Информационная безопасность
[RU] switch to English


Целочисленное переполнение в ImageMagick
Опубликовано:9 июня 2009 г.
Источник:
SecurityVulns ID:9971
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждение памяти при обработке размерностей TIFF.
Затронутые продукты:IMAGEMAGICK : ImageMagick 6.5
CVE:CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentUBUNTU, [USN-784-1] ImageMagick vulnerability (09.06.2009)

Обратный путь в каталогах Rasterbar / libtorrent / firetorrent / qBittorrent / deluge Torrent
Опубликовано:9 июня 2009 г.
Источник:
SecurityVulns ID:9973
Тип:библиотека
Уровень опасности:
6/10
Описание:Обратный путь в каталогах при обработке .torrent-файлов.
Затронутые продукты:LIBTORRENT : libtorrent 0.14
CVE:CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.)
Оригинальный текстdocumentDimitris Glynos, Rasterbar libtorrent arbitrary file overwrite vulnerability (09.06.2009)

Утечка информации в eCryptfs
Опубликовано:9 июня 2009 г.
Источник:
SecurityVulns ID:9974
Тип:удаленная
Уровень опасности:
5/10
Описание:Ключевая фраза может быть сохранена в журнале установки.
Затронутые продукты:ECRYPTFS : ecryptfs-utils 73
CVE:CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.)
Оригинальный текстdocumentUBUNTU, [USN-783-1] eCryptfs vulnerability (09.06.2009)

Обход аутентификации WebDAV в Microsoft IIS
Опубликовано:9 июня 2009 г.
Источник:
SecurityVulns ID:9977
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможен анонимный доступ к ресурсам, требующим аутентифкацию.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.)
 CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.)
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) (09.06.2009)
Файлы:Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)

Переполнение буфера в библиотеке libpurple / Pidgin
дополнено с 1 сентября 2008 г.
Опубликовано:9 июня 2009 г.
Источник:
SecurityVulns ID:9250
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе SLP-сообщений протокола MSN.
Затронутые продукты:PIDGIN : Pidgin 2.4
CVE:CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.)
 CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.)
Оригинальный текстdocumentZDI, ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (09.06.2009)
 documentZDI, ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (01.09.2008)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 9 июня 2009 г.
Опубликовано:11 июня 2009 г.
Источник:
SecurityVulns ID:9976
Тип:клиент
Уровень опасности:
8/10
Описание:Межсайтовый доступ, многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability.")
 CVE-2009-1531 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2009-1530 (Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2009-1529 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-1528 (Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability.")
 CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability.")
 CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability.")
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0826 - Internet Explorer Security Zone restrictions bypass (11.06.2009)
 documentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability (11.06.2009)
 documentZDI, ZDI-09-038: Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability (11.06.2009)
 documentZDI, ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability (11.06.2009)
 documentZDI, ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability (11.06.2009)
 documentZDI, ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability (11.06.2009)
 documentZDI, ZDI-09-036: Microsoft Internet Explorer setCapture Memory Corruption Vulnerability (11.06.2009)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [Full-disclosure] CORE-2008-0826 - Internet Explorer Security Zone restrictions bypass (10.06.2009)
Файлы:Microsoft Security Bulletin MS09-019 - Critical Cumulative Security Update for Internet Explorer (969897)

Многочисленные уязвимости безопасности в Microsoft Active Directory
дополнено с 9 июня 2009 г.
Опубликовано:14 июня 2009 г.
Источник:
SecurityVulns ID:9975
Тип:удаленная
Уровень опасности:
7/10
Описание:Двойное освобождение памяти, утечки памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability.")
 CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 06.11.09: Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability (14.06.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) (09.06.2009)
Файлы:Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

Многочисленные уязвимости безопасности в WebKit / Apple Safari
дополнено с 9 июня 2009 г.
Опубликовано:23 июня 2009 г.
Источник:
SecurityVulns ID:9972
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти, доступ к локальным файлам.
CVE:CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches.")
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.)
 CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.)
 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers.")
 CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.)
Оригинальный текстdocumentsecurity_(at)_nruns.com, n.runs-SA-2009.006 - Apple Safari - Null pointer dereference (23.06.2009)
 documentsecurity_(at)_nruns.com, n.runs-SA-2009.005 - Apple Safari - Information disclosure (23.06.2009)
 documentNetragard Security Advisories, [Full-disclosure] [NETRAGARD SECURITY ADVISORY] [< Safari 3.2.3 Arbitrary Code Execution + PoC ][NETRAGARD-20090622] (22.06.2009)
 documentThierry Zoller, [TZO-37-2009] Apple Safari <v4 Remote code execution (16.06.2009)
 documentThierry Zoller, [TZO-36-2009] Apple Safari & Quicktime Denial of Service (16.06.2009)
 documentIDEFENSE, iDefense Security Advisory 06.11.09: Multiple Vendor WebKit Error Handling Use After Free Vulnerability (14.06.2009)
 documentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability (11.06.2009)
 documentChris Evans, Apple Safari cross-domain XML theft vulnerability (10.06.2009)
 documentChris Evans, Apple Safari local file theft vulnerability (09.06.2009)
 documentZDI, ZDI-09-034: Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability (09.06.2009)
 documentZDI, ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (09.06.2009)
 documentZDI, ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability (09.06.2009)
Файлы: Safari 3.2.3 Arbitrary Code Execution PoC

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород