Информационная безопасность
[RU] switch to English


DoS против ftpd в IBM AIX
Опубликовано:12 января 2007 г.
Источник:
SecurityVulns ID:7049
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:IBM : AIX 5.3
 IBM : 5.3
Оригинальный текстdocumentSECUNIA, [SA23688] IBM AIX ftpd Two Vulnerabilities (12.01.2007)

Проблемы символьных линков в jail rc.d в FreeBSD (symboli links)
Опубликовано:12 января 2007 г.
Источник:
SecurityVulns ID:7043
Тип:локальная
Уровень опасности:
5/10
Описание:Многочисленные условия позволяют записать файлами за пределами ограниченной среды, например через символьный линк /var/log/console.log внутри ограниченной среды.
Затронутые продукты:FREEBSD : FreeBSD 6.0
 FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
 FREEBSD : FreeBSD 6.2
CVE:CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.)
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-07:01.jail (12.01.2007)

Многочисленные уязвимости в HP OpenView Network Node Manager (multipe bugs)
Опубликовано:12 января 2007 г.
Источник:
SecurityVulns ID:7044
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможен доступ к файлам, удаленное выполнение кода.
Затронутые продукты:HP : OpenView Network Node Manager 7.50
 HP : OpenView Network Node Manager 7.01
 HP : OpenView Network Node Manager 6.4
 HP : OpenView Network Node Manager 6.41
 HP : OpenView Network Node Manager 6.20
CVE:CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.)
 CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors.)
 CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02176 SSRT051035 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code (12.01.2007)
 documentHP, [security bulletin] HPSBMA02175 SSRT061174 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Read Access to Files (12.01.2007)

Многочисленные уязвимости в F5 FirePass (multiple bugs)
Опубликовано:12 января 2007 г.
Источник:
SecurityVulns ID:7048
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход ограничений URL, межсайтовый скриптинг, обход ограничений через бесточечное представление IP-адреса, обнаружение учетной записи.
Затронутые продукты:F5 : FirePass 5.4
 F5 : FirePass 5.5
 F5 : FirePass 6.0
CVE:CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.)
 CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.)
 CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.)
 CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.)
Оригинальный текстdocumentSECUNIA, [SA23640] FirePass URL Restriction Bypass Vulnerabilities (12.01.2007)
 documentSECUNIA, [SA23627] FirePass Multiple Vulnerabilities (12.01.2007)
 documentSECUNIA, [SA23643] FirePass Cross-Site Scripting Vulnerabilities (12.01.2007)
 documentSECUNIA, [SA23626] FirePass URL Restriction Bypass (12.01.2007)

Переполнение целочисленного типа в snort (integer overflow)
Опубликовано:12 января 2007 г.
Источник:
SecurityVulns ID:7042
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение знакового типа при разборе протокола GRE.
Затронутые продукты:SNORT : snort 2.6
CVE:CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files.)
Оригинальный текстdocumentCalyptix Advisories, Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability (12.01.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:12 января 2007 г.
Источник:
SecurityVulns ID:7046
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPMYADMIN : phpmyadmin 2.7
 PHPMYADMIN : phpmyadmin 2.8
 OPENSOLUTIONS : Quick.Cart 2.0
 NWOM : Nwom topsites 3.0
 EZBOXX : Ezboxx Portal System 0.7
 DWR : Direct Web Rendering 1.1
 MOVABLETYPE : Movable Type 3.34
 AIOCP : All In One Control Panel 1.3
 FASTILO : Fastilo 2.0
 SNEWS : sNews 1.5
 LUNARPOLL : LunarPoll 1.0
 TLMCMS : TLM CMS 1.1
 ARTICLESYSTEM : Article System 0.1
 VPASP : VP-ASP Shopping Cart 6.09
CVE:CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.)
 CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.)
 CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.)
 CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers execute arbitrary PHP code via a URL in the PollDir parameter.)
 CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.)
 CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp.)
 CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.)
 CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via a invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.)
 CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.)
 CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.)
 CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.)
 CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.)
 CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.)
 CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.)
 CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information,)
 CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.)
 CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.)
 CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.)
 CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.)
 CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.)
Оригинальный текстdocumentajannhwt_(at)_hotmail.com, Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities (12.01.2007)
 documentDr Max Virus, Article System 0.1 (INCLUDE_DIR) Remote File Include Vulnerabilities (12.01.2007)
 documentGolD_M, TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability (12.01.2007)
 documentilkerKandemir_(at)_mynet.com, LunarPoll 1.0 (show.php PollDir) Remote File Include Vulnerability (12.01.2007)
 documentSECUNIA, [SA23738] Quick.Cart "p" Cross-Site Scripting Vulnerability (12.01.2007)
 documentSECUNIA, [SA23733] Fastilo "p" Cross-Site Scripting Vulnerability (12.01.2007)
 documentSECUNIA, [SA23726] All In One Control Panel "download_category" SQL Injection (12.01.2007)
 documentSECUNIA, [SA23662] Cuyahoga FCKEditor Security Bypass Issue (12.01.2007)
 documentSECUNIA, [SA23669] Movable Type "nofollow" Plugin Comment Script Insertion (12.01.2007)
 documentSECUNIA, [SA23656] b2evolution "redirect_to" HTML Attribute Cross-Site Scripting (12.01.2007)
 documentalfa_(at)_virtuax.be, xss in phpmyadmin <= 2.8.1 (12.01.2007)
 documentInfo_(at)_BugSec.com, Ezboxx multiple vulnerabilities. (12.01.2007)
 documentilkerKandemir_(at)_mynet.com, LunarPoll (PollDir) Remote File Include Vulnerabilities (12.01.2007)
 documentluny_(at)_youfucktard.com, Nwom topsites v3.0 (12.01.2007)
 documenthackerbinhphuoc_(at)_yahoo.com, easy-content filemanager (12.01.2007)
Файлы:sNews <= 1.5.30 unauthorized access / reset admin pass / cmd exec exploit

DoS против rpcbind в Sun Solaris
Опубликовано:12 января 2007 г.
Источник:
SecurityVulns ID:7047
Тип:удаленная
Уровень опасности:
6/10
Затронутые продукты:ORACLE : Solaris 8
 ORACLE : Solaris 9
CVE:CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.)
Оригинальный текстdocumentSECUNIA, [SA23700] Sun Solaris rpcbind Denial of Service (12.01.2007)

Повышение привилегий через grsecurity (privilege escalation)
дополнено с 12 января 2007 г.
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7045
Тип:локальная
Уровень опасности:
7/10
Описание:Повышение привилегий через expand_stack().
Затронутые продукты:GRSECURITY : grsecurity 2.1
CVE:CVE-2007-0257 (** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.)
 CVE-2007-0253 (** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.)
Оригинальный текстdocumentinfo_(at)_digitalarmaments.com, Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability (20.01.2007)
 documentinfo_(at)_digitalarmaments.com, Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability (12.01.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород