Информационная безопасность
[RU] switch to English


Слабый пароль в VM-Builder
Опубликовано:14 ноября 2008 г.
Источник:
SecurityVulns ID:9435
Тип:локальная
Уровень опасности:
5/10
Описание:Используется слабый генератор псевдослучайных чисел для создания пароля root в виртуальной машине.
Затронутые продукты:VMBUILDER : vm-builder 0.9
Оригинальный текстdocumentUBUNTU, [USN-670-1] VMBuilder vulnerability (14.11.2008)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:14 ноября 2008 г.
Источник:
SecurityVulns ID:9430
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JOOMLA : JooBlog 0.1.1 component for Joomla
Оригинальный текстdocumentStephen Argent, Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vuln. (14.11.2008)
 documentMustLive, Cross-Site Scripting vulnerability in Fusebox Framework (14.11.2008)

Проблемы символьных линков в rPath Linux
Опубликовано:14 ноября 2008 г.
Источник:
SecurityVulns ID:9431
Тип:локальная
Уровень опасности:
5/10
Описание:Проблемы символьных линков в init-скрипте rapa-console
Затронутые продукты:RPATH : rPath Appliance Platform Linux Service 1
 RPATH : rPath Appliance Platform Linux Service 2
 RPATH : rPath Linux 1
 RPATH : rPath Linux 2
CVE:CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.)
 CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.)
Оригинальный текстdocumentRPATH, rPSA-2008-0318-1 initscripts (14.11.2008)

Подмена сертификатов в GnuTLS
Опубликовано:14 ноября 2008 г.
Источник:
SecurityVulns ID:9432
Тип:библиотека
Уровень опасности:
6/10
Описание:Некорректная процедура проверки цепочки доверия.
Затронутые продукты:GNUTLS : GnuTLS 2.0
CVE:CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2008:227 ] gnutls (14.11.2008)

Повышение привилегий через HP Service Manager
Опубликовано:14 ноября 2008 г.
Источник:
SecurityVulns ID:9433
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP Service Manager 7.01
CVE:CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02385 SSRT080161 rev.1 - HP Service Manager (HPSM), Gain Extended Privileges (14.11.2008)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thinderbird / Seamonkey
Опубликовано:14 ноября 2008 г.
Источник:
SecurityVulns ID:9434
Тип:клиент
Уровень опасности:
9/10
Описание:Утечка информации, использование освобожденной памяти, повреждение памяти, повышение привилегий, переполнение буфера, межсайтовый скриптинг, обход защиты.
Затронутые продукты:MOZILLA : Firefox 2.0
 MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
 MOZILLA : Firefox 3.0
CVE:CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.)
 CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.)
 CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.)
 CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.)
 CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.)
 CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.)
 CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.)
 CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.)
 CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.)
 CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.)
 CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.)
 CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.)
 CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.)
 CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2008-58 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-57 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-56 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-55 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-54 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-53 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-52 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-51 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-50 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-49 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-48 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-47 (14.11.2008)

Многочисленные уязвимости в Oracle
дополнено с 26 октября 2008 г.
Опубликовано:14 ноября 2008 г.
Источник:
SecurityVulns ID:9382
Тип:удаленная
Уровень опасности:
8/10
Описание:Вышел очередной ежеквартальный набор исправлений с полным набором категорий исправленных уязвимостей.
Затронутые продукты:ORACLE : Oracle 9i
 ORACLE : Oracle 8i
 ORACLE : Oracle 10g
 ORACLE : Oracle 11g
CVE:CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.)
 CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.)
 CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.)
 CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM.)
 CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode.)
Оригинальный текстdocumentSHATTER, Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database multiple SQL Injection vulnerabilities in Workspace Manager (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database Multiple SQL Injection vulnerabilities in LTADM (14.11.2008)
 documentpete_(at)_petefinnigan.com, Advisory for Oracle CPU October 2008 - APEX Flows excessive privileges (26.10.2008)
 documentAmichai Shulman, CVE-2008-4000: Oracle PeopleTools – Authentication Weakness (26.10.2008)
 documentAmichai Shulman, CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability (26.10.2008)

DoS против браузеров Microsoft Internet Explorer, Opera, Google Chrome, Mozilla
дополнено с 3 октября 2008 г.
Опубликовано:14 ноября 2008 г.
Источник:
SecurityVulns ID:9330
Тип:удаленная
Уровень опасности:
4/10
Описание:window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Многочисленные другие атаки на исчерпание ресурсов через Javascript.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Mozilla 1.7
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MOZILLA : Firefox 3.0
 GOOGLE : Chrome 0.2
 OPERA : Opera 9.52
 GOOGLE : Chrome 0.3
Оригинальный текстdocumentMustLive, DoS vulnerabilities in Internet Explorer and Google Chrome (14.11.2008)
 documentMustLive, DoS vulnerability in Mozilla Firefox (06.10.2008)
 documentMustLive, DoS vulnerability in Internet Explorer (06.10.2008)
 documentMustLive, DoS vulnerability in Opera (06.10.2008)
 documentMustLive, DoS vulnerability in Mozilla, Internet Explorer, Google Chrome and Opera (03.10.2008)
Файлы:close.html

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород