Информационная безопасность
[RU] switch to English


Обход защиты в sudo
Опубликовано:24 мая 2012 г.
Источник:
SecurityVulns ID:12386
Тип:локальная
Уровень опасности:
4/10
Описание:Возможно обойти ограничения по IP.
Затронутые продукты:SUDO : sudo 1.8
CVE:CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.)

Ошибка форматной строки в otr-плагине для Pidgin
Опубликовано:24 мая 2012 г.
Источник:
SecurityVulns ID:12387
Тип:клиент
Уровень опасности:
5/10
Затронутые продукты:PIDGIN : pidgin-otr 3.2
CVE:CVE-2012-2369 (Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2476-1] pidgin-otr security update (24.05.2012)

Многочисленные уязвимости безопасности в PHP
дополнено с 1 мая 2012 г.
Опубликовано:24 мая 2012 г.
Источник:
SecurityVulns ID:12353
Тип:библиотека
Уровень опасности:
7/10
Описание:DoS-условия, выполнение кода, инъекции SQL.
Затронутые продукты:PHP : PHP 5.3
CVE:CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.)
 CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.)
 CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.)
 CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.)
 CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.)
 CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.)
 CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.)
 CVE-2012-0788 (The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.)
Оригинальный текстdocumentadmin_(at)_bugreport.ir, PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version (24.05.2012)
 documentMANDRIVA, [ MDVSA-2012:071 ] php (14.05.2012)
 documentMANDRIVA, [ MDVSA-2012:065 ] php (01.05.2012)
Файлы:PHP CVE-2012-1823 exploit

Повышение привилегий через ACMELOGIN в HP OpenVMS
Опубликовано:24 мая 2012 г.
Источник:
SecurityVulns ID:12388
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:HP : OpenVMS 8.3
 HP : OpenVMS 8.4
CVE:CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized (24.05.2012)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 14 мая 2012 г.
Опубликовано:24 мая 2012 г.
Источник:
SecurityVulns ID:12376
Тип:локальная
Уровень опасности:
6/10
Описание:DoS условия, обход защиты, переполнение буфера.
Затронутые продукты:LINUX : kernel 2.6
 LINUX : kernel 3.3
CVE:CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020.)
 CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data.)
 CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.)
 CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.)
Оригинальный текстdocumentpi3_(at)_pi3.com.pl, The story of the Linux kernel 3.x... (24.05.2012)
 documentTimo Warns, [PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem (24.05.2012)
 documentDEBIAN, [SECURITY] [DSA 2469-1] linux-2.6 security update (14.05.2012)

Переполнение буфера в FlashPeak SlimBrowser
Опубликовано:24 мая 2012 г.
Источник:
SecurityVulns ID:12389
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера через тэг title
Оригинальный текстdocumentdemonalex_(at)_163.com, FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability (24.05.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород