Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в продуктах VMWare
дополнено с 12 апреля 2010 г.
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10754
Тип:локальная
Уровень опасности:
5/10
Описание:Выполнение кода, повышение привилегий, переполнения буфера, ошибки форматной строки, DoS, утечки информации.
Затронутые продукты:VMWARE : VMware ESX 3.0
 VMWARE : VMware ESX 2.5
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Workstation 6.5
 VMWARE : VMware Player 2.5
 VMWARE : VMware ACE 2.5
 VMWARE : VMware Server 2.0
 VMWARE : VMware Fusion 2.0
 VMWARE : VMware ESXi 4.0
 VMWARE : VMware ESX 4.0
 VMWARE : VMware Workstation 7.0
 VMWARE : VMware Player 3.0
 VMWARE : VMware ACE 2.6
 VMWARE : VMware Fusion 3.0
 VMWARE : VMware VIX API for Windows 1.6
CVE:CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.)
 CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.)
 CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.)
 CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.)
 CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.)
 CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.)
 CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.)
 CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors.")
 CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.)
Оригинальный текстdocumentAlexandr Polyakov, [DSecRG-09-053] VMware Remoute Console - format string (19.04.2010)
 documentACROS Security, ACROS Security: Local Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-2) (14.04.2010)
 documentACROS Security, ACROS Security: Remote Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-1) (14.04.2010)
 documentIDEFENSE, iDefense Security Advisory 04.09.10: VMware VMnc Codec Heap Overflow Vulnerability (13.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - VMware Products Movie Decoder Heap Overflow Vulnerability (12.04.2010)
 documentSECUNIA, Secunia Research: VMWare VMnc Codec HexTile Encoding Buffer Overflow (12.04.2010)
 documentSECUNIA, Secunia Research: VMWare VMnc Codec HexTile Encoding Two Integer Truncation Vulnerabilities (12.04.2010)
 documentVMWARE, VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (12.04.2010)

Многочисленные уязвимости безопасности в Adobe Acrobat и Reader
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10768
Тип:удаленная
Уровень опасности:
8/10
Описание:Многочисленные переполнения буфера, повреждения памяти, выполнение кода, межсайтовый скриптинг, DoS-условия.
Затронутые продукты:ADOBE : Acrobat 9.3
 ADOBE : Reader 9.3
 ADOBE : Acrobat 8.2
 ADOBE : Reader 8.2
CVE:CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.)
 CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201.)
 CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202.)
 CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203.)
 CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204.)
 CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203.)
 CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203.)
 CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204.)
 CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193.)
 CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204.)
 CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196.)
 CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196.)
 CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability.")
 CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader GIF Data Buffer Overflow Vulnerability (19.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader JPEG Data Buffer Overflow Vulnerability (19.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader BMP Data Buffer Overflow Vulnerability (19.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader PNG Data Buffer Overflow Vulnerability (19.04.2010)
 documentZDI, ZDI-10-071: Adobe Reader TrueType Font Handling Remote Code Execution Vulnerability (19.04.2010)
 documentADOBE, Security update available for Adobe Reader and Acrobat (19.04.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10769
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:E107 : e107 0.7
 APACHE : OFBiz 9.04
 OPENTAPS : Opentaps 1.4
 NEOGIA : Neogia 1.0
 ENTENTEOYA : Entente Oya 1.6
 OPENSCRUTIN : Openscrutin 1.03
 NUCLEUS : Nucleus 3.51
 RJITOP : RJ-iTop 3.0
CVE:CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.)
Оригинальный текстdocumentSECUNIA, Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability (19.04.2010)
 documentwsn1983_(at)_gmail.com, RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities (19.04.2010)
 documenteidelweiss, Nucleus CMS v.3.51 (DIR_LIBS) Multiple Vulnerability (19.04.2010)
 documentVUPEN Security Research, VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities (19.04.2010)
 documentinfo_(at)_securitylab.ir, Ziggurat CMS Multiple Vulnerabilities (19.04.2010)
 documenteidelweiss, 60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability (19.04.2010)
 documentInj3ct0r.com, Openscrutin 1.03 (RFI/LFI) Multiple File Include Vulnerability (19.04.2010)
 documentJacopo Cappellato, [CVE-2010-0432] Apache OFBiz Multiple XSS Vulnerabilities (19.04.2010)

Многочисленные уязвимости безопасности в irssi
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10770
Тип:удаленная
Уровень опасности:
5/10
Описание:Недостаточная проверка SSL-сертификата. DoS.
Затронутые продукты:IRSSI : irssi 0.8
CVE:CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.)
 CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.)
Оригинальный текстdocumentUBUNTU, [USN-929-1] irssi vulnerabilities (19.04.2010)

Кратковременные условия в KDE kdm
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10771
Тип:локальная
Уровень опасности:
5/10
Описание:Кратковременные условия позволяют изменить разрешения на файлы.
Затронутые продукты:KDE : KDE 3.5
CVE:CVE-2010-0436 (Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:074 ] kdebase (19.04.2010)

DoS против jabber-сервера ejabberd
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10772
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение индекса массива при большом количестве одновременных сообщений c2s.
Затронутые продукты:EJABBERD : ejabberd 2.1
CVE:CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2033-1] New ejabberd packages fix denial of service (19.04.2010)

Выполнение кода через ActiveX Cisco Secure Desktop
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10773
Тип:клиент
Уровень опасности:
7/10
Описание:ActiveX Web Install позволяет загрузить и выполнить код из-за некорректной реализации проверки сигнатуры.
Затронутые продукты:CISCO : Cisco Secure Desktop 3.5
CVE:CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.)
Оригинальный текстdocumentZDI, ZDI-10-072: Cisco Secure Desktop CSDWebInstaller ActiveX Control Remote Code Execution Vulnerability (19.04.2010)
 documentCISCO, Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability (19.04.2010)

DoS против management-модуля IBM BladeCenter
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10774
Тип:удаленная
Уровень опасности:
4/10
Описание:Отказ при разборе трафика по порту tcp/3900
Оригинальный текстdocumentAlexandr Polyakov, [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability (19.04.2010)

Обход защиты в Imperva SecureSphere Web Application Firewall
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10775
Тип:удаленная
Уровень опасности:
4/10
Затронутые продукты:IMPERVA : SecureSphere 7.0
CVE:CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.)
Оригинальный текстdocumentScott Miles, Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability (19.04.2010)

Повышение привилегий в Micropoint Proactive Denfense
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10776
Тип:локальная
Уровень опасности:
5/10
Описание:Контролируемое обращение к памяти ядра при обработке IOCTL.
Оригинальный текстdocumentdlrow1991_(at)_ymail.com, Micropoint Proactive Denfense Mp110013.sys <= 1.3.10123.0 Local Privilege Escalation Exploit (19.04.2010)
Файлы:Micropoint Proactive Denfense Mp110013.sys <= 1.3.10123.0 Local Privilege Escalation Exploit

Несанкционированный доступ через iomega Home Media Network Hard Drive
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10777
Тип:удаленная
Уровень опасности:
5/10
Описание:Веб-интерфейс позволяет smb-доступ к устройству и сети, к которой оно подключено.
Затронутые продукты:EMC : Iomega Home Media Network Hard Drive
Оригинальный текстdocumentfizix610_(at)_hotmail.com, Unauthenticated Filesystem Access in iomega Home Media Network Hard Drive (19.04.2010)

Повреждение памяти в библиотеке Visualization Library
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10778
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждение памяти при разборе файлов .dat
Затронутые продукты:VISUALIZATIONLIB : Visualization Library 2009.08
CVE:CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library 2009.08.812 allow user-assisted remote attackers to execute arbitrary code via a crafted DAT file, related to the (1) vl::loadDAT and (2) vl::isDAT functions.)
Оригинальный текстdocumentSECUNIA, Secunia Research: Visualization Library DAT File Parsing Vulnerabilities (19.04.2010)

Многочисленные уязвимости безопасности в Apple Mac OS X
дополнено с 7 апреля 2010 г.
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10746
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода при разборе файлов Internet Enabled Disk Image. Многочисленне уязвимости в ImageIO.
CVE:CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.)
 CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.)
Оригинальный текстdocumentZDI, ZDI-10-076: Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability (19.04.2010)
 documentZDI, ZDI-10-039: Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability (07.04.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород