Информационная безопасность
[RU] switch to English


Повышение привилегий через U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR)
дополнено с 4 декабря 2009 г.
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10441
Тип:локальная
Уровень опасности:
5/10
Описание:Программа запускает все найденные в системе исполняемые файлы с определенными именами.
Оригинальный текстdocumentFrank Stuart, UPDATE: DISA Unix SRR root compromise / CVE-2009-4211 / VU#433821 (09.12.2009)
 documentFrank Stuart, U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) root compromise / VU#433821 (04.12.2009)

DoS против HP OpenView Data Protector Application Recovery Manager
дополнено с 8 декабря 2009 г.
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10446
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : OpenView Data Protector Application Recovery Manager 6.0
 HP : OpenView Data Protector Application Recovery Manager 5.50
CVE:CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.)
Оригинальный текстdocumentZDI, ZDI-09-091: Hewlett-Packard Application Recovery Manager MSG_PROTOCOL Stack Overflow Vulnerability (09.12.2009)
 documentHP, [security bulletin] HPSBMA02481 SSRT090113 rev.1 - HP OpenView Data Protector Application Recovery Manager, Remote Denial (08.12.2009)

Подмена диалогового окна в Mozilla Firefox
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10449
Тип:клиент
Уровень опасности:
4/10
Описание:Некорректное отображение URL запроса.
CVE:CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.)
 CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.)
Оригинальный текстdocumenttcphttp, Mozilla Firefox JavaScript Prompt Spoofing Weakness (09.12.2009)

DoS против в Microsoft Windows
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10450
Тип:удаленная
Уровень опасности:
7/10
Описание:Отказ в LSASS при разборе сообщения IPSec ISAKMP.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-069 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) (09.12.2009)
Файлы:Microsoft Security Bulletin MS09-069 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

Многочисленные уязвимости безопасности Microsoft Windows Active Directory Federation Service
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10451
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода, перехват сеанса.
Затронутые продукты:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability.")
 CVE-2009-2508 (The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-070 - Important Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) (09.12.2009)
Файлы:Microsoft Security Bulletin MS09-070 - Important Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

Многочисленные уязвимости безопасности в Microsoft Internet Authentication Service
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10452
Тип:удаленная
Уровень опасности:
7/10
Описание:Обход аутентификации MS-CHAP, повреждение памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability.")
 CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-071 - Critical Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) (09.12.2009)
Файлы:Microsoft Security Bulletin MS09-071 - Critical Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)

Повреждение памяти в Microsoft Project
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10455
Тип:клиент
Уровень опасности:
6/10
Описание:Повреждение памяти при разборе файлов Microsoft Project.
Затронутые продукты:MICROSOFT : Project 2000
 MICROSOFT : Project 2002
 MICROSOFT : Project 2003
CVE:CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability.")
Оригинальный текстdocumentliubing, Fortinet Advisory: Fortinet Discovers Microsoft Office Project Vulnerability (09.12.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-074 - Critical Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) (09.12.2009)
Файлы:Microsoft Security Bulletin MS09-074 - Critical Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)

Многочисленные уязвимости безопасности в Adobe Flash Player
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10457
Тип:удаленная
Уровень опасности:
8/10
Описание:Переполнение буфера при разборе JPEG, целочисленное переполнение при выполнении ActionScript.
Затронутые продукты:ADOBE : Flash Player 10.0
 ADOBE : AIR 1.5
CVE:CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.)
 CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers.")
 CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.)
 CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.)
 CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability.")
 CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.)
Оригинальный текстdocumentADOBE, ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability (09.12.2009)
Файлы:Adobe - Security Bulletin APSB09-19 Security Advisory for Adobe Flash Player

DoS против сервера ntp
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10458
Тип:удаленная
Уровень опасности:
5/10
Описание:Пакет NTP с подмененного обратного адреса самого сервера приводит к исчерпанию ресурсов.
Затронутые продукты:NTP : ntp 4.2
CVE:CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.)
Оригинальный текстdocumentUBUNTU, [USN-867-1] Ntp vulnerability (09.12.2009)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:9 декабря 2009 г.
Источник:
SecurityVulns ID:10459
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPSHOP : PHPShop 0.8
 INVISION : Invision Power Board 3.0
 PIWIK : Piwik 0.4
 PHPIDS : PHPIDS 0.6
Оригинальный текстdocumentStefan Esser, Advisory 02/2009: PHPIDS Unserialize() Vulnerability (09.12.2009)
 documentStefan Esser, Advisory 03/2009: Piwik Cookie unserialize() Vulnerability (09.12.2009)
 documentBogdan Calin, Zen Cart local file disclosure vulnerability (09.12.2009)
 documentXacker, IPB v2.x up to 3.0.4 XSS vulnerability (09.12.2009)
 documentAndrea Fabrizi, PhpShop Multiple Vulnerabilities (09.12.2009)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 9 декабря 2009 г.
Опубликовано:10 декабря 2009 г.
Источник:
SecurityVulns ID:10453
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, выполнение кода.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.)
 CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.)
 CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.)
 CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 12.08.09: Microsoft Internet Explorer HTML Layout Engine Uninitialized Memory Vulnerability (10.12.2009)
 documentZDI, ZDI-09-088: Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability (09.12.2009)
 documentZDI, ZDI-09-087: Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability (09.12.2009)
 documentZDI, ZDI-09-086: Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability (09.12.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325) (09.12.2009)
Файлы:Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325)

Повреждение памяти в Microsoft Wordpad / Office Text Converters
дополнено с 9 декабря 2009 г.
Опубликовано:10 декабря 2009 г.
Источник:
SecurityVulns ID:10454
Тип:клиент
Уровень опасности:
6/10
Описание:Повреждение памяти при обработке документов Office 97
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Office XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Office 2003
CVE:CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 12.08.09: Microsoft WordPad Word97 Converter Integer Overflow Vulnerability (10.12.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) (09.12.2009)
Файлы:Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

Многочисленные уязвимости безопасности в кодеках Intel Indeo в Microsoft Windows
дополнено с 9 декабря 2009 г.
Опубликовано:10 декабря 2009 г.
Источник:
SecurityVulns ID:10456
Тип:библиотека
Уровень опасности:
8/10
Описание:Многочисленные уязвимости при разборе видео файлов.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 12.08.09: Microsoft Windows Indeo32 Codec Parsing Heap Corruption Vulnerability (10.12.2009)
 documentMICROSOFT, Microsoft Security Advisory (954157) Security Enhancements for the Indeo Codec (09.12.2009)
 documentliubing, Fortinet Advisory: Fortinet Discovers Vulnerability in Indeo Codec (09.12.2009)
 documentZDI, ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-089: Microsoft Windows Intel Indeo Codec Parsing Heap Overflow Vulnerability (09.12.2009)
Файлы:Microsoft Security Advisory (954157) Security Enhancements for the Indeo Codec

Многочисленные уязвимости безопасности в HP OpenView NNM
дополнено с 9 декабря 2009 г.
Опубликовано:10 декабря 2009 г.
Источник:
SecurityVulns ID:10460
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости в различных CGI.
Затронутые продукты:HP : OpenView Network Node Manager 7.51
CVE:CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.)
 CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.)
 CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.)
 CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.)
 CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.)
 CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.)
 CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.)
 CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.)
 CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.)
 CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.)
 CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (10.12.2009)
 documentZDI, TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability (10.12.2009)
 documentZDI, TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability (09.12.2009)
 documentZDI, TPTI-09-10: HP OpenView NNM webappmon.exe CGI Host Header Buffer Overflow Vulnerability (09.12.2009)
 documentZDI, TPTI-09-09: HP OpenView NNM ovsessionmgr.exe userid/passwd Heap Overflow Vulnerability (09.12.2009)
 documentZDI, TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-096: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities (09.12.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород