Информационная безопасность
[RU] switch to English


Уязвимости безопасности в OpenStack
дополнено с 4 февраля 2013 г.
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12863
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации в Nova и Glance, исчерпание ресурсов в Keystone.
Затронутые продукты:OPENSTACK : glance 2012.2
 OPENSTACK : Nova 2012.2
 OPENSTACK : KeyStone 2012.2
 OPENSTACK : Cinder 2012.2
CVE:CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.)
 CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.)
 CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.)
 CVE-2013-1665 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.)
 CVE-2013-1664 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.)
 CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.)
 CVE-2013-0282 (OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.)
 CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.)
 CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.)
 CVE-2013-0208 (The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.)
Оригинальный текстdocumentUBUNTU, [USN-1772-1] OpenStack Keystone vulnerability (24.03.2013)
 documentUBUNTU, [USN-1771-1] OpenStack Nova vulnerabilities (24.03.2013)
 documentUBUNTU, [USN-1764-1] OpenStack Glance vulnerability (19.03.2013)
 documentUBUNTU, [USN-1730-1] OpenStack Keystone vulnerabilities (24.02.2013)
 documentUBUNTU, [USN-1731-1] OpenStack Cinder vulnerability (24.02.2013)
 documentUBUNTU, [USN-1734-1] OpenStack Nova vulnerability (24.02.2013)
 documentUBUNTU, [USN-1715-1] OpenStack Keystone vulnerability (11.02.2013)
 documentUBUNTU, [USN-1710-1] OpenStack Glance vulnerability (04.02.2013)
 documentUBUNTU, [USN-1709-1] OpenStack Nova vulnerability (04.02.2013)

Многочисленные уязвимости безопасности в Photodex ProShow Producer
дополнено с 18 февраля 2013 г.
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12891
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файлов .pxs / .pxt, повышение привилегий через слабые разрешения и неполные пути к библиотекам.
Затронутые продукты:PHOTODEX : ProShow Producer 5.0
Оригинальный текстdocumentInshell Security, [IA49] Photodex ProShow Producer v5.0.3310 ScsiAccess Local Privilege Escalation (24.03.2013)
 documentInshell Security, [IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability (02.03.2013)
 documentInshell Security, [IA47] Photodex ProShow Producer v5.0.3297 PXT File title Value Handling Buffer Overflow (24.02.2013)
 documentInshell Security, [IA46] Photodex ProShow Producer v5.0.3297 ColorPickerProc() Memory Corruption (18.02.2013)

Многочисленные уязвимости безопасности в Apple iOS
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12962
Тип:библиотека
Уровень опасности:
6/10
Описание:Обход механизмов защиты, повышение привилегий, выполнение кода,
Затронутые продукты:APPLE : Appple iOS 6.1
CVE:CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.)
 CVE-2013-0980 (The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.)
 CVE-2013-0979 (lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.)
 CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.)
 CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.)
 CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion.")
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-03-19-1 iOS 6.1.3 (24.03.2013)

Многочисленные уязвимости безопасности в Apple TV
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12963
Тип:библиотека
Уровень опасности:
6/10
Описание:Обход механизмов защиты, утечка информации.
Затронутые продукты:APPLE : Apple TV 5.2
CVE:CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.)
 CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.)
 CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-03-19-2 Apple TV 5.2.1 (24.03.2013)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 13 марта 2013 г.
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12947
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные уязвимости использования памяти после освобождения.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability.")
 CVE-2013-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability.")
 CVE-2013-0093 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability.")
 CVE-2013-0092 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability.")
 CVE-2013-0091 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability.")
 CVE-2013-0090 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability.")
 CVE-2013-0089 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability.")
 CVE-2013-0088 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability.")
 CVE-2013-0087 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087) (24.03.2013)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) (24.03.2013)
Файлы:Microsoft Security Bulletin MS13-021 - Critical Cumulative Security Update for Internet Explorer (2809289)

Использование памяти после освобождения в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 10 марта 2013 г.
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12925
Тип:клиент
Уровень опасности:
5/10
Описание:Use-after-free в HTML-редакторе.
Затронутые продукты:MOZILLA : Thunderbird 17.0
 MOZILLA : Firefox ESR 17.0
 MOZILLA : Firefox 19.0
 MOZILLA : SeaMonkey 2.16
CVE:CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) (24.03.2013)
Файлы:Mozilla Foundation Security Advisory 2013-29

Многочисленные уязвимости безопасности в Safari / WebKit
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12964
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти, межсайтовый скриптинг.
Затронутые продукты:APPLE : Safari 6.0
CVE:CVE-2013-0962 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.)
 CVE-2013-0961 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.)
 CVE-2013-0960 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.)
 CVE-2013-0959 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0958 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0956 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0955 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0954 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0953 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0952 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0951 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0950 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0949 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0948 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2012-2889 (Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS).")
 CVE-2012-2857 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.)
 CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-03-14-2 Safari 6.0.3 (24.03.2013)

Многочисленные уязвимости безопасности в Apple Mac OS X
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12965
Тип:библиотека
Уровень опасности:
7/10
Описание:Межсайтовый скриптинг, обход аутентификации, переполнения буфера и повреждения памяти в различных библиотеках, утечка информации, обход механизмов защиты, повреждения памяти при разборе PDF, уязвимости в различных пакаджах.
Затронутые продукты:APPLE : Mac OS X 10.8
CVE:CVE-2013-0976 (IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.)
 CVE-2013-0973 (Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.)
 CVE-2013-0971 (Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.)
 CVE-2013-0970 (Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL.)
 CVE-2013-0969 (Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard.)
 CVE-2013-0967 (CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.)
 CVE-2013-0966 (The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.)
 CVE-2013-0963 (Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.)
 CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.)
 CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.)
 CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.)
 CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.)
 CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.)
 CVE-2012-3756 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.)
 CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.)
 CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.)
 CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.)
 CVE-2012-3488 (The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.)
 CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.)
 CVE-2011-3058 (Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 (24.03.2013)

Тайминг-атаки в TLS-библиотеке Mozilla NSS
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12966
Тип:библиотека
Уровень опасности:
5/10
Описание:Возможны атаки "Lucky Thirteen".
Затронутые продукты:MOZILLA : nss 3.14
CVE:CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.)
Оригинальный текстdocumentUBUNTU, [USN-1763-1] NSS vulnerability (24.03.2013)

Обход защиты в apt
дополнено с 10 марта 2012 г.
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12244
Тип:m-i-t-m
Уровень опасности:
4/10
Описание:При использовании репозиторием файлов InRelease возможна атака man-in-the-middle.
Затронутые продукты:APT : apt 0.8
CVE:CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.)
 CVE-2012-0214 (The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.)
Оригинальный текстdocumentUBUNTU, [USN-1762-1] APT vulnerability (24.03.2013)
 documentUBUNTU, [USN-1385-1] APT vulnerability (10.03.2012)

Исчерпание ресурсов в утилитах sort, uniq, join
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12967
Тип:локальная
Уровень опасности:
4/10
Описание:Исчерпание ресурсов на длинной строке.
Затронутые продукты:GNU : coreutils 6.12
CVE:CVE-2013-0223 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.)
 CVE-2013-0222 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.)
 CVE-2013-0221 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:023 ] coreutils (24.03.2013)

Уязвимости безопасности в OpenSSH
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12968
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, DoS.
Затронутые продукты:OPENSSH : OpenSSH 5.6
 OPENSSH : OpenSSH 6.1
CVE:CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.)
 CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:022 ] openssh (24.03.2013)

Многочисленные уязвимости безопасности в Puppet
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12969
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода, повышение привилегий, обход защиты, подмена информации.
Затронутые продукты:PUPPET : Puppet 3.1
CVE:CVE-2013-2275 (The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.)
 CVE-2013-1655 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes.")
 CVE-2013-1654 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.)
 CVE-2013-1653 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.)
 CVE-2013-1652 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.)
 CVE-2013-1640 (The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.)
Оригинальный текстdocumentUBUNTU, [USN-1759-1] Puppet vulnerabilities (24.03.2013)

Подмена обновлений в LibreOffice
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12970
Тип:m-i-t-m
Уровень опасности:
6/10
Описание:Проверка обновлений осуществляется через небезопасное соединение без проверки цифровой подписи.
Затронутые продукты:LIBREOFFICE : LibreOffice 4.0
Оригинальный текстdocumentJanek Vind, [waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 (24.03.2013)

Повышение привилегий в CA SiteMinder
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12971
Тип:удаленная
Уровень опасности:
5/10
Описание:Некорректная проверка цифровой подписи в SAML.
Затронутые продукты:CA : SiteMinder Federation 12.5
 CA : SiteMinder Federation 12.1
 CA : SiteMinder Federation 12.0
 CA : SiteMinder Agent for SharePoint 2010
 CA : SiteMinder for Secure Proxy Server 12.5
 CA : SiteMinder for Secure Proxy Server 12.0
CVE:CVE-2013-2279 (CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.)
Оригинальный текстdocumentCA, CA20130319-01: Security Notice for SiteMinder products using SAML (24.03.2013)

Обратные путь в каталогах EverFocus EPARA264-16X1
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12972
Тип:удаленная
Уровень опасности:
4/10
Описание:Обратный путь в каталогах встроенного HTTP-сервера.
Затронутые продукты:EVERFOCUS : EverFocus EPARA264-16X1
Оригинальный текстdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal (24.03.2013)

Многочисленные уязвимости безопасности в ClamAV
дополнено с 24 марта 2013 г.
Опубликовано:4 мая 2013 г.
Источник:
SecurityVulns ID:12961
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе файлов сжатых UPX, переполнение массива при разборе PDF.
Затронутые продукты:CLAMAV : ClamAV 0.97
CVE:CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.)
 CVE-2013-2020 (Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.)
Оригинальный текстdocumentUBUNTU, [USN-1816-1] ClamAV vulnerabilities (04.05.2013)
 documentUBUNTU, [USN-1773-1] ClamAV vulnerabilities (24.03.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород