Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в HP OpenView Network Node Manage
Опубликовано:12 мая 2010 г.
Источник:
SecurityVulns ID:10827
Тип:удаленная
Уровень опасности:
5/10
Описание:Уязвимости во многих CGI-приложениях.
Затронутые продукты:HP : OpenView Network Node Manager 7.53
CVE:CVE-2010-1555 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.)
 CVE-2010-1554 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.)
 CVE-2010-1553 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.)
 CVE-2010-1552 (Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.)
 CVE-2010-1551 (Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter.)
 CVE-2010-1550 (Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter.)
Оригинальный текстdocumentZDI, ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-085: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-084: HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-081: HP OpenView NNM ovet_demandpoll sel CGI Variable Format String Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability (12.05.2010)
 documentHP, [security bulletin] HPSBMA02527 SSRT010098 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (12.05.2010)

Новая разновидность локальных проблем в NT - TOCTOU (Time-Of-Check-to-Time-Of-Use race conditions)
дополнено с 3 января 2004 г.
Опубликовано:12 мая 2010 г.
Источник:
SecurityVulns ID:3342
Тип:локальная
Уровень опасности:
6/10
Описание:При использовании службами хуков для проверки аргументов системных вызовов, возможны кратковременные условия, когда вызывающее приложение может поменять аргументы вызова после проверки, но до выполнения вызова.
Оригинальный текстdocumentMatousec - Transparent security Research, KHOBE - 8.0 earthquake for Windows desktop security software (12.05.2010)
 documentAndrey Kolishak, TOCTOU with NT System Service Hooking (03.01.2004)

Переполнение буфера в Ghostscript
дополнено с 12 мая 2010 г.
Опубликовано:18 мая 2010 г.
Источник:
SecurityVulns ID:10829
Тип:библиотека
Уровень опасности:
6/10
Описание:Несколько переполнений буфера.
Затронутые продукты:GHOSTSCRIPT : Ghostscript 8.64
 GHOSTSCRIPT : Ghostscript 8.70
CVE:CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.)
Оригинальный текстdocumentRodrigo Branco, GhostScript Vulnerability Clarification - CVE-2010-1869 (18.05.2010)
 documentDan Rosenberg, Multiple memory corruption vulnerabilities in Ghostscript (12.05.2010)
Файлы:GhostScript 8.70 exploit for FreeBSD 8.0
 GhostScript 8.70 PoC

Многочисленные уязвимости безопасности в Adobe Shockwave
дополнено с 12 мая 2010 г.
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10828
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные переполнения буфера, целочисленные переполнения, повреждения памяти, выполнение кода.
Затронутые продукты:ADOBE : Shockwave Player 11.5
CVE:CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.)
 CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.)
 CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.)
 CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.)
 CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.)
 CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.)
 CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.)
 CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.)
 CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.)
 CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.)
 CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.)
 CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.)
 CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.)
 CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.)
 CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.)
 CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.)
 CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.)
Оригинальный текстdocumentmac68k_(at)_gmail.com, [Kil13r-SA-20100513] Adobe Flash Player 10.0 Denial Of Service Vulnerability (21.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption (12.05.2010)
 documentIDEFENSE, iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite (12.05.2010)
 documentADOBE, Security update available for Shockwave Player (12.05.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0405] Adobe Director Invalid Read (12.05.2010)
 documentZDI, ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability (12.05.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород