Camp 5.1
CVE:CVE-2014-1253 (AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2014-02-11-1 Boot Camp 5.1 (07.04.2014)

Обход защиты в lxc
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13674
Тип:библиотека
Уровень опасности:
5/10
Описание:Некорректные разрешения на mount для sshd.
Затронутые продукты:LXC : LXC 1.0
CVE:CVE-2013-6441 (The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.)
Оригинальный текстdocumentUBUNTU, [USN-2104-1] LXC vulnerability (07.04.2014)

Уязвимости безопасности в Symantec Endpoint Protection
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13676
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, SQL-инъекция.
Затронутые продукты:SYMANTEC : Symantec Endpoint Protection 12.1
CVE:CVE-2013-5015 (SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2013-5014 (The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection (07.04.2014)

Переполнение буфера в Dassault Systemes Catia
Опубликовано:7 апреля 2014 г.
Источник:
SecurityVulns ID:13677
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе сетевого запроса.
Затронутые продукты:DASSAULT : Catia V5-6R2013
CVE:CVE-2014-2072
Оригинальный текстdocument0xnanoquetz9l_(at)_gmail.com, Public disclosure of Buffer Overflow Dassault Systems (07.04.2014)

Уязвимости безопасности в Openswan / Strongswan
дополнено с 7 апреля 2014 г.
Опубликовано:7 мая 2014 г.
Источник:
SecurityVulns ID:13670
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера, DoS, обход защиты.
Затронутые продукты:OPENSWAN : Openswan 2.6
 STRONGSWAN : strongSwan 5.1
CVE:CVE-2014-2891 (strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.)
 CVE-2014-2338 (IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.)
 CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.)
 CVE-2013-2053 (Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2922-1] strongswan security update (07.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2903-1] strongswan security update (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2893-1] openswan security update (07.04.2014)

Несанкционированный доступ к маршрутизаторам Asus RT
дополнено с 7 апреля 2014 г.
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:13675
Тип:удаленная
Уровень опасности:
5/10
Описание:По умолчанию разрешен полный анонимный доступ. Обход аутентификации. Межсайтовый скриптинг.
Затронутые продукты:ASUS : Asus RT-N66U
 ASUS : Asus RT-AC66U
 ASUS : Asus RT-AC56U
 ASUS : Asus RT-N56U
 ASUS : Asus RT-N16
 ASUS : Asus RT-AC68U
 ASUS : Asus RT-N10U
 ASUS : Asus DSL-N55U
 ASUS : Asus RT-N15U
 ASUS : Asus RT-N53
 ASUS : Asus RT-N10
CVE:CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.)
Оригинальный текстdocumentkingkaustubh_(at)_me.com, CVE-2015-1437 XSS In ASUS Router. (11.02.2015)
 documentkingkaustubh_(at)_me.com, Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router (02.02.2015)
 documentkingkaustubh_(at)_me.com, Reflected XSS vulnarbility in Asus RT-N10 Plus Router (02.02.2015)
 documentbuqtraq_(at)_kyber.fi, ASUS router drive-by code execution via XSS and authentication bypass (07.04.2014)
 documentkyle Lovett, ASUS RT Series Routers FTP Service - Default anonymous access (07.04.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород