Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в IBM Proventia Mail Security System
Опубликовано:14 сентября 2010 г.
Источник:
SecurityVulns ID:11138
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый скриптинг, выполнение кода, подмена запроса.
Затронутые продукты:IBM : Proventia Network Mail Security System 1.6
 IBM : Proventia Network Mail Security System 2.5
CVE:CVE-2010-0155 (CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter.)
 CVE-2010-0154 (Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability.")
 CVE-2010-0153 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks.)
 CVE-2010-0152 (Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters.)
Оригинальный текстdocumentmarian.ventuneac_(at)_gmail.com, MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability (14.09.2010)
 documentmarian.ventuneac_(at)_gmail.com, MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability (14.09.2010)
 documentmarian.ventuneac_(at)_gmail.com, MVSA-10-006 / CVE-2010-0153 - IBM Proventia Network Mail Security System - Cross-Site Request Forgery vulnerabilities (14.09.2010)
 documentmarian.ventuneac_(at)_gmail.com, MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities (14.09.2010)

Переполнение буфера в SSH-сервере Novell Netware
дополнено с 6 сентября 2010 г.
Опубликовано:14 сентября 2010 г.
Источник:
SecurityVulns ID:11118
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при обработке запроса SCP GET
Затронутые продукты:NOVELL : Netware 6.5
Оригинальный текстdocumentZDI, ZDI-10-169: Novell Netware SSHD.NLM Remote Code Execution Vulnerability (14.09.2010)
 documentFrancis Provencher, {PRL} Novell Netware OpenSSH Remote Stack Overflow (06.09.2010)

Многочисленные уязвимости безопасности в снифере Wireshart
дополнено с 14 июня 2010 г.
Опубликовано:14 сентября 2010 г.
Источник:
SecurityVulns ID:10928
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS условия, переполнение буфера.
Затронутые продукты:WIRESHARK : Wireshark 1.2
 WIRESHARK : Wireshark 1.4
CVE:CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.)
 CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.)
 CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.)
 CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
 CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
Оригинальный текстdocumentyangdn_(at)_nipc.org.cn, Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service (14.09.2010)
 documentDEBIAN, [SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities (02.09.2010)
 documentMANDRIVA, [ MDVSA-2010:113 ] wireshark (14.06.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:14 сентября 2010 г.
Источник:
SecurityVulns ID:11139
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OCSINVENTORY : OCS Inventory NG 1.02
CVE:CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.)
 CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.)
 CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.)
 CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2097-2] New phpmyadmin packages fix several vulnerabilities (14.09.2010)
 documentMANDRIVA, [ MDVSA-2010:178 ] ocsinventory (14.09.2010)

Многочисленные уязвимости безопасности в Apple WebKit / Safari
Опубликовано:14 сентября 2010 г.
Источник:
SecurityVulns ID:11137
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода, повреждения памяти.
Затронутые продукты:APPLE : Safari 5.0
 APPLE : Safari 4.1
CVE:CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.)
 CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.)
 CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari.)
Оригинальный текстdocumentZDI, ZDI-10-170: Apple Safari Webkit Runin Remote Code Execution Vulnerability (14.09.2010)
 documentAPPLE, About the security content of Safari 5.0.2 and Safari 4.1.2 (14.09.2010)

Проблема жестких ссылок в rpm
Опубликовано:14 сентября 2010 г.
Источник:
SecurityVulns ID:11140
Тип:локальная
Уровень опасности:
5/10
Описание:Кратковременные условия с подменой файлов.
Затронутые продукты:RPM : rpm 4.8
CVE:CVE-2010-2059 (lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.)
 CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:180 ] rpm (14.09.2010)

DoS условия в SMTP-сервере MailEnable
Опубликовано:14 сентября 2010 г.
Источник:
SecurityVulns ID:11141
Тип:удаленная
Уровень опасности:
5/10
Описание:Обращение по неинициализированной памяти при логгировании на командах MAIL FROM / RCPT TO.
Затронутые продукты:MAILENABLE : MailEnable 4.25
CVE:CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error.")
Оригинальный текстdocumentSECUNIA, Secunia Research: MailEnable SMTP Service Two Denial of Service Vulnerabilities (14.09.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород