Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple Safari / Webkit
Опубликовано:10 мая 2015 г.
Источник:
SecurityVulns ID:14452
Тип:библиотека
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, доступ к файлам, подмена интерфейса.
Затронутые продукты:APPLE : Safari 8.0
 APPLE : Safari 6.2
 APPLE : Safari 7.1
CVE:CVE-2015-1156 (The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.)
 CVE-2015-1155 (The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.)
 CVE-2015-1154 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.)
 CVE-2015-1153 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.)
 CVE-2015-1152 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 (10.05.2015)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 5 мая 2015 г.
Опубликовано:10 мая 2015 г.
Источник:
SecurityVulns ID:14436
Тип:библиотека
Уровень опасности:
6/10
Описание:DoS, повышение привилегий, обход защиты.
Затронутые продукты:XEN : xen 3.3
 LINUX : kernel 3.19
CVE:CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.)
 CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.)
 CVE-2015-3331 (The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.)
 CVE-2015-2922 (The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.)
 CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.)
 CVE-2015-2666 (Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.)
 CVE-2015-2150 (Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.)
 CVE-2014-9715 (include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.)
 CVE-2014-9710 (The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.)
Оригинальный текстdocumentUBUNTU, [USN-2597-2] Linux kernel (Trusty HWE) regression (10.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3237-1] linux security update (05.05.2015)
 documentHector Marco, AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5% (05.05.2015)
 documentHector Marco, Linux ASLR mmap weakness: Reducing entropy by half (05.05.2015)
 documentUBUNTU, [USN-2583-1] Linux kernel vulnerability (05.05.2015)
 documentUBUNTU, [USN-2590-1] Linux kernel vulnerabilities (05.05.2015)

Переполнение буфера в libtasn1
Опубликовано:10 мая 2015 г.
Источник:
SecurityVulns ID:14451
Тип:библиотека
Уровень опасности:
8/10
Описание:Переполнение буфера динамической памяти при декодировании DER.
Затронутые продукты:LIBTASN1 : libtasn1 3.6
CVE:CVE-2015-3622 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:232 ] libtasn1 (10.05.2015)

Обход аутентификации в антивирусных продуктах BullGuard
дополнено с 10 мая 2015 г.
Опубликовано:11 мая 2015 г.
Источник:
SecurityVulns ID:14453
Тип:локальная
Уровень опасности:
6/10
Описание:Ограничения доступа проверяются в клиентском приложении.
Оригинальный текстdocumentmatthias.deeg_(at)_syss.de, [SYSS-2015-019] BullGuard Antivirus - Authentication Bypass (10.05.2015)
 documentmatthias.deeg_(at)_syss.de, [SYSS-2015-018] BullGuard Premium Protection - Authentication Bypass (10.05.2015)
 documentmatthias.deeg_(at)_syss.de, [SYSS-2015-017] BullGuard Internet Security - Authentication Bypass (10.05.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород