Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple Mac OS X
Опубликовано:7 августа 2009 г.
Источник:
SecurityVulns ID:10120
Тип:удаленная
Уровень опасности:
6/10
Описание:Повышения привилегий, многочисленные DoS условия, переполнение буфера в клиенте AppleTalk, подмена сертификата в Safari, многочисленные уязвимости при обработке изображений.
Затронутые продукты:APPLE : MacOS X 10.5
CVE:CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue.")
 CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.)
 CVE-2009-2192 (MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue.")
 CVE-2009-2191 (Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.)
 CVE-2009-2190 (launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.)
 CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.)
 CVE-2009-1728 (Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.)
 CVE-2009-1727 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.)
 CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.)
 CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.)
 CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.)
 CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.)
 CVE-2009-1235 (XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.)
 CVE-2009-0151 (The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.)
 CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.)
 CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.)
Оригинальный текстdocumentCERT, US-CERT Technical Cyber Security Alert TA09-218A -- Apple Updates for Multiple Vulnerabilities (07.08.2009)
 documentAPPLE, About the security content of Security Update 2009-003 / Mac OS X v10.5.8 (07.08.2009)

Многочисленные уязвимости безопасности в Mozilla Firefox, Thunderbird, SeaMonkey, NSS
Опубликовано:7 августа 2009 г.
Источник:
SecurityVulns ID:10121
Тип:клиент
Уровень опасности:
8/10
Описание:Подмена сертификата, переполнение буфера, выполнение кода.
Затронутые продукты:MOZILLA : Firefox 3.0
 MOZILLA : Firefox 3.5
 MOZILLA : NSS 3.12
CVE:CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.)
 CVE-2009-2470 (Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.)
 CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.)
 CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2009-46 (07.08.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-45 (07.08.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-44 (07.08.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-38 (07.08.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-43 (07.08.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-42 (07.08.2009)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 29 июля 2009 г.
Опубликовано:7 августа 2009 г.
Источник:
SecurityVulns ID:10105
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти, кроме того, добавлено временное решение для уязвимости библиотеки ATL.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2009-1917 (Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-09-047: Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability (07.08.2009)
 documentZDI, ZDI-09-048: Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability (07.08.2009)
 documentMICROSOFT, iDefense Security Advisory 08.06.09: Microsoft Internet Explorer HTML TIME 'ondatasetcomplete' Use After Free Vulnerability (07.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer (972260) (29.07.2009)
Файлы:Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer (972260)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород