Информационная безопасность
[RU] switch to English


DoS против libpurple / Pidgin
дополнено с 27 ноября 2011 г.
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12062
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе протокола SILC, отказ при разборе протокола OSCAR (AIM, ICQ)
Затронутые продукты:LIBPURPLE : libpurple 2.10
CVE:CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.)
 CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:183 ] pidgin (19.12.2011)
 documentUBUNTU, [USN-1273-1] Pidgin vulnerabilities (27.11.2011)

Многочисленные уязвимости безопасности в Adobe Acrobat / Reader
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12095
Тип:клиент
Уровень опасности:
8/10
Описание:Несколько уязвимостей активно используется для получения несанкционированного доступа.
CVE:CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
 CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
 CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
Файлы:Security Advisory for Adobe Reader and Acrobat
 Security updates available for Adobe Reader and Acrobat 9.x for Windows

Проблема символьных линков в bzexe из bzip2
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12096
Тип:локальная
Уровень опасности:
5/10
Описание:Небезопасное создание временных файлов.
Затронутые продукты:BZIP : bzip2 1.0
CVE:CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.)
Оригинальный текстdocumentUBUNTU, [USN-1308-1] bzip2 vulnerability (19.12.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12098
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:POMMO : poMMo 16.1
 NAGIOS : Nagios XI 2011
 BROWSERCRM : Browser CRM 5.100
 SEOTOASTER : Seotoaster 1.9
 ANYTIMECOMM : Owl Intranet Engine 1.01
 PHPCMS : PHP-SCMS 1.6
Оригинальный текстdocumentAmir_(at)_irist.ir, Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities (19.12.2011)
 documentvtek63_(at)_gmail.com, Citrix Receiver, XenDesktop "Pass-the-hash" Attack (19.12.2011)
 document0a29 40, 0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9 (19.12.2011)
 document0a29 40, 0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9 (19.12.2011)
 documentsschurtz_(at)_t-online.de, PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability (19.12.2011)
 documentRedTeam Pentesting, [RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass (19.12.2011)
 documentRedTeam Pentesting, RedTeam Pentesting GmbH (19.12.2011)
 documentsecurity_(at)_infoserve.de, Seotoaster SQL-Injection Admin Login Bypass (19.12.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Browser CRM (19.12.2011)
 documentMustLive, BF, XSS, IAA и CSRF уязвимости в poMMo (19.12.2011)
 documentMustLive, CS и XSS уязвимости в Zeema CMS (19.12.2011)

Несанкционированный доступ через Nova
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12099
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможна перезапись файлов.
Затронутые продукты:NOVA : Nova 2011.3
CVE:CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.)

Уязвимости безопасности в библиотеке JasPer
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12100
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера и повреждение памяти при разборе JPEG2000.
Затронутые продукты:JASPER : JasPer 1.900
CVE:CVE-2011-4517 (The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a malformed JPEG2000 file.)
 CVE-2011-4516 (Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a JPEG2000 file.)

Уязвимости безопасности в библиотеке libxml
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12101
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера, обращение к невыделенной памяти.
Затронутые продукты:LIBXML : libxml 2.7
CVE:CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-3905 (libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.)

Многочисленные уязвимости безопасности в Websense
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12102
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода, межсайтовый скриптинг.
Затронутые продукты:WEBSENSE : Websense 7.6
Оригинальный текстdocument[email protected], NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI (19.12.2011)
 document[email protected], NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI (19.12.2011)
 document[email protected], NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM (19.12.2011)
 document[email protected], NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI (19.12.2011)

Уязвимости безопасности в Restorepoint
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12103
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода, повышение привилегий.
Затронутые продукты:RESTOREPOINT : Restorepoint 3.2
CVE:CVE-2011-4202 (The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file.)
 CVE-2011-4201 (remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action.)
Оригинальный текстdocumentTavaris Desamito, [MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202 (19.12.2011)

Обход защиты в libcap
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12104
Тип:библиотека
Уровень опасности:
4/10
Описание:После chroot() не вызывается chdir().
Затронутые продукты:LIBCAP : libcap 2.19
CVE:CVE-2011-4099 (The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:185 ] libcap (19.12.2011)

Обратный путь в каталогах zFTPServer
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12105
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах в команде rmdir
Затронутые продукты:ZFTPSERVER : zFTPServer 6.0
CVE:CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.)
Оригинальный текстdocumentsecurity_(at)_infoserve.de, zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal (19.12.2011)

Уязвимости безопасности в EMC RSA Adaptive Authentication (On-Premise)
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12106
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможен обход защиты.
Затронутые продукты:EMC : RSA Adaptive Authentication On-Premise 6.0
CVE:CVE-2011-2742 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device.)
 CVE-2011-2741 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements.")
Оригинальный текстdocumentEMC, ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise) (19.12.2011)

Подмена DLL во многих приложениях Microsoft Windows
дополнено с 26 августа 2010 г.
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:11096
Тип:клиент
Уровень опасности:
6/10
Описание:При вызове приложения ассоциированного с типом файлов, текущий путь устанавливается в папку, где находится файл, по-умолчанию загрузка динамических библиотек происходит из текущего пути.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 PLOTSOFT : PDFill PDF Editor 8.0
 EMC : RSASecurID Software Token 4.1
CVE:CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file.)
 CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability.")
 CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability.")
 CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.)
Оригинальный текстdocumentEMC, ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) (19.12.2011)
 documentrobkraus_(at)_soutionary.com, Foxit Reader Insecure Library Loading (22.07.2011)
 documentrobkraus_(at)_solutionary.com, PDFill Insecure Library Loading (10.06.2011)
 documentMitja Kolsek, Silently Pwning Protected-Mode IE9 and Innocent Windows Applications (08.05.2011)
 documentNSO Research, NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability (24.01.2011)
 documentACROS Security, ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products (13.01.2011)
 documentapa-iutcert_(at)_nsec.ir, Google Desktop Insecure Library Loading Vulnerability (30.11.2010)
 documentapa-iutcert_(at)_nsec.ir, AOL Instant Messenger Insecure Library Loading Vulnerability (30.11.2010)
 documentSalvatore "drosophila" Fresta, Audacity <= 1.3 Beta Multiple Local Vulnerabilities (02.11.2010)
 documentapa-iutcert_(at)_nsec.ir, ACDSee Photo Manager Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, FlipAlbum Vista Pro Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Internet Download Manager Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Nessus Client Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Orbit Downloader Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, WinMerge Insecure Library Loading Vulnerability (28.10.2010)
 documentACROS Security, Breaking The SetDllDirectory Protection Against Binary Planting (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Secunia PSI Insecure Library Loading Vulnerability (28.10.2010)
 documentACROS Security, How Visual Studio Makes Your Applications Vulnerable to Binary Planting (26.10.2010)
 documentindoushka salah el ddine, Microsft COFEE v1.1.2 DLL Hijacking Exploit (19.10.2010)
 documentindoushka salah el ddine, Vuris win32 mabezat DLL Hijacking Exploit (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Accounting Pro 2003 Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Rafe 7 Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Brilliant Accounting System (59) Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Sahar Money Manager Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Holoo Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Xilisoft Video Converter Ultimate Insecure Library Loading Vulnerability (19.10.2010)
 documentYGN Ethical Hacker Group, Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll) (02.09.2010)
 documentYGN Ethical Hacker Group, KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) (02.09.2010)
 documentnikhil_uitrgpv_(at)_yahoo.co.in, Tortoise SVN DLL Hijacking Vulnerability (02.09.2010)
 documentinfo_(at)_securitylab.ir, Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll) (31.08.2010)
 documentYGN Ethical Hacker Group, QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll) (30.08.2010)
 documentYGN Ethical Hacker Group, Maxthon Browser version 2.5.15.1000 Insecure DLL Hijacking Vulnerability (dwmapi.dll) (30.08.2010)
 documentYGN Ethical Hacker Group, Notepad++ version 5.7 Insecure DLL Hijacking Vulnerability (30.08.2010)
 documentglafkos_(at)_astalavista.com, Flash Player 9 DLL Hijacking Exploit (schannel.dll) (30.08.2010)
 documentglafkos_(at)_astalavista.com, Skype <= 4.2.0.169 DLL Hijacking Exploit (wab32.dll) (30.08.2010)
 documentMICROSOFT, Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution (29.08.2010)
 documentCERT, US-CERT Technical Cyber Security Alert TA10-238A -- Microsoft Windows Insecurely Loads Dynamic Libraries (29.08.2010)
 documentglafkos_(at)_astalavista.com, TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll] (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe Premier Pro CS4 DLL Hijacking Exploit (ibfs32.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll) (26.08.2010)
Файлы:Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution
 A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm
 Microsoft Security Bulletin MS11-059 - Important Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
 Microsoft Security Bulletin MS11-071 - Important Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) Published: Tuesday, September 13, 2011

Целочисленное переполнение в Sterling Trader
дополнено с 2 октября 2011 г.
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:11944
Тип:удаленная
Уровень опасности:
5/10
Описание:Целочисленное переполнение при разборе сетевого запроса.
Затронутые продукты:STERLINGTRADER : Sterling Trader 7.0
CVE:CVE-2011-3842
Оригинальный текстdocumentSECUNIA, Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability (19.12.2011)
 documentLuigi Auriemma, Integer overflow in Sterling Trader 7.0.2 (02.10.2011)

Уязвимости безопасности в PHP
дополнено с 19 декабря 2011 г.
Опубликовано:8 февраля 2012 г.
Источник:
SecurityVulns ID:12097
Тип:библиотека
Уровень опасности:
6/10
Описание:Обращение за пределы выделенной памяти при разборе EXIF-заголовков JPEG. DoS из-за предсказуемых коллизий хэш-функции формы.
Затронутые продукты:PHP : PHP 5.3
 PHP : PHP 5.4
CVE:CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.)
 CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.)
 CVE-2011-4566 (Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.)
Оригинальный текстdocumentsecurity_(at)_nruns.com, n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (02.01.2012)
 documentAndrea Barisani, [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision (02.01.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород