Информационная безопасность
[RU] switch to English


Переполнение буфера в Immunity Debugger
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11520
Тип:m-i-t-m
Уровень опасности:
4/10
Описание:Переполнение буфера в процессе обновления ПО.
Затронутые продукты:IMMUNITY : Immunity Debugger 1.73
Оригинальный текстdocument[email protected], NGS00016 Technical Advisory: Immunity Debugger Buffer Overflow (23.03.2011)

Утечка информации в Cisco IPSec
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11521
Тип:удаленная
Уровень опасности:
3/10
Описание:Возможно проверить существование имени группы.
Затронутые продукты:CISCO : Cisco VPN 3000
 CISCO : PIX 500
 CISCO : Cisco ASA 5500
Оригинальный текстdocument[email protected], NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration (23.03.2011)

Переполнение буфера в libtiff
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11522
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера в кодеке ThunderCode, переполнение стека.
Затронутые продукты:LIBTIFF : libtiff 6.9
CVE:CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.)
Оригинальный текстdocumentzgmzgm_(at)_mail.ustc.edu.cn, Buffer overflow in libtiff in Imagemagick (23.03.2011)
 documentZDI, ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability (23.03.2011)

Многочисленные уязвимости безопасности в ядре Linux
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11523
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий, многочисленные утечки информации.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.)
 CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver.)
 CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865.)
 CVE-2010-4163 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.)
 CVE-2010-4162 (Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.)
 CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.)
 CVE-2010-4077 (The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.)
 CVE-2010-4076 (The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.)
Оригинальный текстdocumentTimo Warns, [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel (23.03.2011)
 documentUBUNTU, [USN-1089-1] Linux kernel vulnerabilities (23.03.2011)

Переполнение буфера в RealPlayer
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11524
Тип:клиент
Уровень опасности:
7/10
Описание:Переполнение буфера при разборе файлов IVR.
Затронутые продукты:REAL : RealPlayer 14.0
Оригинальный текстdocumentLuigi Auriemma, Heap overflow in RealPlayer 14.0.1.633 (23.03.2011)
Файлы:RealPlayer IVR buffer overflow PoC

Обход защиты в libvirt
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11525
Тип:библиотека
Уровень опасности:
5/10
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2194-1] libvirt security update (23.03.2011)

DoS против Asterisk
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11526
Тип:удаленная
Уровень опасности:
5/10
Описание:Флуд соединениями приводит к исчерпанию ресурсов.
Затронутые продукты:ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
Оригинальный текстdocumentASTERISK, AST-2011-004: (23.03.2011)
 documentASTERISK, AST-2011-003: (23.03.2011)

Уязвимости безопасности в libcgroup
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11527
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера, повышение привилегий.
CVE:CVE-2011-1022 (The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.)
 CVE-2011-1006 (Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2193-1] libcgroup security update (23.03.2011)

Несанкционированный доступ через Progea Movicon TCPUploadServer
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11528
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможна загрузка и выполнение файлов по произвольному расположению.
Оригинальный текстdocumentJeremy Brown, rogea Movicon TCPUploadServer Remote Exploit (23.03.2011)
Файлы:Progea Movicon TCPUploadServer Remote Exploit

Освобождение неинициализированного указателя в IGSS ODBC Server
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11529
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные условия обращения по неинициализированному указателю.
Оригинальный текстdocumentJeremy Brown, IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS (23.03.2011)
Файлы:IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS

Переполнение буфера в FTP-сервере Novell Netware
дополнено с 31 марта 2010 г.
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:10727
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в командах rmdir/mkdir/dele.
Затронутые продукты:NOVELL : Netware 6.5
CVE:CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.)
 CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.)
Оригинальный текстdocumentZDI, ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability (23.03.2011)
 documentZDI, ZDI-10-062: Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities (06.04.2010)
 documentFrancis Provencher, {PRL} Novell Netware FTP Remote Stack Overflow (31.03.2010)

Выполнение кода в HP Client Automation
дополнено с 15 марта 2011 г.
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11500
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода через radexecd.exe (TCP/3465).
CVE:CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote attackers to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentZDI, ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability (23.03.2011)
 documentHP, [security bulletin] HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code (15.03.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11513
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPNUKE : PHP-Nuke 8.0
 MCCONTENTMANAGER : MC Content Manager 10.1
 JOOMLA : Joomla! 1.6
 CMSBALITBANG : CMS Balitbang 3.3
Оригинальный текстdocumentYGN Ethical Hacker Group, PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability (23.03.2011)
 documentYGN Ethical Hacker Group, PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability (23.03.2011)
 documentYGN Ethical Hacker Group, PHP-Nuke 8.x <= Cross Site Scripting Vulnerability (23.03.2011)
 documentYGN Ethical Hacker Group, PHP-Nuke 8.x <= Cross Site Scripting Vulnerability (23.03.2011)
 documenteidelweiss_(at)_windowslive.com, CMS Balitbang 3.3 Arbitary File Upload Vulnerability (23.03.2011)
 documentPaul Szabo, XSS in Oracle default fcgi-bin/echo (23.03.2011)
 documentYGN Ethical Hacker Group, Joomla! 1.6.0 | Information Disclosure/Full Path Disclosure Vulnerability (23.03.2011)
 documentMustLive, XSS, AoF и IAA уязвимости в MC Content Manager (23.03.2011)

Несанкционированный доступ к IBM Lotus Domino Server Controller
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11514
Тип:удаленная
Уровень опасности:
7/10
Описание:При авторизации по порту TCP/2050 используется файл учетных записей, определяемый пользователем, который может находиться в сетевой папке.
Затронутые продукты:IBM : Lotus Domino 7.0
Оригинальный текстdocumentZDI, ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability (23.03.2011)

Проблемы шел-символов в TeX (tex-common)
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11515
Тип:локальная
Уровень опасности:
5/10
CVE:CVE-2011-1400 (The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2198-1] tex-common security update (23.03.2011)

Многочисленные уязвимости безопасности в Advantech BroadWin WebAccess
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11516
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода, утечка информации из RPC-службы на порту TCP/4592.
Оригинальный текстdocumentReversemode, SCADA Trojans: Attacking the Grid + Advantech vulnerabilities (23.03.2011)
Файлы:Advantec/BroadWin SCADA WebAccess 7.0 Network Service RPC Party Exploit
 SCADA Trojans: Attacking the Grid

Утечка информации в HP Discovery &amp; Dependency Mapping Inventory
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11517
Тип:удаленная
Уровень опасности:
5/10
Описание:По-умолчанию разрешен SNMP-доступ коммунити public.
Затронутые продукты:HP : HP Discovery & Dependency Mapping Inventory 7.70
 HP : HP Discovery & Dependency Mapping Inventory 9.30
CVE:CVE-2011-0890 (HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration (23.03.2011)

Многочисленные уязвимости безопасности в Apple Mac OS X
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11518
Тип:библиотека
Уровень опасности:
8/10
Описание:Многочисленные DoS-условия, ошибка форматной строки в AppleScript, повреждения памяти при разборе различных форматов данных, утечка информации, повышение привилегий.
Затронутые продукты:APPLE : MacOS X 10.6
CVE:CVE-2011-1417 (Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.)
 CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.)
 CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.)
 CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.)
 CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.)
 CVE-2011-0191 (Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.)
 CVE-2011-0190 (Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.)
 CVE-2011-0189 (The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.)
 CVE-2011-0188 (The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue.")
 CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.)
 CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.)
 CVE-2011-0184 (QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.)
 CVE-2011-0183 (Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue.")
 CVE-2011-0182 (The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.)
 CVE-2011-0181 (Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.)
 CVE-2011-0180 (Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.)
 CVE-2011-0179 (CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.)
 CVE-2011-0178 (The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.)
 CVE-2011-0177 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.)
 CVE-2011-0176 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.)
 CVE-2011-0175 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.)
 CVE-2011-0174 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.)
 CVE-2011-0173 (Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.)
 CVE-2011-0172 (AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.)
 CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.)
 CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.)
 CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.)
 CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.)
 CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.)
 CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396.")
 CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2010-4021 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue.")
 CVE-2010-4020 (MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.)
 CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.)
 CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.)
 CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.)
 CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.)
 CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.)
 CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.)
 CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.)
 CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.)
 CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.)
 CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.)
 CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.)
 CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.)
 CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.)
 CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.)
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.)
 CVE-2010-1452 (The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.)
 CVE-2010-1324 (MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.)
 CVE-2010-1323 (MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.)
 CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.)
 CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.)
 CVE-2006-7243 (PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.)
Оригинальный текстdocumentIDEFENSE, NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow (23.03.2011)
 documentIDEFENSE, iDefense Security Advisory 03.21.11: Apple OfficeImport Framework Excel Memory Corruption Vulnerability (23.03.2011)
 document[email protected], NGS00052 Patch Notification: Apple Mac OS X Image RAW Multiple Buffer Overflows (23.03.2011)
 documentZDI, ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability (23.03.2011)
 documentZDI, ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability (23.03.2011)
 documentVSR Advisories, Apple HFS+ Information Disclosure Vulnerability (23.03.2011)
 documentAPPLE, About the security content of Mac OS X v10.6.7 and Security Update 2011-001 (23.03.2011)

Межсайтовая подмена запросов в Symantec LiveUpdate Administrator
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:11519
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтоавя подмена запросов в сервере администрирования.
Затронутые продукты:SYMANTEC : LiveUpdate Administrator 2.2
CVE:CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.)
Оригинальный текстdocumentNSO Research, NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability (23.03.2011)

Фальшивые сертификаты выданы Comodo
дополнено с 23 марта 2011 г.
Опубликовано:29 марта 2011 г.
Источник:
SecurityVulns ID:11530
Тип:m-i-t-m
Уровень опасности:
7/10
Описание:Неизвестным злоумышленникам были выданы подписанные сертификаты следующих служб: login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org "Global Trustee"
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2203-1] nss security update (29.03.2011)
Файлы:Microsoft Security Advisory (2524375) Fraudulent Digital Certificates Could Allow Spoofing

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород