Информационная безопасность
[RU] switch to English


Утечка информации в Mozilla FireFox
дополнено с 8 октября 2008 г.
Опубликовано:14 октября 2008 г.
Источник:
SecurityVulns ID:9339
Тип:локальная
Уровень опасности:
5/10
Описание:Утечка информации при открытии локального файла HTML.
Затронутые продукты:MOZILLA : Firefox 3.0
Оригинальный текстdocumentMustLive, Information Leakage in Firefox 3 (14.10.2008)
 documentLIUDIEYU dot COM, Firefox Privacy Broken If Used to Open Web Page File (08.10.2008)

Повышение привилегий в Oracle
Опубликовано:14 октября 2008 г.
Источник:
SecurityVulns ID:9353
Тип:локальная
Уровень опасности:
5/10
Описание:Пользователь с правами CREATE ANY DIRECTORY имеет возможность получить права SYSDBA.
Затронутые продукты:ORACLE : Oracle 10g
 ORACLE : Oracle 11g
Оригинальный текстdocumentpaul.wright_(at)_oracleforensics.com, CREATE ANY DIRECTORY to SYSDBA (14.10.2008)

Переполнение буфера в Lenovo Rescue and Recovery
Опубликовано:14 октября 2008 г.
Источник:
SecurityVulns ID:9354
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера в драйвере tvtumon.sys.
Оригинальный текстdocumentChris Clark, iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20 (14.10.2008)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:14 октября 2008 г.
Источник:
SecurityVulns ID:9355
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WORDPRESS : WP Comment Remix 1.4
 NLB : NewLife Blogger 3.0
Оригинальный текстdocumentPepelux, NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability (14.10.2008)
 documentg30rg3_x, WP Comment Remix 1.4.3 Multiple Vulnerabilities (14.10.2008)
 documentozdemirtravel_(at)_gmail.com, İltaweb Alışveriş Sistemi (tr) Sql inj (14.10.2008)
 documentozdemirtravel_(at)_gmail.com, İltaweb Alışveriş Sistemi (tr) Sql inj (14.10.2008)

DoS против беспроводных точек доступа на чипах Marvel
Опубликовано:14 октября 2008 г.
Источник:
SecurityVulns ID:9356
Тип:удаленная
Уровень опасности:
5/10
Описание:Обрезанный запрос на установку связи приводит к зависанию или перезагрузке устройства.
Затронутые продукты:Marvell : MARVELL 88W8361P-BEM1
 CISCO : Linksys WAP4400N
CVE:CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197.)
Оригинальный текстdocumentLaurent Butti, Marvell Driver Malformed Association Request Vulnerability (14.10.2008)

Переполнение буфера в службе удаленного администрирования Sun Solaris Solstice AdminSuite
Опубликовано:14 октября 2008 г.
Источник:
SecurityVulns ID:9358
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в функции adm_build_path() sadmind.
Затронутые продукты:ORACLE : Solaris 8
 ORACLE : Solaris 9
Оригинальный текстdocumentRISE Security, [RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow Vulnerability (14.10.2008)

Закладка в маршрутизаторах Telecom Italia Alice Pirelli
Опубликовано:14 октября 2008 г.
Источник:
SecurityVulns ID:9359
Тип:удаленная
Уровень опасности:
5/10
Описание:Специально сконструированный сетевой пакет приводит к активизации функций telnet/ftp/tftp на маршрутизаторе.
Оригинальный текстdocumentdrpepppperone_(at)_gmail.com, Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN. (14.10.2008)
Файлы:Alice BackDoor hash creator

Переполнение буфера в Active Directory Microsoft Windows 2000
Опубликовано:14 октября 2008 г.
Источник:
SecurityVulns ID:9363
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при обработке LDAP-запроса.
Затронутые продукты:MICROSOFT : Windows 2000 Server
CVE:CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS08-060 – Critical Vulnerability in Active Directory Could Allow Remote Code Execution (957280) (14.10.2008)
Файлы:Microsoft Security Bulletin MS08-060 – Critical Vulnerability in Active Directory Could Allow Remote Code Execution (957280)

Многочисленные уязвимости безопасности в ядре Microsoft Windows
Опубликовано:14 октября 2008 г.
Источник:
SecurityVulns ID:9364
Тип:локальная
Уровень опасности:
5/10
Описание:Двойное освобождение памяти и повреждения памяти при работе с окнами.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-2252
 CVE-2008-2251
 CVE-2008-2250
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS08-061 – Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211) (14.10.2008)
Файлы:Microsoft Security Bulletin MS08-061 – Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)

Многочисленные уязвимости в Microsoft Office
дополнено с 14 октября 2008 г.
Опубликовано:15 октября 2008 г.
Источник:
SecurityVulns ID:9360
Тип:локальная
Уровень опасности:
5/10
Описание:Утечка информации через URI cdo:, многочисленные повреждения памяти в Excel.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability.")
 CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability.")
 CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability.")
 CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability.")
Оригинальный текстdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 10.14.08: Microsoft Visual Basic for Applications - Multiple Vulnerabilities (15.10.2008)
 documentZDI, [Full-disclosure] ZDI-08-068: Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability (15.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-056 - Moderate Vulnerability in Microsoft Office Could Allow Information Disclosure (957699) (14.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-057 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) (14.10.2008)
Файлы:Microsoft Security Bulletin MS08-057 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

Переполнение буфера в Microsoft Host Integration Server
дополнено с 14 октября 2008 г.
Опубликовано:15 октября 2008 г.
Источник:
SecurityVulns ID:9362
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в RPC-процедуре.
Затронутые продукты:MICROSOFT : Host Integration Server 2004
 MICROSOFT : Host Integration Server 2000
 MICROSOFT : Host Integration Server 2006
CVE:CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Command Execution Vulnerability (15.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-059 – Critical Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) (14.10.2008)
Файлы:Microsoft Security Bulletin MS08-059 – Critical Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)

Многочисленные уязвимости в ядре Linux
дополнено с 14 октября 2008 г.
Опубликовано:18 октября 2008 г.
Источник:
SecurityVulns ID:9357
Тип:локальная
Уровень опасности:
6/10
Описание:Многочисленные DoS-условия, повышение привилегий группы через файловую систему и через системные вызовы
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.)
 CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.)
 CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.)
 CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.)
 CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.)
 CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.)
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.)
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.)
 CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite, which triggers an invalid dereference.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities (18.10.2008)
 documentDEBIAN, [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities (14.10.2008)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 14 октября 2008 г.
Опубликовано:21 октября 2008 г.
Источник:
SecurityVulns ID:9361
Тип:удаленная
Уровень опасности:
7/10
Описание:Повреждения памяти, перехват информации, межсайтовый скриптинг.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability.")
 CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability.")
 CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability.")
 CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.)
Оригинальный текстdocumentsecurity_(at)_nruns.com, n.runs-SA-2008.008 - Internet Explorer HTML Object Memory Corruption and Remote Code Execution (21.10.2008)
 documentifsecure_(at)_gmail.com, Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution (16.10.2008)
 documentZDI, [Full-disclosure] ZDI-08-069: Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability (15.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-058 - Critical Cumulative Security Update for Internet Explorer (956390) (14.10.2008)
Файлы:Microsoft Security Bulletin MS08-058 - Critical Cumulative Security Update for Internet Explorer (956390)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород