Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в библиотеке ffmpeg
дополнено с 21 мая 2012 г.
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12385
Тип:библиотека
Уровень опасности:
7/10
Описание:Многочисленные уязвимости безопасности при разборе Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV.
Затронутые продукты:LIBAV : libav 0.5
CVE:CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes.")
 CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array writes.")
 CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array.")
 CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write.")
 CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes.")
 CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters.")
 CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11 has unknown impact and attack vectors related to "too many zeros.")
 CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode.")
 CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).)
 CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk.")
 CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "setup width/height.")
 CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write.")
 CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.)
 CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context.")
 CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784.)
 CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of picture write.")
 CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof.")
 CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing with frame threading.")
 CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.)
 CVE-2012-0853 (The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.)
 CVE-2012-0852 (The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.)
 CVE-2012-0851 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.)
 CVE-2011-3952 (The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.)
 CVE-2011-3951 (The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.)
 CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.)
 CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams.")
 CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.)
 CVE-2011-3929 (The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.)
 CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.)
 CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2494-1] ffmpeg security update (17.06.2012)
 documentDEBIAN, [SECURITY] [DSA-2471-1] ffmpeg security update (21.05.2012)

DoS против Asterisk
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12418
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ в драйвере Skinny.
Затронутые продукты:ASTERISK : Asterisk 10.5
CVE:CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.)
Оригинальный текстdocumentASTERISK, AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability (17.06.2012)

Подмена URL в Opera
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12419
Тип:клиент
Уровень опасности:
4/10
Описание:Возможно перехватить событие перехода на другой сайт и подменить содержимое страницы.
Затронутые продукты:OPERA : Opera 11.61
CVE:CVE-2012-3560 (Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.)
Оригинальный текстdocumentvulnhunt_(at)_gmail.com, [CAL-2012-0015] opera website spoof (17.06.2012)

Уязвимости безопасности в VMWare
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12420
Тип:локальная
Уровень опасности:
5/10
Описание:Повреждение памяти, DoS.
CVE:CVE-2012-3289 (VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.)
 CVE-2012-3288 (VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.)
Оригинальный текстdocumentVMWARE, VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues (17.06.2012)

Подмена DLL в Checkpoint Endpoint Connect
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12421
Тип:локальная
Уровень опасности:
5/10
Описание:Возможна загрузка пользовательской DLL в системный процесс.
Затронутые продукты:CHECKPOINT : Checkpoint Endpoint Security VPN R75
CVE:CVE-2012-2753 (Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.)
Оригинальный текстdocumentmoshez_(at)_comsecglobal.com, Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack (17.06.2012)

Межсайтовый скриптинг в AdNovum NevisProxy
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12422
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг через перенаправления 302.
Затронутые продукты:ADNOVUM : nevisProxy 3.10
Оригинальный текстdocumentIvan Buetler, AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections (17.06.2012)
 documentCyrill Brunschwiler, CSNC-2012-004 Generic XSS in AdNovum nevisProxy (17.06.2012)

Обход защиты IObit Protected Folder
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12423
Тип:локальная
Уровень опасности:
4/10
Описание:Возможно обойти защиту, например подменив возвращаемое значение функции проверки пароля.
Оригинальный текстdocumentAdam Behnke, IObit Protected Folder Authentication Bypass (17.06.2012)

Выполнение кода в ESRI ArcMap
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12424
Тип:локальная
Уровень опасности:
4/10
Описание:MXD файлы могут содержать VBS-скрипты.
Затронутые продукты:ESRI : ArcMap 9
 ESRI : ArcGIS Desktop 10
CVE:CVE-2012-1661 (ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.)
Оригинальный текстdocumentBoston Cyber Defense, CVE-2012-1661 - ESRI ArcMap arbitrary code execution via crafted map file. (17.06.2012)

Многочисленные уязвимости безопасности в HP Onboard Administrator
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12425
Тип:удаленная
Уровень опасности:
5/10
Описание:Несанкционированный доступ, DoS.
Затронутые продукты:HP : HP Onboard Administrator 3.55
CVE:CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.)
 CVE-2012-1583 (Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.)
 CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.)
 CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.)
 CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.)
 CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.)
 CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.)
 CVE-2011-4108 (The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.)
 CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.)
 CVE-2011-2691 (The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.)
 CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS) (17.06.2012)

Выполнение кода в HP Server Automation
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12426
Тип:удаленная
Уровень опасности:
5/10
CVE:CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of Arbitrary Code (17.06.2012)

Обход аутентификации в F5 BIG-IP
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12427
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможен полный доступ к устройству.
Затронутые продукты:F5 : BIG-IP 11.1
CVE:CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.)
Оригинальный текстdocumentFlorent Daigniere, [MATTA-2012-002] CVE-2012-1493; F5 BIG-IP remote root authentication bypass Vulnerability (17.06.2012)

Ошибка форматной строки в FTP сервере ComSndFTP
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12428
Тип:удаленная
Уровень опасности:
5/10
Описание:Ошибка форматной строки в команде USER.
Затронутые продукты:COMSND : ComSndFTP 1.3
Оригинальный текстdocumentdemonalex_(at)_163.com, ComSndFTP Server Remote Format String Overflow Vulnerability (17.06.2012)

Переполнение буфера в Network UPS Tools
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12430
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера на длинной строке.
Затронутые продукты:NuT : nut 2.6
CVE:CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:087 ] nut (17.06.2012)

Переполнение буфера в Sielco Sistemi Winlog
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12431
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе трафика TCP/46824
Затронутые продукты:SIELCO : Winlog 2.07
Оригинальный текстdocumentdevnull_(at)_s3cur1ty.de, Sielco Sistemi Winlog Buffer Overflow <= v2.07.14 (17.06.2012)

Обход защиты arpwatch
Опубликовано:17 июня 2012 г.
Источник:
SecurityVulns ID:12432
Тип:локальная
Уровень опасности:
3/10
Описание:Некорректно сбрасываются повышенные привилегии.
Затронутые продукты:ARPWATCH : arpwatch 2.1
CVE:CVE-2012-2653 (arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2481-1] arpwatch security update (17.06.2012)

Уязвимости безопасности в HP DataDirect OpenAccess
дополнено с 17 июня 2012 г.
Опубликовано:24 июня 2012 г.
Источник:
SecurityVulns ID:12429
Тип:удаленная
Уровень опасности:
5/10
Описание:Несколько переполнений буфера при разборе сетевого трафика.
Затронутые продукты:HP : HP Database Archiving Software 6.31
CVE:CVE-2011-4165 (Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.)
 CVE-2011-4164 (Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.)
 CVE-2011-4163 (Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.)
Оригинальный текстdocumentZDI, ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability (24.06.2012)
 documentZDI, ZDI-12-089 : HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability (17.06.2012)
 documentZDI, ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability (17.06.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород