Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Wireshark
дополнено с 24 февраля 2013 г.
Опубликовано:10 марта 2013 г.
Источник:
SecurityVulns ID:12907
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные уязвимости при разборе протоколов CLNP, DTLS, DCP-ETSI, NTLMSSP и многих других.
Затронутые продукты:WIRESHARK : Wireshark 1.6
 WIRESHARK : Wireshark 1.8
CVE:CVE-2013-2488 (The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.)
 CVE-2013-2485 (The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2013-2484 (The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-2483 (The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.)
 CVE-2013-2482 (The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2013-2481 (Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value.)
 CVE-2013-2480 (The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-2478 (The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.)
 CVE-2013-1590 (Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-1589 (Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-1588 (Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-1586 (The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-1585 (epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-1584 (The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-1583 (The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-1582 (The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet.)
 CVE-2013-1581 (The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet.)
 CVE-2013-1580 (The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2013-1579 (The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2013-1578 (The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet.)
 CVE-2013-1577 (The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2013-1576 (The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2013-1575 (The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2013-1574 (The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2013-1573 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2013-1572 (The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.)
 CVE-2012-3548 (The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:020 ] wireshark (10.03.2013)
 documentDEBIAN, [SECURITY] [DSA 2625-1] wireshark security update (24.02.2013)

Обход защиты в sudo
дополнено с 2 марта 2013 г.
Опубликовано:10 марта 2013 г.
Источник:
SecurityVulns ID:12913
Тип:локальная
Уровень опасности:
5/10
Описание:Возможно обойти запрос пароля через манипуляцию с таймстампами, при некоторых условиях возможен перехват идентификатора сеанса.
Затронутые продукты:SUDO : sudo 1.8
CVE:CVE-2013-1776 (sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.)
 CVE-2013-1775 (sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.)
Оригинальный текстdocumentUBUNTU, [USN-1754-1] Sudo vulnerability (02.03.2013)

Утечка памяти в perl
Опубликовано:10 марта 2013 г.
Источник:
SecurityVulns ID:12926
Тип:библиотека
Уровень опасности:
6/10
Описание:Утечка памяти при работе с хэш-таблицами.
Затронутые продукты:PERL : perl 5.14
CVE:CVE-2013-1667 (The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2641-1] perl security update (10.03.2013)

Уязвимости безопасности в squid
Опубликовано:10 марта 2013 г.
Источник:
SecurityVulns ID:12927
Тип:удаленная
Уровень опасности:
6/10
Описание:DoS через исчерпание ресурсов, повреждение памяти.
Затронутые продукты:SQUID : squid 3.2
CVE:CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.)
Оригинальный текстdocumenttytusromekiatomek_(at)_hushmail.com, Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption. (10.03.2013)
 documenttytusromekiatomek_(at)_hushmail.com, Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc (10.03.2013)
 documentKurt Seifried, Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc (10.03.2013)

DoS против Corel Quattro Pro
Опубликовано:10 марта 2013 г.
Источник:
SecurityVulns ID:12928
Тип:локальная
Уровень опасности:
4/10
Описание:Обращения по нулевому указателю при разборе файлов QPW.
Затронутые продукты:COREL : Quattro Pro X6
CVE:CVE-2012-4728 (The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file.)
Оригинальный текстdocumentHigh-Tech Bridge Security Research, Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6 (10.03.2013)

Обращение к неинициализированной памяти в Corel WordPerfect
Опубликовано:10 марта 2013 г.
Источник:
SecurityVulns ID:12929
Тип:локальная
Уровень опасности:
5/10
Описание:Обращение по контролируемому указателю при разборе WPD.
CVE:CVE-2012-4900
Оригинальный текстdocumentHigh-Tech Bridge Security Research, Untrusted Pointer Dereference Vulnerability in Corel WordPerfect X6 (10.03.2013)

Использование памяти после освобождения в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 10 марта 2013 г.
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12925
Тип:клиент
Уровень опасности:
5/10
Описание:Use-after-free в HTML-редакторе.
Затронутые продукты:MOZILLA : Thunderbird 17.0
 MOZILLA : Firefox ESR 17.0
 MOZILLA : Firefox 19.0
 MOZILLA : SeaMonkey 2.16
CVE:CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) (24.03.2013)
Файлы:Mozilla Foundation Security Advisory 2013-29

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород