Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в PHP
дополнено с 13 марта 2014 г.
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13604
Тип:библиотека
Уровень опасности:
7/10
Описание:DoS, утечка информации, выполнение кода.
Затронутые продукты:PHP : PHP 5.5
CVE:CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.)
 CVE-2014-2020 (ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.)
 CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.)
 CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.)
 CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.)
 CVE-2013-7228
 CVE-2013-7227
 CVE-2013-7226 (Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:059 ] php (18.03.2014)
 documentUBUNTU, USN-2126-1] PHP vulnerabilities (13.03.2014)

Многочисленные уязвимости в Microsoft Internet Explorer
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13605
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
 MICROSOFT : Windows 8.1
CVE:CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.)
 CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.)
 CVE-2014-0321 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0313.)
 CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0321.)
 CVE-2014-0312 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0324.)
 CVE-2014-0311 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0305.)
 CVE-2014-0309 (Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0312, and CVE-2014-0324.)
 CVE-2014-0307 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0306 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0305 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0311.)
 CVE-2014-0304 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0303 (Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0302.)
 CVE-2014-0302 (Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0303.)
 CVE-2014-0299 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0305 and CVE-2014-0311.)
 CVE-2014-0298 (Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0297 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0308, CVE-2014-0312, and CVE-2014-0324.)
Файлы:Microsoft Security Bulletin MS14-012 - Critical Cumulative Security Update for Internet Explorer (2925418)

Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13606
Тип:библиотека
Уровень опасности:
8/10
Описание:Повреждение памяти в DirectShow, обход ограничений в SilverLight, обход ограничений в SAMR, повышение привилегий через драйверы.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
 MICROSOFT : Windows 8.1
CVE:CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability.")
 CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability.")
 CVE-2014-0317 (The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability.")
 CVE-2014-0301 (Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability.")
 CVE-2014-0300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability.")
Файлы:Microsoft Security Bulletin MS14-013 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
 Microsoft Security Bulletin MS14-014 - Important Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)
 Microsoft Security Bulletin MS14-015 - Important Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
 Microsoft Security Bulletin MS14-016 - Important Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)

Уязвимости безопасности в sudo
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13607
Тип:локальная
Уровень опасности:
5/10
Описание:Обход ограничений.
Затронутые продукты:SUDO : sudo 1.8
CVE:CVE-2014-0106 (Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.)
Оригинальный текстdocumentUBUNTU, [USN-2146-1] Sudo vulnerabilities (18.03.2014)

Повышение привилегий в BlackBerry QNX Neutrino RTOS
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13608
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий через ifwatchd и ppoectl.
Затронутые продукты:BLACKBERRY : QNX Neutrino RTOS 6.5
Оригинальный текстdocumentTim Brown, Medium severity flaw in BlackBerry QNX Neutrino RTOS (18.03.2014)
 documentTim Brown, Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS (18.03.2014)

Повышение привилегий через x2goserver
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13609
Тип:локальная
Уровень опасности:
5/10
Описание:Выполняется приложение по относительному пути.
CVE:CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, relate to the path to libx2go-server-db-sqlite3-wrapper.pl.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:063 ] x2goserver (18.03.2014)

Удаленный root через rlpdaemon в HP-UX (code execution)
дополнено с 21 ноября 2001 г.
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:1578
Тип:удаленная
Уровень опасности:
8/10
Описание:Некорректная разборка команд печати дает возможность доступа к файлам с привилегиями суперпользователя.
Затронутые продукты:HP : HP-UX 11.00
 HP : HP-UX 10.20
 HP : HP-UX 11.11
Оригинальный текстdocumentNomen Nescio, exploit for old rlpdaemon bug (18.03.2014)
 documentG.Borglum, HP-UX setuid rlpdaemon induced to make illicit file writes (17.12.2001)
 documentX-FORCE, ISS Security Advisory: Remote Logic Flaw Vulnerability in HP-UX Line Printer Daemon (21.11.2001)
Файлы:HP-UX rlpdaemon local exploit

Повреждения памяти в FreeType
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13610
Тип:библиотека
Уровень опасности:
6/10
Описание:Несколько повреждений памяти.
CVE:CVE-2014-2241 (The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.)
 CVE-2014-2240 (Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.)
Оригинальный текстdocumentUBUNTU, [USN-2148-1] FreeType vulnerabilities (18.03.2014)

Утечки информации в imapsync
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13611
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Несколько различных утечек информации.
Затронутые продукты:IMAPSYNC : imapsync 1.584
CVE:CVE-2014-2014 (imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.)
 CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:060 ] imapsync (18.03.2014)

Replay-атака в oath-toolkit
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13612
Тип:библиотека
Уровень опасности:
5/10
Описание:Ошибка реализации приводит к возможности реплей-атаки.
Затронутые продукты:OATHTOOLKIT : OATH Toolkit 2.4
CVE:CVE-2013-7322 (usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:061 ] oath-toolkit (18.03.2014)

Обход ограничений в Samba
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:13613
Тип:удаленная
Уровень опасности:
5/10
Описание:Несколько ситуаций обхода ограничений.
Затронутые продукты:SAMBA : Samba 3.4
 SAMBA : Samba 4.0
CVE:CVE-2013-6442 (The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.)
 CVE-2013-4496 (Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] samba (SSA:2014-072-01) (18.03.2014)

Переполнение буфера / исчерпание ресурсов в regcomp из GNU libc
дополнено с 7 января 2011 г.
Опубликовано:18 марта 2014 г.
Источник:
SecurityVulns ID:11342
Тип:библиотека
Уровень опасности:
7/10
Описание:Исчерпание ресурсов или переполнение буфера на регулярных выражениях типа ".*{10,}{10,}{10,}{10,}{10,}"
CVE:CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.)
 CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow.")
Оригинальный текстdocumentsubmit_(at)_cxsec.org, MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service (18.03.2014)
 documentMaksymilian Arciemowicz, GNU libc/regcomp(3) Multiple Vulnerabilities (07.01.2011)
Файлы:proftpd multiple exploit for VU#912279 (only with GNU libc/regcomp(3))

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород