Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в ядре Linux
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12151
Тип:удаленная
Уровень опасности:
6/10
Описание:DoS условия, утечка информации, повышение привилегий.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.)
 CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.)
 CVE-2011-4611 (Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events.)
 CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.)
 CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key.")
 CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.)
 CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.)
 CVE-2011-2898 (net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.)
 CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2389-1] linux-2.6 security update (21.01.2012)

Многочисленные уязвимости безопасности в Microsoft Windows
дополнено с 11 января 2012 г.
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12137
Тип:клиент
Уровень опасности:
7/10
Описание:Обход защиты SafeSEH, выполнение кода через Windows Object Packager, повышение привилегий через CSRSS, повреждения памяти в DirectShow / Windows Media, выполнение кода в Windows Packager, утечка информации в SSL/TLS.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-0013 (Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability.")
 CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability.")
 CVE-2012-0005 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability.")
 CVE-2012-0004 (Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability.")
 CVE-2012-0003 (Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability.")
 CVE-2012-0001 (The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability.")
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Оригинальный текстdocumentAkita Software Security, Office arbitrary ClickOnce application execution vulnerability (21.01.2012)
Файлы:Microsoft Security Bulletin MS12-001 - Important Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
 Microsoft Security Bulletin MS12-002 - Important Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
 Microsoft Security Bulletin MS12-003 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
 Microsoft Security Bulletin MS12-004 - Critical Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
 Microsoft Security Bulletin MS12-005 - Important Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
 Microsoft Security Bulletin MS12-006 - Important Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

Двойное освобождение памяти в GreenBrowser
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12152
Тип:клиент
Уровень опасности:
5/10
Описание:Двойное освобождение памяти через тэг iframe
Затронутые продукты:GREENBROWSER : GreenBrowser 6.0
Оригинальный текстdocumentvuln_(at)_nipc.org.cn, GreenBrowser iframe content Double Free Vulnerability (21.01.2012)

Уязвимости безопасности в ActiveX NTR
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12153
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера, небезопасный метод.
Затронутые продукты:NTR : NTR ActiveX control 2.0
CVE:CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.)
 CVE-2012-0266 (Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.)
Оригинальный текстdocumentSECUNIA, Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability (21.01.2012)
 documentSECUNIA, Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities (21.01.2012)

Утечка информации в HP Business Availability Center / Business Service Management
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12155
Тип:удаленная
Уровень опасности:
5/10
CVE:CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.)
 CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.)
 CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information (21.01.2012)

Переполнение буфера в Suhoshin
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12157
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера в коде прозрачного шифрования куки.
Затронутые продукты:SUHOSHIN : Suhoshin 0.9
Оригинальный текстdocumentStefan Esser, Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow (21.01.2012)

Утечка информации в EMC SourceOne
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12158
Тип:локальная
Уровень опасности:
4/10
Описание:Утечка информации через log-файлы.
Затронутые продукты:EMC : SourceOne 6.5
 EMC : SourceOne 6.6
 EMC : SourceOne 6.7
CVE:CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.)
Оригинальный текстdocumentEMC, ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability. (21.01.2012)

DoS против PHP
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12159
Тип:библиотека
Уровень опасности:
5/10
Описание:Обращение по нулевому указателю из-за непроверяемого значения zend_strndup
Затронутые продукты:PHP : PHP 5.3
CVE:CVE-2011-4153 (PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.)
Оригинальный текстdocumentcxib_(at)_cxsecurity.com, PHP 5.3.8 Multiple vulnerabilities (21.01.2012)

Уязвимости безопасности в HP StorageWorks P2000
дополнено с 16 января 2012 г.
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12144
Тип:удаленная
Уровень опасности:
5/10
Описание:Учетная запись по умолчанию, обратный путь в каталогах.
Затронутые продукты:HP : StorageWorks P2000
CVE:CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.)
Оригинальный текстdocumentHP, [security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code (21.01.2012)
 documentZDI, ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities (16.01.2012)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 21 января 2012 г.
Опубликовано:21 января 2012 г.
Источник:
SecurityVulns ID:12156
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WEBCALENDAR : Webcalendar 1.2
 KNOWLEDGETREE : KnowledgeTree 3.7
 APPRAIN : appRain CMF 0.1
 DRUPAL : CKEditor 3.6
 ONEORZERO : OneOrZero AIMS 2.8
 FAMCONNECTIONS : Family Connections 2.7
 PHPVIDEOPRO : phpVideoPro 0.9
 BEEHIVEFORUM : Beehive Forum 101
 BOLTWIRE : BoltWire 3.4
 ATUTOR : ATutor 2.0
 OPENTTD : OpenTTD 1.0
 KAYAKO : Kayako Support Suite 3.70
 X3CMS : x3cms 0.4
CVE:CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.)
 CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.)
 CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.)
Оригинальный текстdocumentsecurity_(at)_infoserve.de, Multiple Cross-Site-Scripting vulnerabilities in x3cms (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-01] Cross-Site Scripting in Kayako Support Suite (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-02] PHP code Injection in Kayako Support Suite (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-03] Information disclosure in Kayako Support Suite (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-04] Cross-Site Scripting in Kayako Support Suite (21.01.2012)
 documentDEBIAN, [SECURITY] [DSA 2386-1] openttd security update (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, ATutor 2.0.3 Multiple XSS vulnerabilities (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, BoltWire 3.4.16 Multiple XSS vulnerabilities (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, phpVideoPro Multiple XSS vulnerabilities (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, Beehive Forum 101 Multiple XSS vulnerabilities (21.01.2012)
 documenttom, Family Connections 2.7.2 Multiple XSS (21.01.2012)
 documentHigh-Tech Bridge Security Research, XSS in OneOrZero AIMS (21.01.2012)
 documentadvisories_(at)_intern0t.net, Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS (21.01.2012)
 documentn0b0d13s_(at)_gmail.com, appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability (21.01.2012)
 documenttom, Webcalendar 1.2.4 'location' XSS (21.01.2012)

Многочисленные уязвимости безопасности в Adobe Acrobat / Reader
дополнено с 21 января 2012 г.
Опубликовано:13 февраля 2012 г.
Источник:
SecurityVulns ID:12154
Тип:клиент
Уровень опасности:
8/10
Описание:Выполнение кода, многочисленные повреждения памяти.
Затронутые продукты:ADOBE : Reader 10.1
 ADOBE : Acrobat 10.1
CVE:CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.)
 CVE-2011-4372 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.)
 CVE-2011-4371 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2011-4370 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.)
 CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
 CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
Оригинальный текстdocumentZDI, ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability (13.02.2012)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01) (21.01.2012)
 documentADOBE, Security updates available for Adobe Reader and Acrobat (21.01.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород