Информационная безопасность
[RU] switch to English


DoS против ntpd
Опубликовано:13 июля 2015 г.
Источник:
SecurityVulns ID:14575
Тип:удаленная
Уровень опасности:
5/10
Описание:При определенных условиях возможен отказ приложения.
Затронутые продукты:NTP : ntp 4.2
CVE:CVE-2015-5146
Оригинальный текстdocumentSLACKWARE, [slackware-security] ntp (SSA:2015-188-03) (13.07.2015)

DoS против pdns recursor
Опубликовано:13 июля 2015 г.
Источник:
SecurityVulns ID:14576
Тип:удаленная
Уровень опасности:
5/10
Описание:Исчерпание процессора и отказ при обработке записей ссылающихся на самих себя.
Затронутые продукты:POWERDNS : PowerDNS recursor 3.7
CVE:CVE-2015-1868 (The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3306-1] pdns security update (13.07.2015)

Переполнение буфера в cups-filters
Опубликовано:13 июля 2015 г.
Источник:
SecurityVulns ID:14577
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнения буфера в texttopdf.
CVE:CVE-2015-3279 (Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.)
 CVE-2015-3258 (Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3303-1] cups-filters security update (13.07.2015)

Раскрытие информации в HAProxy
Опубликовано:13 июля 2015 г.
Источник:
SecurityVulns ID:14578
Тип:удаленная
Уровень опасности:
5/10
Описание:При определенных условиях можно получить данные предыдущего запроса.
CVE:CVE-2015-3281 (The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.)
Оригинальный текстdocumentUBUNTU, [USN-2668-1] HAProxy vulnerability (13.07.2015)

Многочисленные уязвимости безопасности в PHP
Опубликовано:13 июля 2015 г.
Источник:
SecurityVulns ID:14580
Тип:библиотека
Уровень опасности:
8/10
Описание:Выполнение кода, DoS-условия, проблема нулевого байта, раскрытие информации.
Затронутые продукты:PHP : PHP 5.6
CVE:CVE-2015-4644
 CVE-2015-4643
 CVE-2015-4605
 CVE-2015-4604
 CVE-2015-4603
 CVE-2015-4602
 CVE-2015-4601
 CVE-2015-4600
 CVE-2015-4599
 CVE-2015-4598
 CVE-2015-4028
 CVE-2015-4027
 CVE-2015-4026 (The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.)
 CVE-2015-4025 (PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.)
 CVE-2015-4024 (Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.)
 CVE-2015-4022 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.)
 CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.)
 CVE-2015-3412
 CVE-2015-3411
Оригинальный текстdocumentUBUNTU, [USN-2658-1] PHP vulnerabilities (13.07.2015)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
Опубликовано:13 июля 2015 г.
Источник:
SecurityVulns ID:14573
Тип:библиотека
Уровень опасности:
8/10
Описание:Многочисленные криптографические проблемы в nss, повреждения памяти, обход ограничений, раскрытие информации, повышение привилегий.
Затронутые продукты:MOZILLA : Thunderbird 38
 MOZILLA : Firefox 38
 MOZILLA : Firefox ESR 31.7
CVE:CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.)
 CVE-2015-2743 (PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.)
 CVE-2015-2742 (Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream.)
 CVE-2015-2741 (Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.)
 CVE-2015-2740 (Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.)
 CVE-2015-2739 (The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.)
 CVE-2015-2738 (The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.)
 CVE-2015-2737 (The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.)
 CVE-2015-2736 (The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.)
 CVE-2015-2735 (nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.)
 CVE-2015-2734 (The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.)
 CVE-2015-2733 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.)
 CVE-2015-2731 (Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.)
 CVE-2015-2730 (Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.)
 CVE-2015-2729 (The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2015-2728 (The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.)
 CVE-2015-2727 (Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression.)
 CVE-2015-2726 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2015-2725 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2015-2724 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2015-2722 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.)
 CVE-2015-2721 (Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.)
Файлы: Mozilla Foundation Security Advisory 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
  Mozilla Foundation Security Advisory 2015-60 Local files or privileged URLs in pages can be opened into new tabs
  Mozilla Foundation Security Advisory 2015-61 Type confusion in Indexed Database Manager
  Mozilla Foundation Security Advisory 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
  Mozilla Foundation Security Advisory 2015-63 Use-after-free in Content Policy due to microtask execution error
  Mozilla Foundation Security Advisory 2015-64 ECDSA signature validation fails to handle some signatures correctly
  Mozilla Foundation Security Advisory 2015-65 Use-after-free in workers while using XMLHttpRequest
  Mozilla Foundation Security Advisory 2015-66 Vulnerabilities found through code inspection
  Mozilla Foundation Security Advisory 2015-67 Key pinning is ignored when overridable errors are encountered
  Mozilla Foundation Security Advisory 2015-68 OS X crash reports may contain entered key press information
  Mozilla Foundation Security Advisory 2015-69 Privilege escalation through internal workers
  Mozilla Foundation Security Advisory 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
  Mozilla Foundation Security Advisory 2015-71 NSS incorrectly permits skipping of ServerKeyExchange

DoS против ISC bind named
Опубликовано:13 июля 2015 г.
Источник:
SecurityVulns ID:14574
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при валидации DNSSEC.
Затронутые продукты:ISC : bind 9.10
CVE:CVE-2015-4620 (name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.)
Оригинальный текстdocumentUBUNTU, [USN-2669-1] Bind vulnerability (13.07.2015)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 13 июля 2015 г.
Опубликовано:21 сентября 2015 г.
Источник:
SecurityVulns ID:14579
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти в USB over WiFi, DoS, кратковременные условия.
Затронутые продукты:LINUX : kernel 4.0
CVE:CVE-2015-7613 (Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.)
 CVE-2015-7312 (Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.)
 CVE-2015-6937 (The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.)
 CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.)
 CVE-2015-6252 (The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.)
 CVE-2015-5707 (Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.)
 CVE-2015-5706 (Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation.)
 CVE-2015-5697 (The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.)
 CVE-2015-5366 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.)
 CVE-2015-5364 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.)
 CVE-2015-5157 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.)
 CVE-2015-5156 (The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.)
 CVE-2015-4700 (The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.)
 CVE-2015-4692 (The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.)
 CVE-2015-4003 (The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.)
 CVE-2015-4002 (drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.)
 CVE-2015-4001 (Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.)
 CVE-2015-3291 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.)
 CVE-2015-3290 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.)
 CVE-2015-3212 (Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.)
 CVE-2015-2925
 CVE-2015-0272
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3364-1] linux security update (05.10.2015)
 documentDEBIAN, [SECURITY] [DSA 3313-1] linux security update (26.07.2015)
 documentUBUNTU, [USN-2685-1] Linux kernel vulnerabilities (26.07.2015)
 documentUBUNTU, [USN-2666-1] Linux kernel vulnerabilities (13.07.2015)
 documentUBUNTU, [USN-2667-1] Linux kernel vulnerabilities (13.07.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород