Информационная безопасность
[RU] switch to English


Несанкционированный доступ через SLSd в HP-UX (unauthorized access)
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7239
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможно создание любых файлов с данными атакующего.
Затронутые продукты:HP : HP-UX 10.20
 HP : HP-UX 11.11
CVE:CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.)
Оригинальный текстdocumentHP, HPSBUX02191 SSRT071302 rev.1 - HP-UX Running SLSd, Remote Unauthorized Arbitrary File Creation (15.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.13.07: Hewlett-Packard HP-UX SLSd Arbitrary File Creation Vulnerability (15.02.2007)

Обход защиты в смартфонах PalmOS Treo (protection bypass)
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7240
Тип:локальная
Уровень опасности:
4/10
Описание:Функции поиска позволяют доступ к заблокированному устройству.
Затронутые продукты:VERIZON : Verizon Treo 650
 SPRINT : Sprint Treo 650
 CINGULAR : Cingular Treo 650
 CINGULAR : Cingular Treo 680
 SPRINT : Sprint Treo 700
 VERIZON : Verizon Treo 700
CVE:CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys.)
Оригинальный текстdocumentSYMANTEC, SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass (15.02.2007)

Многочисленные уязвимости в Cisco PIX / ASA / FWSM (multiple bugs)
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7242
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS-условия при разборе HTTP, SIP, TCP трафика, повышение привилегий.
Затронутые продукты:CISCO : PIX 6.3
 CISCO : PIX 7.0
 CISCO : FWSM 2.3
 CISCO : PIX 7.1
 CISCO : ASA 7.0
 CISCO : ASA 7.1
 CISCO : FWSM 3.1
 CISCO : PIX 7.2
 CISCO : ASA 7.2
 CISCO : ASA 6.3
CVE:CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.)
 CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests.)
 CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.)
 CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.)
 CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.)
 CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006.)
 CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.)
 CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets.)
 CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.)
 CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to inspect certain TCP-based protocols, allows remote attackers to cause a denial of service (device reboot) via malformed TCP packets.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module (15.02.2007)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances (15.02.2007)

Обход зашиты в Comodo Firewall (protection bypass)
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7243
Тип:локальная
Уровень опасности:
4/10
Описание:Для защиты файлов используется сумма CRC32, что делает процесс обхода защиты тривиальным.
Затронутые продукты:COMODO : Comodo Firewall Pro 2.4
 COMODO : Comodo Personal Firewall 2.3
CVE:CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.)
Оригинальный текстdocumentMatousec - Transparent security Research, [Full-disclosure] Comodo DLL injection via weak hash function exploitation Vulnerability (15.02.2007)

Многочисленные уязвимости в плагине Lizardtech DjVu (multiple bugs)
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7244
Тип:клиент
Уровень опасности:
5/10
Описание:Многочисленные переполнения буфера при разборе документов DjVu и в различных методах.
Затронутые продукты:LIZARDTECH : DjVu Browser Plug-in 6.1
CVE:CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors.)
Оригинальный текстdocumentBrett Moore, [Full-disclosure] Lizardtech DjVu Browser Plug-in - Multiple Vulnerabilities (15.02.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7245
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:DESKPRO : DeskPRO 1.1
 ADVANCEDPOLL : Advanced Poll 2.0
 DRUPAL : Drupal 4.7
 PHPCC : phpCC 4.2
 DRUPAL : Drupal 5.1
 NABOCORP : nabopoll 1.1
 MOHA : MOHA Chat 0.1
 ATMAIL : @mail 0.61
 HARPIA : Harpia CMS 1.0
 SCART : SCart 2.0
 APACHESTATS : Apache Stats 0.0
 TAGIT : TagIt! Tagboard 2.1
 ZEBRAFEEDS : ZebraFeeds 1.0
 ANSATHEUS : AT Contenator 1.0
 XARANCMS : Xaran CMS 2.0
 POLLMENTOR : PollMentor 2.0
CVE:CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.)
 CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.)
 CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter.)
 CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.)
 CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.)
 CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.)
 CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.)
 CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.)
 CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.)
 CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.)
 CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.)
 CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.)
 CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.)
 CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.)
 CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.)
 CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.)
 CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.)
 CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function.)
 CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter.)
Оригинальный текстdocumentx0r0n_(at)_hotmail.com, Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability (15.02.2007)
 documentbeks, CodeAvalanche News SQL Injection (15.02.2007)
 document[email protected]_King, nabopoll 1.2 Remote Unprotected Admin Section Vulnerability (15.02.2007)
 document[email protected]_King, nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability (15.02.2007)
 documentThE [email protected], ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities (15.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in [Calendar Express 2 ] (15.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in [deskpro.com v1.1.0 ] (15.02.2007)
Файлы:Drupal < 5.1 Remote Command Execution Exploit
 Drupal < 4.7.6 Remote Command Execution Exploit
 phpCC Beta <= 4.2 (nickpage.php npid) Remote SQL Injection Exploit
 Xaran Cms <= V2.0 (xarancms_haupt.php) Remote SQL Injection Exploit
 AT Contenator <= v1.0 (Root_To_Script) Remote File Include Exploit
 Advanced Poll 2.0.0 >= 2.0.5-dev textfile RCE

Переполнение буфера в iTinySoft Studio Total Video Player (buffer overflow)
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7246
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файлов .M3U.
Затронутые продукты:ITINYSOFT : Total Video Player 1.03
CVE:CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)

Кратковременные условия при обработке пакетов TCP в Sun Solaris
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7247
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможен отказ системы.
Затронутые продукты:ORACLE : Solaris 10
CVE:CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.)

Многочисленные уязвимости в PHP (multiple bugs)
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7248
Тип:локальная
Уровень опасности:
6/10
Описание:Многочисленные переполнения буфера, утечки информации, DoS условия и т.п.
Затронутые продукты:PHP : PHP 5.2
CVE:CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.)
 CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.)
 CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.)
 CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.)
 CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).)

Проблемы с модулем roster ODBC в ejabberd
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7249
Тип:удаленная
Уровень опасности:
5/10
CVE:CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.)

Обратный путь в каталогах антивируса ClamAV (directory traversal)
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7250
Тип:удаленная
Уровень опасности:
8/10
Описание:Идентификатор MIME-части письма используется для образования имени файла без проверки символов ../. Кроме того, имеется DoS при разборе файлов .CAB.
Затронутые продукты:CLAMAV : ClamAV 0.88
CVE:CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.)
 CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV CAB File Denial of Service Vulnerability (15.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability (15.02.2007)

Доступ между доменами в Mozilla Firefox
дополнено с 15 февраля 2007 г.
Опубликовано:27 февраля 2007 г.
Источник:
SecurityVulns ID:7238
Тип:клиент
Уровень опасности:
8/10
Описание:Используя location.hostname='evil.com\x00foo.example.com' атакующий может добиться, чтобы запрос для foo.example.com ушел на evil.com, что позволяет доступ между доменами. Уязвимость может быть использована для скрытой установки вредоносного кода.
Затронутые продукты:MOZILLA : Firefox 2.0
CVE:CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.)
 CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.)
 CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-07 (27.02.2007)
 documentMichal Zalewski, [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability (22.02.2007)
 documentMichal Zalewski, Firefox: about:blank is phisher's best friend (18.02.2007)
 documentMichal Zalewski, Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability (15.02.2007)
 documentMichal Zalewski, Firefox: serious cookie stealing / same-domain bypass vulnerability (15.02.2007)

DoS через протокол ARPA в HP-UX
дополнено с 15 февраля 2007 г.
Опубликовано:24 января 2008 г.
Источник:
SecurityVulns ID:7241
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP-UX 11.11
 HP : HP-UX 11.23
CVE:CVE-2007-6425
 CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.)
 CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) (24.01.2008)
 documentHP, [security bulletin] HPSBUX02248 SSRT071437 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) (03.08.2007)
 documentHP, [security bulletin] HPSBUX02247 SSRT071432 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) (03.08.2007)
 documentHP, HPSBUX02205 SSRT061120 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) (13.04.2007)
 documentHP, [security bulletin] HPSBUX02192 SSRT061233 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) (15.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород