Информационная безопасность
[RU] switch to English


DoS через UDP-флуд против маршрутизаторов Cisco
дополнено с 4 мая 2011 г.
Опубликовано:8 мая 2011 г.
Источник:
SecurityVulns ID:11647
Тип:удаленная
Уровень опасности:
3/10
Описание:Флуд UDP-пакетами приводит к исчерпанию процессора.
Затронутые продукты:CISCO : Cisco 2921
Оригинальный текстdocumentCISCO, Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities (08.05.2011)
 documentvuln_(at)_nipc.org.cn, Cisco IOS SNMP Message Processing Denial Of Service Vulnerability (04.05.2011)
 documentvuln_(at)_nipc.org.cn, Cisco IOS UDP Denial of Service Vulnerability (04.05.2011)

Ошибка форматной строки в exim
Опубликовано:8 мая 2011 г.
Источник:
SecurityVulns ID:11655
Тип:удаленная
Уровень опасности:
9/10
Описание:Ошибка форматной строки при использовании данных DKIM из DNS.
Затронутые продукты:EXIM : exim 4.75
CVE:CVE-2011-1764 (Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2232-1] exim4 security update (08.05.2011)

DoS против ISC bind
Опубликовано:8 мая 2011 г.
Источник:
SecurityVulns ID:11657
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ на обработке запроса RRSIG при использовании Response Policy Zones.
Затронутые продукты:BIND : bind 9.8
Оригинальный текстdocumentISC, Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones (08.05.2011)

Уязвимости безопасности в VMWare vCenter Server / vSphere Client
Опубликовано:8 мая 2011 г.
Источник:
SecurityVulns ID:11658
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах, утечка информации.
Затронутые продукты:VMWARE : ESX 4.0
 VMWARE : ESX 4.1
 VMWARE : vCenter Server 4.0
 VMWARE : vCenter Server 4.1
CVE:CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.)
 CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.)
 CVE-2011-0426 (Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.)
Оригинальный текстdocumentVMWARE, VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities (08.05.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 8 мая 2011 г.
Опубликовано:8 мая 2011 г.
Источник:
SecurityVulns ID:11654
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SILVERSTRIPE : Silverstripe CMS 2.4
 ULTRAAPPS : VCalendar 1.1
 KUBELABS : PHPDug 2.0
 EVOLUTED : PHP Directory Listing Script 3.1
 OPENCRYPT : AJAX Calendar 1.0
 BMC : BMC Remedy Knowledge Management 7.5
 OTRS : Open Ticket Request System 2.4
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2231-1] otrs2 security update (08.05.2011)
 documentProCheckUp Research, PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management (08.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22968: XSS in PHP Directory Listing Script (08.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22973: XSS in AJAX Calendar (08.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22971: XSRF (CSRF) in PHPDug (08.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22972: Multiple SQL injection vulnerabilities in PHPDug (08.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22970: Multiple XSS vulnerabilities in PHPDug (08.05.2011)
 documentHigh-Tech Bridge Security Research, HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar (08.05.2011)
 documentMustLive, Уязвимости в Silverstripe CMS (08.05.2011)

Уязвимости безопасности в ядре Linux
дополнено с 8 мая 2011 г.
Опубликовано:26 мая 2011 г.
Источник:
SecurityVulns ID:11656
Тип:удаленная
Уровень опасности:
7/10
Описание:DoS через InfiniBand, DoS через диски LDM, многочисленные DoS условия, утечка информации, повреждения памяти, переполнение буфера в IrDA, DoS через VLAN, обход аутентификации в CIFS, DoS при разборе GRE.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2011-2182 (The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017.)
 CVE-2011-2022 (The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.)
 CVE-2011-1770 (Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.)
 CVE-2011-1767 (net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.)
 CVE-2011-1759 (Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition.)
 CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.)
 CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls.)
 CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.)
 CVE-2011-1745 (Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.)
 CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.)
 CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.)
 CVE-2011-1585 (The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.)
 CVE-2011-1495 (drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.)
 CVE-2011-1494 (Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.)
 CVE-2011-1493 (Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket.)
 CVE-2011-1478 (The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.)
 CVE-2011-1477 (Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.)
 CVE-2011-1476 (Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer.)
 CVE-2011-1182 (kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.)
 CVE-2011-1180 (Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.)
 CVE-2011-1173 (The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.)
 CVE-2011-1172 (net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.)
 CVE-2011-1171 (net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.)
 CVE-2011-1170 (net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.)
 CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.)
 CVE-2011-1160 (The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors.)
 CVE-2011-1090 (The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.)
 CVE-2011-1080 (The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line.)
 CVE-2011-1079 (The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.)
 CVE-2011-1078 (The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option.)
 CVE-2011-1017 (Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.)
 CVE-2011-1016 (The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.)
 CVE-2011-0726 (The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.)
 CVE-2011-0695 (Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2240-1] linux-2.6 security update (26.05.2011)
 documentUBUNTU, [USN-1111-1] Linux kernel vulnerabilities (08.05.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород