Информационная безопасность
[RU] switch to English


Выполнение кода в bash
дополнено с 25 сентября 2014 г.
Опубликовано:13 октября 2014 г.
Источник:
SecurityVulns ID:13977
Тип:библиотека
Уровень опасности:
10/10
Описание:Можно поместить функцию в содержание любой переменной окруждения.
Затронутые продукты:GNU : bash 4.3
CVE:CVE-2014-7187 (Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.)
 CVE-2014-7186 (The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.)
 CVE-2014-7169 (GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.)
 CVE-2014-6278 (GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.)
 CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.)
 CVE-2014-6271 (GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.)
 CVE-2014-3659 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE assignments. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Оригинальный текстdocumentHP, [security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution (13.10.2014)
 documentCA, CA20141001-01: Security Notice for Bash Shellshock Vulnerability (13.10.2014)
 documentHP, [security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution (05.10.2014)
 documentVMWARE, NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities (05.10.2014)
 documentHP, [security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution (05.10.2014)
 documentMichal Zalewski, the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) (05.10.2014)
 documentHP, [security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code (05.10.2014)
 documentcve-assign_(at)_mitre.org, [oss-security] Re: CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentHanno Bock, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentmancha, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentSolar Designer, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentFlorian Weimer, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentUBUNTU, [USN-2362-1] Bash vulnerability (25.09.2014)
Файлы:Bash specially-crafted environment variables code injection attack
  Cisco Security Advisory GNU Bash Environment Variable Command Injection Vulnerability
 Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE-2014-6278)

Проблема символьных линков в apt
Опубликовано:13 октября 2014 г.
Источник:
SecurityVulns ID:14001
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема символьных линков при создании временных файлов.
Затронутые продукты:APT : apt 1.0
CVE:CVE-2014-7206 (The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3048-1] apt security update (13.10.2014)

Многочисленные уязвимости безопасности в Cisco ASA
Опубликовано:13 октября 2014 г.
Источник:
SecurityVulns ID:14002
Тип:удаленная
Уровень опасности:
8/10
Описание:DoS при разборе различных протоколов, выполнение кода, утечка информации, недостаточная валидация сертификата.
Затронутые продукты:CISCO : ASA 9.3
CVE:CVE-2014-3394 (The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.)
 CVE-2014-3393 (The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.)
 CVE-2014-3392 (The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136.)
 CVE-2014-3391 (Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.)
 CVE-2014-3390 (The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.)
 CVE-2014-3389 (The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582.)
 CVE-2014-3388 (The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327.)
 CVE-2014-3387 (The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074.)
 CVE-2014-3386 (The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of GTP packets, aka Bug ID CSCum56399.)
 CVE-2014-3385 (Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556.)
 CVE-2014-3384 (The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401.)
 CVE-2014-3383 (The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176.)
 CVE-2014-3382 (The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027.)
Файлы: Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software

DoS против Exuberant Ctags
Опубликовано:13 октября 2014 г.
Источник:
SecurityVulns ID:14004
Тип:локальная
Уровень опасности:
5/10
Описание:Вечный цикл приводящий к исчерпанию ресурсов.
Затронутые продукты:EXUBERANT : ctags 5.9
CVE:CVE-2014-7204 (jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.)
Оригинальный текстdocumentUBUNTU, [USN-2371-1] Exuberant Ctags vulnerability (13.10.2014)

Многочисленные уязвимости безопасности в qemu
дополнено с 13 октября 2014 г.
Опубликовано:8 декабря 2014 г.
Источник:
SecurityVulns ID:14003
Тип:локальная
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти в драйверах, DoS, утечка информации.
Затронутые продукты:QEMU : qemu 1.1
CVE:CVE-2014-8106 (Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.)
 CVE-2014-7815 (The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.)
 CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.)
 CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.)
 CVE-2014-3615 (The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.)
 CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.)
 CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.)
 CVE-2014-0147
 CVE-2014-0146
 CVE-2014-0145
 CVE-2014-0144
 CVE-2014-0143
 CVE-2014-0142
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3087-1] qemu security update (08.12.2014)
 documentDEBIAN, [SECURITY] [DSA 3066-1] qemu security update (10.11.2014)
 documentDEBIAN, [SECURITY] [DSA 3045-1] qemu security update (13.10.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород