Информационная безопасность
[RU] switch to English


Целочисленное переполнение в bzip2
Опубликовано:20 сентября 2010 г.
Источник:
SecurityVulns ID:11156
Тип:библиотека
Уровень опасности:
6/10
Описание:Целочисленное переполнение при распаковке архива bz2.
Затронутые продукты:BZIP : bzip2 1.0
 BZIP2 : libbz2 1.0
CVE:CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.)
Оригинальный текстdocumentUBUNTU, [USN-986-1] bzip2 vulnerability (20.09.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:20 сентября 2010 г.
Источник:
SecurityVulns ID:11157
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:E107 : e107 0.7
 DRUPAL : Drupal 6.6
 FREESIMPLESOFT : Free Simple CMS 1.0
CVE:CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.)
 CVE-2010-3093 (The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.)
 CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.)
 CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2113-1] New drupal6 packages fix several vulnerabilities (20.09.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in e107 (20.09.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in e107 (20.09.2010)
 documentAndrea Barisani, [oCERT-2010-003] Free Simple CMS path sanitization errors (20.09.2010)

DoS против прокси-сервера Squid
Опубликовано:20 сентября 2010 г.
Источник:
SecurityVulns ID:11158
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при получении запроса с пустыми строками заголовка.
Затронутые продукты:SQUID : squid 3.1
CVE:CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2111-1] New squid3 packages fix denial of service (20.09.2010)

Несанкционированный доступ к Alcatel CCAgent
Опубликовано:20 сентября 2010 г.
Источник:
SecurityVulns ID:11159
Тип:удаленная
Уровень опасности:
5/10
Описание:Сервер не производит аутентификацию доступа, пароль хранится на клиенте в декодируемой форме.
Затронутые продукты:ALCATEL : CCAgent 0.9
CVE:CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.)
 CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe.)
Оригинальный текстdocumentsecurity_(at)_nruns.com, n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server (20.09.2010)

Переполнение буфера в Alcatel OmniVista 4760
Опубликовано:20 сентября 2010 г.
Источник:
SecurityVulns ID:11160
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера во встроенном HTTP-прокси.
CVE:CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request.)
Оригинальный текстdocumentsecurity_(at)_nruns.com, n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760 (20.09.2010)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 11 сентября 2010 г.
Опубликовано:20 сентября 2010 г.
Источник:
SecurityVulns ID:11129
Тип:локальная
Уровень опасности:
6/10
Описание:DoS-условия, повышение привилегий в клиенте CIFS, повышение привилегий через do_anonymous_page, утечка информации в XFS, повышение привилегий в compat_alloc_user_space().
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.)
 CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.)
 CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.)
 CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.)
 CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.)
 CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.)
 CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.)
 CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.)
 CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues (20.09.2010)
 documentMANDRIVA, [ MDVSA-2010:172 ] kernel (11.09.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород