Информационная безопасность
[RU] switch to English


Внедрение записей в DNS-сервер bind
дополнено с 1 декабря 2009 г.
Опубликовано:17 марта 2010 г.
Источник:
SecurityVulns ID:10431
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно внедрение записей в момент обработки запроса DNSSEC.
Затронутые продукты:BIND : bind 9.4
 BIND : bind 9.5
 ISC : bind 9.6
 ISC : bind 9.7
CVE:CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.)
 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.)
 CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.)
Оригинальный текстdocumentRPATH, rPSA-2010-0018-1 bind bind-utils caching-nameserver (17.03.2010)
 documentMANDRIVA, [ MDVSA-2010:021 ] bind (21.01.2010)
 documentMANDRIVA, [ MDVSA-2009:304 ] bind (01.12.2009)

Многочисленные уязвимости безопасности в WebKit / Apple Safari / Google Chrome
дополнено с 15 марта 2010 г.
Опубликовано:17 марта 2010 г.
Источник:
SecurityVulns ID:10692
Тип:библиотека
Уровень опасности:
7/10
Описание:Использование памяти после освобождения, целочисленное переполнение, перехват событий ввода пользователя.
Затронутые продукты:APPLE : Safari 4.0
 GOOGLE : Chrome 3.0
CVE:CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.)
 CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.)
Оригинальный текстdocumentZDI, ZDI-10-030: Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability (17.03.2010)
 documentZDI, ZDI-10-031: Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability (17.03.2010)
 documentMichal Zalewski, ...because you can't get enough of clickjacking (16.03.2010)
 documentZDI, ZDI-10-029: Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability (16.03.2010)
 documentVUPEN Security Research, VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability (15.03.2010)
 documentIDEFENSE, iDefense Security Advisory 03.11.10: Multiple Vendor WebKit HTML Element Use After Free Vulnerability (15.03.2010)
Файлы:Browsers focus hijack demonstration

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород