Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Windows
дополнено с 9 мая 2012 г.
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12357
Тип:библиотека
Уровень опасности:
9/10
Описание:Повышение привилегий через TCP/IP, повышение привилегий через управление разделами, многочисленные уязвимости в .Net, Silverlight, поддержке шрифтов, GDI+ и оконных компанентах.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability.")
 CVE-2012-0181 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability.")
 CVE-2012-0180 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability.")
 CVE-2012-0179 (Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability.")
 CVE-2012-0178 (Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability.")
 CVE-2012-0176 (Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability.")
 CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability.")
 CVE-2012-0167 (Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability.")
 CVE-2012-0165 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability.")
 CVE-2012-0164 (Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability.")
 CVE-2012-0162 (Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability.")
 CVE-2012-0161 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability.")
 CVE-2012-0160 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability.")
 CVE-2012-0159 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability.")
 CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability (13.08.2012)
 documentZDI, ZDI-12-129: Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel) (13.08.2012)
 documentadvisories-publication_(at)_coresecurity.com, CORE-2011-1123: Windows Kernel ReadLayoutFile Heap Overflow (09.05.2012)
Файлы:Microsoft Security Bulletin MS12-032 - Important Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
 Microsoft Security Bulletin MS12-033 - Important Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
 Microsoft Security Bulletin MS12-033 - Important Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
 Microsoft Security Bulletin MS12-034 - Critical Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
 Microsoft Security Bulletin MS12-035 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

Выполнение кода в ActiveX AOL Deskbar
дополнено с 24 июня 2012 г.
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12435
Тип:клиент
Уровень опасности:
5/10
Описание:Неинициализированный указатель в ActiveX dnUpdater
Оригинальный текстdocumentrgod, AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution (13.08.2012)
 documentZDI, ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability (24.06.2012)

Межсайтовый скриптинг в HP Network Node Manager i
дополнено с 9 июля 2012 г.
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12455
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : Network Node Manager i 9.0
 HP : Network Node Manager i 9.1
 HP : Network Node Manager I 9.20
CVE:CVE-2012-2022 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) (13.08.2012)
 documentHP, [security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) (09.07.2012)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 20 июля 2012 г.
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12483
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, выполнение кода, подмена данных, межсайтовый скриптинг, утечка информации.
Затронутые продукты:MOZILLA : Firefox 13.0
 MOZILLA : Thunderbird 13.0
 MOZILLA : SeaMonkey 2.10
CVE:CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.)
 CVE-2012-1966 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.)
 CVE-2012-1965 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.)
 CVE-2012-1964 (The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.)
 CVE-2012-1963 (The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.)
 CVE-2012-1962 (Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.)
 CVE-2012-1961 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.)
 CVE-2012-1960 (The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.)
 CVE-2012-1959 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.)
 CVE-2012-1958 (Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.)
 CVE-2012-1955 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.)
 CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.)
 CVE-2012-1953 (The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.)
 CVE-2012-1952 (The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.)
 CVE-2012-1951 (Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.)
 CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.)
 CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-3671 (Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.)
Оригинальный текстdocumentZDI, ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability (13.08.2012)
Файлы:Mozilla Foundation Security Advisory 2012-50
 Mozilla Foundation Security Advisory 2012-51
 Mozilla Foundation Security Advisory 2012-52
 Mozilla Foundation Security Advisory 2012-53
 Mozilla Foundation Security Advisory 2012-54
 Mozilla Foundation Security Advisory 2012-55
 Mozilla Foundation Security Advisory 2012-56
 Mozilla Foundation Security Advisory 2012-41
 Mozilla Foundation Security Advisory 2012-42
 Mozilla Foundation Security Advisory 2012-43
 Mozilla Foundation Security Advisory 2012-44
 Mozilla Foundation Security Advisory 2012-45
 Mozilla Foundation Security Advisory 2012-46
 Mozilla Foundation Security Advisory 2012-47
 Mozilla Foundation Security Advisory 2012-48
 Mozilla Foundation Security Advisory 2012-49

Проблема символьных линков в Oracle Sun Solaris Update Manager
дополнено с 30 июля 2012 г.
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12496
Тип:локальная
Уровень опасности:
5/10
Описание:Небезопасная работа с временными файлами.
Затронутые продукты:ORACLE : Solaris 10
Оригинальный текстdocumentlarry0_(at)_me.com, Another Solaris 10 Patch Cluster Symlink Attack (13.08.2012)
 documentlarry0_(at)_me.com, file clobbering vulnerability in Solaris update manager & local root with SUNWbindr install. (30.07.2012)

Многочисленные уязвимости безопасности в ядре Linux
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12501
Тип:локальная
Уровень опасности:
7/10
Описание:Многочисленные DoS-условия, повышение привилегий.
Затронутые продукты:LINUX : kernel 2.6
 LINUX : kernel 3.2
CVE:CVE-2012-3400 (Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.)
 CVE-2012-3375 (The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.)
 CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.)
 CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations.)
 CVE-2012-2373 (The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.)
 CVE-2012-2372 (The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.)
 CVE-2012-2137 (Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.)
 CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.)
 CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.)
Оригинальный текстdocumentUBUNTU, [USN-1531-1] Linux kernel vulnerabilities (13.08.2012)
 documentUBUNTU, [USN-1529-1] Linux kernel vulnerabilities (13.08.2012)

Выполнение кода в KOffice / Calligra
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12502
Тип:локальная
Уровень опасности:
5/10
Описание:Выполнение кода при открытии документа MS Word.
Затронутые продукты:KDE : KOffice 2.3
 CALLIGRA : Calligra 2.4
CVE:CVE-2012-3456 (Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.)
 CVE-2012-3455 (Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.)
Оригинальный текстdocumentUBUNTU, [USN-1526-1] KOffice vulnerability (13.08.2012)

Выполнение кода через ActiveX в IBM Lotus iNotes / Quickr
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12503
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера в ActiveX dwa85W.cab / QP2.cab
Затронутые продукты:IBM : Lotus iNotes 8.5
 IBM : Lotus Quickr 8.2
CVE:CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.)
 CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.)
Оригинальный текстdocumentZDI, ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability (13.08.2012)

Выполнение кода в GE Intelligent Platforms Proficy Historian
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12504
Тип:клиент
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти в службе Data Archiver (TCP/14000)
Затронутые продукты:GE : Proficy Historian 4.5
CVE:CVE-2012-0232 (Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings.)
 CVE-2012-0229 (The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe.)
Оригинальный текстdocumentZDI, ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities (13.08.2012)

Целочисленные переполнения в libxml
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12505
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные целочисленные переполнения.
Затронутые продукты:LIBXML : libxml 2.8
CVE:CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2521-1] libxml2 security update (13.08.2012)

Несанкционированный доступ к Iomega StorCenter/EMC Lifeline
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12506
Тип:удаленная
Уровень опасности:
6/10
Описание:При определенных условиях возможен обход аутентификации.
Затронутые продукты:EMC : Iomega Home Media Network Hard Drive
 EMC : Iomega iConnect 2.5
 EMC : StorCenter ix2
 EMC : StorCenter ix4
 EMC : StorCenter ix12
 EMC : StorCenter px4
 EMC : StorCenter px6
 EMC : StorCenter px12
CVE:CVE-2012-2283 (The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors.)
Оригинальный текстdocumentEMC, ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability (13.08.2012)

Обратный путь в каталогах Oracle Business Transaction Management Server
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12507
Тип:удаленная
Уровень опасности:
6/10
Описание:Обратный путь в каталогах FlashTunnelService позволяет удаление файлов через SOAP-интерфейс.
Затронутые продукты:ORACLE : Business Transaction Management Server 12.1
Оригинальный текстdocumentrgod, Oracle Business Transaction Management Server FlashTunnelService Remote File Deletion (13.08.2012)

Выполнение кода через tiff2pdf в libtiff
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12508
Тип:библиотека
Уровень опасности:
5/10
Описание:Выполнение кода при разборе tiff.
Затронутые продукты:LIBTIFF : libtiff 3.9
CVE:CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:127 ] libtiff (13.08.2012)

Повышение привилегий в Globus GridFTP
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12510
Тип:библиотека
Уровень опасности:
5/10
Описание:Недостаточная проверка при разрешении имен.
Затронутые продукты:globus : Globus Toolkit 5.2
CVE:CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2523-1] globus-gridftp-server security update (13.08.2012)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12511
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPLIST : phpList 2.10
 FCKEDITOR : FCKeditor 2.6
 LEDGERSMB : LedgerSMB 1.3
 SOCIALENGINE : Social Engine 4.2
 PPBOARD : PBBoard 2.1
 CAKEPHP : CakePHP 2.2
 DIR2WEB : Dir2web 3.0
 OPENCONSTRUCTOR : Openconstructor 3.12
 REDAXO : Redaxo 4.4
 TEKNOPORTAL : tekno.Portal 0.1
 OCPORTAL : ocPoral 7.1
CVE:CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.)
 CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.)
 CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.)
 CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.)
 CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.)
 CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.)
 CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.)
 CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.)
 CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php.)
Оригинальный текстdocumentYGN Ethical Hacker Group, ocPortal 7.1.5 <= | Open URL Redirection Vulnerability (13.08.2012)
 documentChris Travers, Security Advisory in LedgerSMBv 1.3.20 and below: Denial of Service vulnerability (13.08.2012)
 documentX-Cisadane, Social Engine 4 Persistent XSS & Non-Persistent XSS (13.08.2012)
 documentSocket_0x03_(at)_teraexe.com, Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability (13.08.2012)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Redaxo (13.08.2012)
 documentlorenzo.cantoni86_(at)_gmail.com, [CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities (13.08.2012)
 documentlorenzo.cantoni86_(at)_gmail.com, [CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability (13.08.2012)
 documentlorenzo.cantoni86_(at)_gmail.com, [CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities (13.08.2012)
 documentDaniel Correa, Dir2web3 Mutiple Vulnerabilities (13.08.2012)
 documentVulnerability Lab, Joomla com_package - SQL Injection Vulnerability (13.08.2012)
 documentVulnerability Lab, Joomla com_photo - SQL Injection Vulnerability (13.08.2012)
 documentVulnerability Lab, Inout Mobile Webmail APP - Multiple Web Vulnerabilities (13.08.2012)
 documentVulnerability Lab, iAuto Mobile Application 2012 - Multiple Web Vulnerabilities (13.08.2012)
 documentMultiple vulnerabilities in PBBoard, Multiple vulnerabilities in PBBoard (13.08.2012)
 documentDEBIAN, [SECURITY] [DSA 2522-1] fckeditor security update (13.08.2012)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in phpList (13.08.2012)
 documentMustLive, XXE Injection in CakePHP and Squiz CMS (13.08.2012)
 documentMustLive, Zend Framework - Local file disclosure via XXE injection (13.08.2012)

DoS против OpenTTD
Опубликовано:13 августа 2012 г.
Источник:
SecurityVulns ID:12512
Тип:удаленная
Уровень опасности:
5/10
Описание:Несколько DoS-условия против игрового сервера.
Затронутые продукты:OPENTTD : OpenTTD 1.0
CVE:CVE-2012-3436 (OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half.")
 CVE-2012-0049
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2524-1] openttd security update (13.08.2012)

Уязвимости безопасности в Wireshark
дополнено с 13 августа 2012 г.
Опубликовано:20 августа 2012 г.
Источник:
SecurityVulns ID:12509
Тип:удаленная
Уровень опасности:
5/10
Описание:Несколько DoS-условий в диссекторах NFS и PPP.
Затронутые продукты:WIRESHARK : Wireshark 1.4
CVE:CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.)
 CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.)
 CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.)
 CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.)
 CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.)
 CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.)
 CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.)
 CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.)
 CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.)
 CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:135 ] wireshark (20.08.2012)
 documentMANDRIVA, [ MDVSA-2012:125 ] wireshark (13.08.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород