Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Adobe Shockwave Player
дополнено с 12 августа 2011 г.
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11849
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:ADOBE : Shockwave Player 11.6
CVE:CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2421 (Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file.)
 CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4308.)
 CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19) (17.08.2011)
Файлы:Security update available for Adobe Shockwave Player

DoS через DHCPv6 против Microsoft Windows
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11858
Тип:клиент
Уровень опасности:
4/10
Описание:Отказ RPC при разборе пакета с пустым Domain Search List.
Затронутые продукты:MICROSOFT : Windows 7
Оригинальный текстdocumenttunterleitner_(at)_barracuda.com, Malformed DHCPv6 packets cause RPC to become unresponsive (17.08.2011)

Проблема символьных линков во многих продуктах CheckPoint Security Management
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11859
Тип:локальная
Уровень опасности:
4/10
Описание:Проблема символьных линков в процессе установки.
CVE:CVE-2011-2664 (Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.)
Оригинальный текстdocumentMatthew Flanagan, CVE-2011-2664 Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products (17.08.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11860
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPLIST : phpList 2.10
 WEBSITEBAKER : WebsiteBaker 2.8
 ELGG : Elgg 1.7
 ELGG : Elgg 1.8
 AWIKI : awiki 20100125
 ECHATSERVER : EChat Server 2.5
 WORDPRESS : Fast Secure Contact Form 3.0
 WORDPRESS : WP-Stats-Dashboard 2.6
Оригинальный текстdocumentEhsan_Hp200_(at)_hotmail.com, phpWebSite (userpage) Cross Site Scripting Vulnerabilities (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, dpconsulenze (dettaglio.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, ECHO Creative Company (dettaglio.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, netplanet (dettaglio.asp?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, InYourLife (dettaglio.php?id) (dettaglio_immobile.php?id) (notizia.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, lab382 (dettaglio.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentHigh-Tech Bridge Security Research, Multiple XSS in WP-Stats-Dashboard (17.08.2011)
 documentHigh-Tech Bridge Security Research, XSS in Fast Secure Contact Form wordpress plugin (17.08.2011)
 documentrunlvl, INSECT Pro - Exploit EChat Server <= v2.5 20110812 - Remote Buffer Overflow Exploit (17.08.2011)
 documentYGN Ethical Hacker Group, WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability (17.08.2011)
 documentYGN Ethical Hacker Group, WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability (17.08.2011)
 documentLostmon lords, Calisto light, light plus and full, Sql Injection And user or Admin bypass (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Neox (categoria.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, QOLQA (categoria.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, cdeVision (index.php?page) Remote File Inclusion Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, CdeVision Cross Site Scripting Vulnerabilities (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, PCVmedia (free_gallery.php?cat_id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, CdeVision(students.php?id) (gallery.php?cat) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, DoodleIT (gallery.php?id) (about.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, BACKEND (categoria.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, SAY Comunicacion (producto.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentmuuratsalo experimental hack lab, awiki 20100125 multiple local file inclusion vulnerabilities (17.08.2011)
 documentcyber netron, The LAD Melbourne Cms Sql Injection Vulnerability (17.08.2011)
 documentLostmon lords, {Lostmonґs Group} Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid' SQL Injection (17.08.2011)
 documentDavide Canali, phpList Improper Access Control and Information Leakage vulnerabilities (17.08.2011)

Выполнение кода через foomatic
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11861
Тип:локальная
Уровень опасности:
4/10
Описание:Возможно выполнение кода через файлы .ppd
Затронутые продукты:FOOMATIC : Foomatic 4.0
 FOOMATIC : Foomatic 3.11
CVE:CVE-2011-2964 (foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.)
 CVE-2011-2697 (foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:125 ] foomatic-filters (17.08.2011)

DoS против ISC DHCPD
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11862
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при разборе пакета BOOTP
CVE:CVE-2011-2749 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.)
 CVE-2011-2748 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2292-1] ISC DHCP security update (17.08.2011)

Выполнение кода через ActiveX CheckPoint SSL VPN
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11863
Тип:клиент
Уровень опасности:
7/10
Описание:Небезопасные методы позволяют загрузку и выполнение файла.
CVE:CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827 (17.08.2011)

Слабое шифрование в VMware vFabric tc Server
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11865
Тип:m-i-t-m
Уровень опасности:
4/10
Описание:Сервер принимает пароли в открытом тексте даже если передача паролей в открытом тексте запрещена.
Затронутые продукты:VMWARE : vFabric tc Server 2.0
 VMWARE : vFabric tc Server 2.1
CVE:CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.)
Оригинальный текстdocumentVMWARE, CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass (17.08.2011)

Уязвимости безопасности в Apache Tomcat
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11866
Тип:удаленная
Уровень опасности:
6/10
Описание:Утечка информации, повышение привилегий.
Затронутые продукты:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.)
 CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.)
Оригинальный текстdocumentAPACHE, [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat) (17.08.2011)

Слабое шифрование в NetSaro Enterprise Messenger Server
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11867
Тип:локальная
Уровень опасности:
4/10
Описание:Пароль хранятся в открытом тексте или обратимой форме.
Затронутые продукты:NETSARO : NetSaro Enterprise Messenger Server 2.0
Оригинальный текстdocumentrobkraus_(at)_soutionary.com, NetSaro Enterprise Messenger Server Plaintext Password Storage Vulnerability (17.08.2011)
 documentrobkraus_(at)_soutionary.com, NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability (17.08.2011)

Многочисленные уязвимости безопасности в Oracle Sun Java
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11868
Тип:библиотека
Уровень опасности:
8/10
Затронутые продукты:ORACLE : Java SE 6
CVE:CVE-2011-0871 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.)
 CVE-2011-0869 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.)
 CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.)
 CVE-2011-0867 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.)
 CVE-2011-0865 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.)
 CVE-2011-0864 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.)
 CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:126 ] java-1.6.0-openjdk (17.08.2011)

Переполнение буфера в Nortel / Avaya Media Application Server
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11869
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе запроса TCP/52005
Затронутые продукты:AVAYA : Aura Application Server 5300
Оригинальный текстdocumentZDI, ZDI-11-260: Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability (17.08.2011)

Многочисленные уязвимости безопасности в Symantec Veritas Storage Foundation
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11870
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные уязвимости при разборе запросов по порту TCP/2148
CVE:CVE-2011-0547 (Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.)
Оригинальный текстdocumentZDI, ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability (17.08.2011)

Многочисленные уязвимости безопасности в RealNetworks Realplayer
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11871
Тип:клиент
Уровень опасности:
7/10
Описание:Межсайтовый скриптинг, переполнения буфера при разборе QCP, AAC, MP3, SWF, SIPR, небезопасные методы и переполнение буфера в ActiveX.
Затронутые продукты:REAL : RealPlayer Enterprise 2.1
 REAL : RealPlayer 14.0
 REAL : Mac RealPlayer 12.0
CVE:CVE-2011-2955 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.)
 CVE-2011-2954 (Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2953 (An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.)
 CVE-2011-2952 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.)
 CVE-2011-2951 (Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.)
 CVE-2011-2950 (Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.)
 CVE-2011-2949 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file.)
 CVE-2011-2948 (RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.)
 CVE-2011-2947 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document.)
 CVE-2011-2946 (Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2011-2945 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.)
Оригинальный текстdocumentZDI, ZDI-11-265: RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability (17.08.2011)
Файлы:RealNetworks, Inc. Releases Update to Address Security Vulnerabilities

Повторное использование данных аутентификации в EMC RSA Adaptive Authentication (On-Premise)
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11872
Тип:m-i-t-m
Уровень опасности:
5/10
Затронутые продукты:EMC : RSA AAOP 6.0
CVE:CVE-2011-2733 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.)
Оригинальный текстdocumentEMC, ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise) (17.08.2011)

Выполнение кода через ActiveX StudioLine Photo Basic
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11873
Тип:удаленная
Уровень опасности:
5/10
Описание:Небезопасный метод EnableLog()
Оригинальный текстdocumentHigh-Tech Bridge Security Research, StudioLine Photo Basic 3 ActiveX control Insecure Method (17.08.2011)

Многочисленные уязвимости безопасности в Mozilla Firefox / Seamonkey / Thunderbird
дополнено с 17 августа 2011 г.
Опубликовано:19 августа 2011 г.
Источник:
SecurityVulns ID:11874
Тип:удаленная
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, межсайтовый доступ, утечка информации, обход ограничений.
Затронутые продукты:MOZILLA : Firefox 3.6
 MOZILLA : Firefox 5.0
 MOZILLA : Thunderbird 6.0
 MOZILLA : Thunderbird 3.6
 MOZILLA : SeaMonkey 2.2
CVE:CVE-2011-2993 (The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.)
 CVE-2011-2992 (The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2011-2991 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2011-2990 (The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.)
 CVE-2011-2989 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2011-2988 (Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.)
 CVE-2011-2987 (Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2986 (Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.)
 CVE-2011-2985 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.)
 CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.)
 CVE-2011-2982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-2981 (The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.)
 CVE-2011-2980 (Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.)
 CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer.")
 CVE-2011-0084 (The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5, does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer.")
Оригинальный текстdocumentACROS Security, ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox (19.08.2011)
 documentACROS Security, ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird (19.08.2011)
 documentZDI, ZDI-11-271: Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability (18.08.2011)
 documentZDI, ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability (18.08.2011)
Файлы:Mozilla Foundation Security Advisory 2011-29 Security issues addressed in Firefox 6
 Mozilla Foundation Security Advisory 2011-30 Security issues addressed in Firefox 3.6.20
 Mozilla Foundation Security Advisory 2011-31 Security issues addressed in Thunderbird 6
 Mozilla Foundation Security Advisory 2011-32 Security issues addressed in Thunderbird 3.1.12
 Mozilla Foundation Security Advisory 2011-33 Security issues addressed in SeaMonkey 2.3

Повреждение памяти в libXfont
дополнено с 17 августа 2011 г.
Опубликовано:17 августа 2013 г.
Источник:
SecurityVulns ID:11864
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждение памяти при разборе сжатых шрифтов.
CVE:CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.)
Оригинальный текстdocumentUBUNTU, [USN-1191-1] libXfont vulnerability (17.08.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород