Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в eCryptfs
дополнено с 11 августа 2011 г.
Опубликовано:24 августа 2011 г.
Источник:
SecurityVulns ID:11848
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий, утечка информации.
CVE:CVE-2011-3145
 CVE-2011-1837 (The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.)
 CVE-2011-1836 (utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.)
 CVE-2011-1835 (The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.)
 CVE-2011-1834 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.)
 CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.)
 CVE-2011-1832 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.)
 CVE-2011-1831 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.)
Оригинальный текстdocumentUBUNTU, [USN-1196-1] eCryptfs vulnerability (24.08.2011)
 documentUBUNTU, [USN-1188-1] eCryptfs vulnerabilities (11.08.2011)

Многочисленные уязвимости безопасности в флеш-приложении FLV Player
Опубликовано:24 августа 2011 г.
Источник:
SecurityVulns ID:11877
Тип:библиотека
Уровень опасности:
6/10
Описание:Подмена содержимого, межсайтовый скриптинг.
Оригинальный текстdocumentMustLive, Уязвимости в FLV Player (24.08.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород