Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в libxml
Опубликовано:11 августа 2009 г.
Источник:
SecurityVulns ID:10136
Тип:библиотека
Уровень опасности:
6/10
Описание:Использование освобожденной памяти, исчерпание (переполнение) стека.
Затронутые продукты:LIBXML : libxml 2.6
CVE:CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.)
 CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1859-1] New libxml2 packages fix several issues (11.08.2009)

Многочисленные уязвимости безопасности в OpenJDK
Опубликовано:11 августа 2009 г.
Источник:
SecurityVulns ID:10137
Тип:библиотека
Уровень опасности:
8/10
Описание:Утечка информации, выход за пределы ограниченной среды, многочисленные повреждения памяти.
Затронутые продукты:OPENJDK : OpenJDK 6.0
CVE:CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.)
 CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.)
 CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.)
 CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.)
 CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.)
 CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.)
 CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.)
 CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.)
 CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.)
 CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.)
 CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.)
 CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.)
Оригинальный текстdocumentUBUNTU, [USN-814-1] openjdk-6 vulnerabilities (11.08.2009)

DoS через ttrace в HP-UX
Опубликовано:11 августа 2009 г.
Источник:
SecurityVulns ID:10138
Тип:библиотека
Уровень опасности:
5/10
Описание:Реализация ttrace позволяет вызвать отказ в обслуживании.
Затронутые продукты:HP : HP-UX 11.31
CVE:CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02450 SSRT090141 rev1 - HP-UX ttrace(2), Local Denial of Service (DoS) (11.08.2009)

DoS против Microsoft ASP.NET
Опубликовано:11 августа 2009 г.
Источник:
SecurityVulns ID:10140
Тип:удаленная
Уровень опасности:
6/10
Затронутые продукты:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-036 - Important Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) (11.08.2009)

Повреждения памяти при воспроизведении медиа-файлов в Microsoft Windows
Опубликовано:11 августа 2009 г.
Источник:
SecurityVulns ID:10141
Тип:библиотека
Уровень опасности:
8/10
Описание:Повреждения памяти и целочисленные переполнения при разборе AVI.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability.")
 CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-038 - Critical Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557) (11.08.2009)
Файлы:Microsoft Security Bulletin MS09-038 - Critical Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)

Релеинг NTLM-аутентификации в Microsoft telnet
Опубликовано:11 августа 2009 г.
Источник:
SecurityVulns ID:10145
Тип:m-i-t-m
Уровень опасности:
4/10
Описание:Возможна атака релеинга против NTLM-аутентификации клиента telnet.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.)
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-042 - Important Vulnerability in Telnet Could Allow Remote Code Execution (960859) (11.08.2009)
Файлы:Microsoft Security Bulletin MS09-042 - Important Vulnerability in Telnet Could Allow Remote Code Execution (960859)

Многочисленные уязвимости безопасности в Microsoft WINS
дополнено с 11 августа 2009 г.
Опубликовано:12 августа 2009 г.
Источник:
SecurityVulns ID:10142
Тип:удаленная
Уровень опасности:
7/10
Описание:Целочисленное переполнение, переполнение буфера динамической памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability.")
 CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-09-053: Microsoft Windows WINS Service Heap Overflow Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883) (11.08.2009)
Файлы:Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

Повышение привилегий через службу MSMQ (очереди сообщений) Microsoft Windows
дополнено с 11 августа 2009 г.
Опубликовано:12 августа 2009 г.
Источник:
SecurityVulns ID:10143
Тип:локальная
Уровень опасности:
6/10
Описание:Отказ в службе дает возможность перехвата именованного канала.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability.")
Оригинальный текстdocumentValery Marchuk, [PT-2008-09] Microsoft Windows MSMQ Privilege Escalation Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-040 - Important Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) (11.08.2009)
Файлы:Microsoft Security Bulletin MS09-040 - Important Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

Повреждение памяти в службе рабочей станции Microsoft Windows
дополнено с 11 августа 2009 г.
Опубликовано:12 августа 2009 г.
Источник:
SecurityVulns ID:10144
Тип:локальная
Уровень опасности:
6/10
Описание:Повреждение памяти при разборе сообщений RPC.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability.")
Оригинальный текстdocumentDVLabs, TPTI-09-06: Microsoft Windows Workstation Service NetrGetJoinInformation Heap Corruption Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-041 - Important Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657) (11.08.2009)
Файлы:Microsoft Security Bulletin MS09-041 - Important Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)

Многочисленные уязвимости в клиенте Microsoft RDP
дополнено с 11 августа 2009 г.
Опубликовано:12 августа 2009 г.
Источник:
SecurityVulns ID:10146
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждение памяти в элементе ActiveX, повреждение памяти при обработке ответа сервера.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Remote Desktop Connection Client for Mac 2.0
CVE:CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability.")
 CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-09-057: Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-044 - Critical Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) (11.08.2009)
Файлы:Microsoft Security Bulletin MS09-044 - Critical Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

DoS через SIP в Asterisk
дополнено с 11 августа 2009 г.
Опубликовано:17 августа 2009 г.
Источник:
SecurityVulns ID:10139
Тип:удаленная
Уровень опасности:
6/10
Описание:Исчерпание (переполнение) стека при обработке SIP.
Затронутые продукты:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
CVE:CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.)
Оригинальный текстdocumentMu Dynamics Research Team, Multiple sscanf vulnerabilities in Asterisk [MU-200908-01] (17.08.2009)
 documentASTERISK, AST-2009-005: Remote Crash Vulnerability in SIP channel driver (11.08.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород