Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в MySQL
дополнено с 9 ноября 2010 г.
Опубликовано:15 ноября 2010 г.
Источник:
SecurityVulns ID:11243
Тип:локальная
Уровень опасности:
6/10
Описание:Несанкционированный доступ к файлам через ALTER DATABASE / UPGRADE DATA DIRECTORY, многочисленные DoS-условия.
Затронутые продукты:ORACLE : MySQL 5.1
CVE:CVE-2010-3840 (The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.)
 CVE-2010-3839 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.)
 CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table.")
 CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.)
 CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.)
 CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.)
 CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments.")
 CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT.")
 CVE-2010-3683 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.)
 CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.)
 CVE-2010-3681 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.)
 CVE-2010-3680 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.)
 CVE-2010-3679 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.)
 CVE-2010-3678 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.)
 CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.)
 CVE-2010-3676 (storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.)
 CVE-2010-2008 (MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.)
Оригинальный текстdocumentUBUNTU, [USN-1017-1] MySQL vulnerabilities (15.11.2010)
 documentMANDRIVA, [ MDVSA-2010:155-1 ] mysql (09.11.2010)

Многочисленные уязвимости безопасности в Microsoft Office
дополнено с 10 ноября 2010 г.
Опубликовано:15 ноября 2010 г.
Источник:
SecurityVulns ID:11248
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти, переполнения буфера, целочисленные переполнения.
Затронутые продукты:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
 MICROSOFT : Office 2010
 MICROSOFT : Office for Mac 2011
CVE:CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.)
 CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability.")
 CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability.")
 CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability.")
 CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability.")
 CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability.")
 CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability.")
Оригинальный текстdocumentACROS Security, Additional information on the Microsoft Office 2010 binary planting bugs (15.11.2010)
 documentIDEFENSE, iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability (10.11.2010)
 documentACROS Security, ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010 (10.11.2010)
 documentACROS Security, ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010 (10.11.2010)
 documentACROS Security, ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010 (10.11.2010)
 documentSECUNIA, Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability (10.11.2010)
 documentSECUNIA, Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability (10.11.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-088 - Important Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) (10.11.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) (10.11.2010)
Файлы:Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
 Microsoft Security Bulletin MS10-088 - Important Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

Уязвимости безопасности в ProFTPD
Опубликовано:15 ноября 2010 г.
Источник:
SecurityVulns ID:11255
Тип:удаленная
Уровень опасности:
8/10
Описание:Переполнение буфера при разборе ESC-последовательности TELNET_IAC. Обратный путь в каталогах через симлинки и модуль mod_site_misc.
Затронутые продукты:PROFTPD : ProFTPD 1.3
CVE:CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.)
 CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.)
 CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.)
 CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:227 ] proftpd (15.11.2010)
 documentZDI, ZDI-10-229: ProFTPD TELNET_IAC Remote Code Execution Vulnerability (15.11.2010)

Повреждение памяти в libxml2
Опубликовано:15 ноября 2010 г.
Источник:
SecurityVulns ID:11256
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждение памяти при разборе атрибутов XPath.
Затронутые продукты:LIBXML : libxml2 2.6
CVE:CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.)
Оригинальный текстdocumentUBUNTU, [USN-1016-1] libxml2 vulnerability (15.11.2010)

Обращение по нулевому адресу в FreeBSD
Опубликовано:15 ноября 2010 г.
Источник:
SecurityVulns ID:11257
Тип:локальная
Уровень опасности:
5/10
Описание:pfs_getextattr пытается снять блокировку с ранее не блокированного мутекса.
CVE:CVE-2010-4210 (The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.)
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-10:09.pseudofs (15.11.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород