Информационная безопасность
[RU] switch to English


Повышение привилегий через драйверы сетевых адаптеров Intel (privilege escalation)
Опубликовано:8 декабря 2006 г.
Источник:
SecurityVulns ID:6900
Тип:локальная
Уровень опасности:
7/10
Описание:Переполнение буфера при обработке NDIS-запроса IOCTL_NDIS_QUERY_SELECTED_STATS.
Затронутые продукты:INTEL : Intel PRO 10/100
 INTEL : Intel PRO/1000
 INTEL : Intel PRO/1000 PC
 INTEL : Intel PRO/10GbE
Оригинальный текстdocumentEEYE, EEYE: Intel Network Adapter Driver Local Privilege Escalation (08.12.2006)

Переполнение буфера в l2tpns (buffer overflow)
Опубликовано:8 декабря 2006 г.
Источник:
SecurityVulns ID:6901
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:L2TPNS : l2tpns 2.0
 L2TPNS : l2tpns 2.1
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA-1230-1] new l2tpns packages fix buffer overflow (08.12.2006)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:8 декабря 2006 г.
Источник:
SecurityVulns ID:6902
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPBB : phpBB 2.0
 PHPADSNEW : phpAdsNew 2.0
Оригинальный текстdocumentifx_(at)_cupu.us, Midicart vulerable (08.12.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] cPanel 11 pops.html Cross-Site Scripting (08.12.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] CentOS 4.2 i686 - WHM X v3.1.0 Cross-Site Scripting (08.12.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] cPanel BoxTrapper Cross Site Scripting (08.12.2006)
 documentMeftun_(at)_MeftunNet.Com, DUdirectory Admin Panel SQL Injection (08.12.2006)
 documentlaurent gaffié, phpbb 2.0.x [xss] (08.12.2006)
Файлы:phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit

Переполнение буфера в madwifi (buffer overflow)
Опубликовано:8 декабря 2006 г.
Источник:
SecurityVulns ID:6904
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при обработке SIOCGIWSCAN в драйвере Atheros.
Затронутые продукты:MADWIFI : Madwifi 0.9
CVE:CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.)
Оригинальный текстdocumentTyop?, [Full-disclosure] [Madwifi] Madwifi SIOCGIWSCAN buffer overflow // France Telecom (08.12.2006)
Файлы:madwifi WPA/RSN IE remote kernel buffer overflow

DoS против ClamAV antivirus
дополнено с 8 декабря 2006 г.
Опубликовано:10 декабря 2006 г.
Источник:
SecurityVulns ID:6899
Тип:удаленная
Уровень опасности:
5/10
Описание:Высокая вложенность MIME-частей приводит к отказу антивируса.
Затронутые продукты:CLAMAV : ClamAV 0.88
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1232-1] New clamav packages fix denial of service (10.12.2006)
 documentTomasz Kojm, Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass (08.12.2006)
 document3APA3A, Re[2]: Multiple Vendor Unusual MIME Encoding Content Filter Bypass (08.12.2006)
 documentHendrik Weimer, Multiple Vendor Unusual MIME Encoding Content Filter Bypass (08.12.2006)

Переполнение буфера в Brightstor ArcServe Backup (buffer overflow)
дополнено с 8 декабря 2006 г.
Опубликовано:1 апреля 2007 г.
Источник:
SecurityVulns ID:6903
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера в службе обнаружения, в службе управления носителями, подсистеме обмена сообщениями.
Затронутые продукты:CA : Brightstor ARCserve Backup 11.1
 CA : BrightStor ARCserve Backup 10.5
 CA : BrightStor ARCserve Backup 9.01
 CA : Brightstor ARCserve Backup 11.5
 CA : CA Server Protection Suite 2
CVE:CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.)
 CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.)
 CVE-2007-14478
 CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076.)
 CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.)
 CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.)
 CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.)
 CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.)
 CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.)
 CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.)
 CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.)
 CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.)
 CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.)
 CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.)
Оригинальный текстdocumentCA, CA BrightStor ARCserve Backup Mediasvr.exe vulnerability (01.04.2007)
 documentM. Shirk, CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability (30.03.2007)
 documentWINNY THOMAS, ARCserve msgeng.exe buffer overflow exploit (win2k SP4) (17.03.2007)
 documentWINNY THOMAS, ARCserve msgeng.exe buffer overflow exploit (win2k SP4) (17.03.2007)
 documentCA, [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities (17.03.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Resource Exhaustion CA Mobile BackupService (01.02.2007)
 documentNGS Software Insight Security Research, Remote DOS BrightStor ARCserve Backup for Laptops & Desktops (01.02.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops (01.02.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup (01.02.2007)
 documentCA, [Full-disclosure] [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities (24.01.2007)
 documentCA, [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities (12.01.2007)
 documentadvisories_(at)_lssec.com, LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability (12.01.2007)
 documentZDI, ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability (12.01.2007)
 documentZDI, ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability (12.01.2007)
 documentZDI, ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability (12.01.2007)
 documentadvisories_(at)_lssec.com, LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability (09.12.2006)
 documentadvisories_(at)_lssec.com, LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability (09.12.2006)
 documentCA, [CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability (08.12.2006)
Файлы:Remote exploit for CA brightstor tapeeng (win2k SP4)
 CA brightstor msgeng.exe heap overflow exploit (win2k SP0)
 Remote exploit for the CA BrightStor Arcserve stack overflow as
 ARCserve msgeng.exe buffer overflow exploit (win2k SP4)
 Computer Associates (CA) Brightstor Backup Mediasvr.exe Remote Code Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород