Информационная безопасность
[RU] switch to English


Обход аутентификации в torque
дополнено с 13 октября 2013 г.
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13367
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможно выполнить команду подключившись напрямую к порту pbs_mom. Проблема шел-символов.
Затронутые продукты:TORQUE : Terascale Open-Source Resource and Queue Manager 2.5
 TORQUE : Terascale Open-Source Resource and Queue Manager 4.0
CVE:CVE-2013-4495 (The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.)
 CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2796-1] torque security update (18.11.2013)
 documentDEBIAN, [SECURITY] [DSA 2770-1] torque security update (13.10.2013)

Обход аутентификации в Apple iOS
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13401
Тип:локальная
Уровень опасности:
4/10
Описание:Возможно совершить покупки в AppStore с устройства без ввода пароля.
Затронутые продукты:APPLE : Apple iOS 7.0
CVE:CVE-2013-5193 (The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-11-14-1 iOS 7.0.4 (18.11.2013)

Повышение привилегий в VMWare Workstation
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13402
Тип:локальная
Уровень опасности:
5/10
Описание:Небезопасная загрузка разделяемых библиотек.
Затронутые продукты:VMWARE : VMware Workstation 9.0
 VMWARE : VMware Player 5.0
CVE:CVE-2013-5972 (VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.)
Оригинальный текстdocumentVMWARE, NEW VMSA-2013-0013 VMware Workstation host privilege escalation vulnerability (18.11.2013)

Обход аутентификации в DVR Dahua
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13403
Тип:удаленная
Уровень опасности:
5/10
Описание:В используемом протоколе TCP/37777 возможно выполнение команд без аутентификации.
CVE:CVE-2013-6117 (Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.)
 CVE-2013-3615 (Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.)
 CVE-2013-3614 (Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.)
 CVE-2013-3613 (Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.)
 CVE-2013-3612 (Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.)
Оригинальный текстdocumentJake_(at)_depthsecurity.com, Dahua DVR Authentication Bypass - CVE-2013-6117 (18.11.2013)

Повышение привилегий в различных su-приложениях Android
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13404
Тип:локальная
Уровень опасности:
3/10
Описание:Небезопасная работа с переменными окружениями и файловыми дискрипторами.
Затронутые продукты:CHAINSDD : ChainsDD Superuser 3.1
 CHAINFIRE : Chainfire SuperSU 1.68
CVE:CVE-2013-6775 (The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.)
 CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser.)
 CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.)
 CVE-2013-6768 (Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.)
Оригинальный текстdocumentKevin Cernekee, Superuser "su --daemon" vulnerability on Android >= 4.3 (18.11.2013)
 documentKevin Cernekee, Android Superuser shell character escape vulnerability (18.11.2013)
 documentKevin Cernekee, Superuser unsanitized environment vulnerability on Android <= 4.2.x (18.11.2013)

Многочисленные уязвимости безопасности в lighttpd
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13405
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход защиты, повышение привилегий, повреждение памяти.
Затронутые продукты:LIGHTTPD : lighttpd 1.4
CVE:CVE-2013-4560 (Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.)
 CVE-2013-4559 (lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.)
 CVE-2013-4508 (lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2795-1] lighttpd security update (18.11.2013)

Уязвимости безопасности в HP Integrated Lights-Out
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13406
Тип:удаленная
Уровень опасности:
4/10
Описание:Межсайтовый скриптинг, утечка информации.
Затронутые продукты:HP : HP iLO4
CVE:CVE-2013-4843 (Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.)
 CVE-2013-4842 (Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBHF02939 rev.1 - HP Integrated Lights-Out 4 (iLO4), Remote Cross Site Scripting (XSS), Unauthorized Disclosure of Information (18.11.2013)

Переполнение буфера в библиотеке SPICE
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13407
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера на длинном пароле.
Затронутые продукты:SPICE : spice 0.12
CVE:CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.)
Оригинальный текстdocumentUBUNTU, [USN-2027-1] SPICE vulnerability (18.11.2013)

Повышение привилегий через Libvirt
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13408
Тип:библиотека
Уровень опасности:
5/10
Описание:Некорректная проверка привилегий в virConnectDomainXMLToNative.
Затронутые продукты:LIBVIRT : libvirt 1.1
CVE:CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentUBUNTU, [USN-2026-1] libvirt vulnerability (18.11.2013)

Повреждения памяти в libav
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13409
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждения памяти при разборе медиаформатов.
Затронутые продукты:LIBAV : libav 0.8
CVE:CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.)
 CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.)
 CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.)
 CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.)
 CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.)
 CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.)
 CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2793-1] libav security update (18.11.2013)
 documentUBUNTU, [USN-2025-1] Libav vulnerabilities (18.11.2013)

Межсайтовый скриптинг в Juniper JunOS
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13410
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в Embedthis.
Затронутые продукты:JUNIPER : JUNOS 11.4
Оригинальный текстdocumentinfo_(at)_andreabodei.com, XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3 (18.11.2013)

Повышение привилегий в MAAS
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13411
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий и отсутствие криптографических проверок в maas-import-pxe-files.
Затронутые продукты:MAAS : maas-cluster-controller 1.3
CVE:CVE-2013-1058 (maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.)
 CVE-2013-1057 (Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.)
Оригинальный текстdocumentUBUNTU, [USN-2013-1] MAAS vulnerabilities (18.11.2013)

Обратный путь в каталогах Cisco WAAS
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13412
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах при загрузке файла.
Затронутые продукты:CISCO : Wide Area Application Services 3.5
CVE:CVE-2013-5554 (Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.)
Файлы:Cisco WAAS Mobile Remote Code Execution Vulnerability

Несанкционированный доступ к Cisco TelePresence VX Clinical Assistant
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13413
Тип:удаленная
Уровень опасности:
5/10
Описание:Пароль администратора сбрасывается при каждой перезагрузке.
Затронутые продукты:CISCO : TelePresence VX Clinical Assistant 1.2
CVE:CVE-2013-5558 (The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID CSCuj17238.)
Файлы:Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability

Обход защиты в Light Display Manager
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13414
Тип:локальная
Уровень опасности:
5/10
Описание:Неправильное применение политик AppArmor.
Затронутые продукты:LDM : lightdm 1.8
CVE:CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.)
Оригинальный текстdocumentUBUNTU, [USN-2012-1] Light Display Manager vulnerability (18.11.2013)

Обход аутентификации в IP-камерах Vivotek
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13415
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход аутентификации при доступе по RTSP.
Затронутые продукты:VIVOTEK : Vivotek IP7160
 VIVOTEK : Vivotek IP7361
 VIVOTEK : Vivotek IP8332
CVE:CVE-2013-4985
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass (18.11.2013)

Межсайтовый скриптинг в EMC Documentum
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13416
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в различных компонентах.
Затронутые продукты:EMC : Documentum eRoom 7.4
 EMC : Documentum 6.7
CVE:CVE-2013-3286 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.)
 CVE-2013-3281 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.)
Оригинальный текстdocumentEMC, ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability. (18.11.2013)
 documentEMC, ESA-2013-073: EMC Documentum eRoom Multiple Cross Site Scripting Vulnerabilities. (18.11.2013)

Многочисленные уязвимости безопасности в Open-Xchange
дополнено с 1 октября 2013 г.
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13293
Тип:библиотека
Уровень опасности:
5/10
Описание:Многочисленные уязвимости.
Затронутые продукты:OPENXCHANGE : Open-Xchange 7.2
CVE:CVE-2013-6074 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.)
 CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.)
 CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.)
 CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.)
 CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.)
Оригинальный текстdocumentOPENXCHANGE, Open-Xchange Security Advisory 2013-11-06 (18.11.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-09-30 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-09-10 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-08-16 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-07-31 (01.10.2013)

Многочисленные уязвимости безопасности в Cisco IOS
дополнено с 1 октября 2013 г.
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13299
Тип:удаленная
Уровень опасности:
8/10
Описание:Многочисленные DoS-условия, утечка информации.
Затронутые продукты:CISCO : IOS 12.2
 CISCO : IOS 15.3
 CISCO : IOS XR 4.3
CVE:CVE-2013-5553 (Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.)
 CVE-2013-5549 (Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380.)
 CVE-2013-5547 (Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.)
 CVE-2013-5546 (The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509.)
 CVE-2013-5545 (The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.)
 CVE-2013-5543 (Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.)
 CVE-2013-5503 (The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.)
 CVE-2013-5480 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.)
 CVE-2013-5479 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.)
 CVE-2013-5478 (Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.)
 CVE-2013-5477 (The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.)
 CVE-2013-5476 (The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.)
 CVE-2013-5475 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561.)
 CVE-2013-5474 (Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812.)
 CVE-2013-5473 (Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.)
 CVE-2013-5472 (The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.)
Файлы:Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability
 Cisco IOS Software Network Address Translation Vulnerabilities
 Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability
 Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability
 Cisco IOS Software Queue Wedge Denial of Service Vulnerability
 Cisco IOS Software DHCP Denial of Service Vulnerability
 Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability
 Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability
 Cisco IOS XR Software Memory Exhaustion Vulnerability
 Cisco IOS XR Software Route Processor Denial of Service Vulnerability
 Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Многочисленные уязвимости безопасности в wireshark
дополнено с 2 октября 2013 г.
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:13309
Тип:удаленная
Уровень опасности:
5/10
Описание:Уязвимости в диссекторах различных протоколов.
Затронутые продукты:WIRESHARK : Wireshark 1.10
CVE:CVE-2013-6340 (epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-6338 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-6337 (Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-6336 (The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-5722 (Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-5721 (The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-5720 (Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-5719 (epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
 CVE-2013-5718 (The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2792-1] wireshark security update (18.11.2013)
 documentMANDRIVA, [ MDVSA-2013:238 ] wireshark (02.10.2013)

Многочисленные уязвимости безопасности в Apple Mac OS X и QuickTime
дополнено с 18 ноября 2010 г.
Опубликовано:18 ноября 2013 г.
Источник:
SecurityVulns ID:11263
Тип:удаленная
Уровень опасности:
9/10
Описание:Многочисленные уязвимости в ядре системы, сетевых компонентах, подсистемах печати, сервере AFP, AppKit, Apple Type Services, CFNetwork, CoreGraphics, CoreText, Directory Services, diskdev_cmds, Disk Images, Image Capture, ImageIO, Image RAW, Password Server, QuickLook, QuickTime, Safari RSS, Time Machine, Wiki Server, X11 и сторонних приложениях.
Затронутые продукты:APPLE : MacOS X 10.5
 QUICKTIME : QuickTime 7.6
 APPLE : MacOS X 10.6
CVE:CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.)
 CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.)
 CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.)
 CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.)
 CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.)
 CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.)
 CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.)
 CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.)
 CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.)
 CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.)
 CVE-2010-3786 (QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.)
 CVE-2010-3785 (Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.)
 CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls.)
 CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors.)
 CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.)
 CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.)
 CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.)
 CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.)
 CVE-2010-1847 (The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.)
 CVE-2010-1846 (Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.)
 CVE-2010-1845 (ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.)
 CVE-2010-1844 (Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image.)
 CVE-2010-1843 (Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.)
 CVE-2010-1842 (Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.)
 CVE-2010-1841 (Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.)
 CVE-2010-1840 (Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.)
 CVE-2010-1838 (Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.)
 CVE-2010-1837 (CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.)
 CVE-2010-1836 (Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.)
 CVE-2010-1834 (CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.)
 CVE-2010-1833 (Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.)
 CVE-2010-1832 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.)
 CVE-2010-1831CVE-2010-1831
 CVE-2010-1830 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors.)
 CVE-2010-1829 (Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.)
 CVE-2010-1828 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.)
 CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.)
 CVE-2010-1803 (Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.)
 CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.)
 CVE-2010-1378 (OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.)
 CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.)
 CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.)
 CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.)
 CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.)
 CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.)
 CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.6.2 and 10.6.3 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions.)
 CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.)
Оригинальный текстdocumentsubmit_(at)_cxsec.org, Apple MacOSX 10.9 Hard Link Memory Corruption (18.11.2013)
 document[email protected], NGS00015 Patch Notification: ImageIO Memory Corruption (23.11.2010)
 documentCHECKPOINT, Apple Directory Services Memory Corruption - CVE-2010-1840 (18.11.2010)
 documentSECUNIA, Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability (18.11.2010)
 documentLaurent OUDOT at TEHTRI-Security, [TEHTRI-Security] CVE-2010-1752: Update your MacOSX (18.11.2010)
 documentIDEFENSE, iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability (18.11.2010)
 documentAPPLE, About the security content of Mac OS X v10.6.5 and Security Update 2010-007 (18.11.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород