Информационная безопасность
[RU] switch to English


Несанкционированный доступ к маршрутизаторам Asus RT
дополнено с 7 апреля 2014 г.
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:13675
Тип:удаленная
Уровень опасности:
5/10
Описание:По умолчанию разрешен полный анонимный доступ. Обход аутентификации. Межсайтовый скриптинг.
Затронутые продукты:ASUS : Asus RT-N10
 ASUS : Asus RT-N66U
 ASUS : Asus RT-AC66U
 ASUS : Asus RT-AC56U
 ASUS : Asus RT-N56U
 ASUS : Asus RT-N16
 ASUS : Asus RT-AC68U
 ASUS : Asus RT-N10U
 ASUS : Asus DSL-N55U
 ASUS : Asus RT-N15U
 ASUS : Asus RT-N53
CVE:CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.)
Оригинальный текстdocumentkingkaustubh_(at)_me.com, CVE-2015-1437 XSS In ASUS Router. (11.02.2015)
 documentkingkaustubh_(at)_me.com, Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router (02.02.2015)
 documentkingkaustubh_(at)_me.com, Reflected XSS vulnarbility in Asus RT-N10 Plus Router (02.02.2015)
 documentbuqtraq_(at)_kyber.fi, ASUS router drive-by code execution via XSS and authentication bypass (07.04.2014)
 documentkyle Lovett, ASUS RT Series Routers FTP Service - Default anonymous access (07.04.2014)

Утечка информации в libvirt
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:14260
Тип:библиотека
Уровень опасности:
5/10
Описание:Возможна манипуляция флагом VIR_DOMAIN_XML_SECURE.
Затронутые продукты:LIBVIRT : libvirt 1.2
CVE:CVE-2015-0236 (libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:035 ] libvirt (11.02.2015)

Многочисленные уязвимости в ntpd
дополнено с 23 декабря 2014 г.
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:14171
Тип:удаленная
Уровень опасности:
8/10
Описание:Обход аутентификации, переполнение буфера, утечка информации, обход ограничений.
Затронутые продукты:NTP : ntp 4.2
CVE:CVE-2014-9298 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2014-9297 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2014-9296 (The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.)
 CVE-2014-9295 (Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.)
 CVE-2014-9294 (util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.)
 CVE-2014-9293 (The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.)
Оригинальный текстdocumentUBUNTU, [USN-2497-1] NTP vulnerabilities (11.02.2015)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:31.ntp (25.12.2014)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products (25.12.2014)
 documentAPPLE, APPLE-SA-2014-12-22-1 OS X NTP Security Update (23.12.2014)
 documentDEBIAN, [SECURITY] [DSA 3108-1] ntp security update (23.12.2014)

Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:14254
Тип:удаленная
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти в Internet Explorer, повышение привилегий в ядре, выполнение кода и обход ограничений в групповых политиках, повышение привилегий при создании процессов, утечка информации при разборе TIFF.
Затронутые продукты:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2012 Server
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 7
CVE:CVE-2015-0072 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS).")
 CVE-2015-0068 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0052.)
 CVE-2015-0067 (Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2015-0066 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0040.)
 CVE-2015-0062 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability.")
 CVE-2015-0061 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability.")
 CVE-2015-0060 (The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability.")
 CVE-2015-0059 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka "TrueType Font Parsing Remote Code Execution Vulnerability.")
 CVE-2015-0058 (Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability.")
 CVE-2015-0057 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability.")
 CVE-2015-0053 (Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0045.)
 CVE-2015-0052 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0068.)
 CVE-2015-0050 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044.)
 CVE-2015-0049 (Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2015-0048 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0028.)
 CVE-2015-0046 (Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0042.)
 CVE-2015-0045 (Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0053.)
 CVE-2015-0044 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0050.)
 CVE-2015-0043 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2015-0042 (Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0046.)
 CVE-2015-0041 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0036.)
 CVE-2015-0040 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0066.)
 CVE-2015-0039 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0052, and CVE-2015-0068.)
 CVE-2015-0038 (Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0042 and CVE-2015-0046.)
 CVE-2015-0037 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0040, and CVE-2015-0066.)
 CVE-2015-0036 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0041.)
 CVE-2015-0035 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068.)
 CVE-2015-0031 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0036, and CVE-2015-0041.)
 CVE-2015-0030 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.)
 CVE-2015-0029 (Microsoft Internet Explorer 6 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2015-0028 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0048.)
 CVE-2015-0027 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0035, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068.)
 CVE-2015-0026 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.)
 CVE-2015-0025 (Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0023.)
 CVE-2015-0023 (Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0025.)
 CVE-2015-0022 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.)
 CVE-2015-0021 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2015-0020 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.)
 CVE-2015-0019 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2015-0018 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0037, CVE-2015-0040, and CVE-2015-0066.)
 CVE-2015-0017 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.)
 CVE-2015-0010 (The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707.)
 CVE-2015-0009 (The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability.")
 CVE-2015-0008 (The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability.")
 CVE-2015-0003 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability.")
 CVE-2014-8967 (Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting.)
Оригинальный текстdocumentDavid Leo, Major Internet Explorer Vulnerability - NOT Patched (11.02.2015)
 documentbhdresh_(at)_gmail.com, Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072) (11.02.2015)
Файлы: Microsoft Security Bulletin MS15-009 - Critical Security Update for Internet Explorer (3034682)
  Microsoft Security Bulletin MS15-010 - Critical Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
  Microsoft Security Bulletin MS15-011 - Critical Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
  Microsoft Security Bulletin MS15-014 - Important Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
  Microsoft Security Bulletin MS15-015 - Important Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
  Microsoft Security Bulletin MS15-016 - Important Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)

Обход ограничений в busybox
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:14262
Тип:локальная
Уровень опасности:
3/10
Описание:Обход ограничений на загрузку модулей.
Затронутые продукты:BUSYBOX : busybox 1.20
CVE:CVE-2014-9645
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:031 ] busybox (11.02.2015)

Многочисленные уязвимости безопасности в MIT Kerberos 5
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:14257
Тип:удаленная
Уровень опасности:
6/10
Описание:Утечка информации, двойное освобождение памяти.
Затронутые продукты:MIT : krb5 1.13
CVE:CVE-2014-9423 (The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.)
 CVE-2014-9422 (The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.)
 CVE-2014-9421 (The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.)
 CVE-2014-5352 (The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.)
Оригинальный текстdocumentMIT, MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token (11.02.2015)

Повышение привилегий в Microsoft Virtual Machine Manager
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:14256
Тип:локальная
Уровень опасности:
5/10
Описание:Недостаточная проверка ролей пользователя.
Затронутые продукты:MICROSOFT : System Center Virtual Machine Manager 2012
CVE:CVE-2015-0012 (Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability.")
Файлы: Microsoft Security Bulletin MS15-017 - Important Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)

Многочисленные уязвимости безопасности в PostgreSQL
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:14259
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждения памяти, утечка инфоормации, инъекция SQL.
Затронутые продукты:POSTGRES : PostgreSQL 9.1
CVE:CVE-2015-0244
 CVE-2015-0243
 CVE-2015-0241
 CVE-2014-8161
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3155-1] postgresql-9.1 security update (11.02.2015)

Многочисленные уязвимости безопасности в Microsoft Office
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:14255
Тип:удаленная
Уровень опасности:
8/10
Описание:Выполнение кода, использование памяти после освобождения.
Затронутые продукты:MICROSOFT : Office Web Apps 2010
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2013
CVE:CVE-2015-0065 (Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability.")
 CVE-2015-0064 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Office Remote Code Execution Vulnerability.")
 CVE-2015-0063 (Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability.")
 CVE-2014-6362 (Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability.")
Файлы: Microsoft Security Bulletin MS15-012 - Important Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
  Microsoft Security Bulletin MS15-013 - Important Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)

Повреждение памяти в ClamAV
Опубликовано:11 февраля 2015 г.
Источник:
SecurityVulns ID:14258
Тип:библиотека
Уровень опасности:
6/10
Затронутые продукты:CLAMAV : ClamAV 0.98
CVE:CVE-2014-9328 (ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition.")
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:042 ] clamav (11.02.2015)

Многочисленные уязвимости безопасности в PHP
дополнено с 11 февраля 2015 г.
Опубликовано:22 февраля 2015 г.
Источник:
SecurityVulns ID:14261
Тип:библиотека
Уровень опасности:
6/10
Описание:DoS в exif_process_unicode(), выполнение кода в var_unserializer.re, раскрытие информации.
Затронутые продукты:PHP : PHP 5.6
CVE:CVE-2015-1352 (The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.)
 CVE-2015-1351 (Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2015-0232 (The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.)
 CVE-2015-0231 (Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.)
 CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.)
Оригинальный текстdocumentUBUNTU, [USN-2501-1] PHP vulnerabilities (22.02.2015)
 documentMANDRIVA, [ MDVSA-2015:032 ] php (11.02.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород