Информационная безопасность
[RU] switch to English


Использование памяти после освобождения в LibreOffice
дополнено с 10 ноября 2014 г.
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14084
Тип:удаленная
Уровень опасности:
5/10
Описание:Использование памяти после освобождения в протоколе удаленного управления Ingress, повреждение памяти в предпросмотре OLE.
CVE:CVE-2014-3693 (Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.)
 CVE-2014-3575 (The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.)
Оригинальный текстdocumentUBUNTU, [USN-2400-1] LibreOffice vulnerability (24.11.2014)
Файлы:CVE-2014-3693 Use-After-Free in socket manager of Impress Remote

Повышение привилегий в MIT krb5
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14094
Тип:локальная
Уровень опасности:
5/10
Описание:При некоторых условиях kadm5_randkey_principal_3() возвращает старые ключи.
Затронутые продукты:MIT : krb5 1.12
CVE:CVE-2014-5351 (The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:224 ] krb5 (24.11.2014)

Многочисленные уязвимости безопасности в Wireshark
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14095
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера и DoS-условия при разборе различных протоколов.
Затронутые продукты:WIRESHARK : Wireshark 1.10
CVE:CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.)
 CVE-2014-8768 (Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.)
 CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.)
 CVE-2014-8714 (The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
 CVE-2014-8713 (Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2014-8712 (The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2014-8711 (Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.)
 CVE-2014-8710 (The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.)
Оригинальный текстdocumentmail_(at)_steffenbauch.de, CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload (24.11.2014)
 documentmail_(at)_steffenbauch.de, CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload (24.11.2014)
 documentmail_(at)_steffenbauch.de, CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload (24.11.2014)
 documentMANDRIVA, [ MDVSA-2014:223 ] wireshark (24.11.2014)

Утечка информации в libvirt
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14096
Тип:библиотека
Уровень опасности:
5/10
Описание:Доступ к информации через qemuDomainFormatXML.
Затронутые продукты:LIBVIRT : libvirt 1.2
CVE:CVE-2014-7823 (The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.)
 CVE-2014-3657 (The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.)
Оригинальный текстdocumentUBUNTU, [USN-2404-1] libvirt vulnerabilities (24.11.2014)

Многочисленные уязвимости безопасности в Asterisk
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14097
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход ограничений, повышение привилегий, DoS.
Затронутые продукты:ASTERISK : Asterisk 13.0
 ASTERISK : Asterisk 12.7
 ASTERISK : Asterisk 11.14
Оригинальный текстdocumentASTERISK, AST-2014-018: AMI permission escalation through DB dialplan function (24.11.2014)
 documentASTERISK, AST-2014-017: Permission escalation through ConfBridge actions/dialplan functions (24.11.2014)
 documentASTERISK, AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver (24.11.2014)
 documentASTERISK, AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver (24.11.2014)
 documentASTERISK, AST-2014-014: High call load may result in hung channels in ConfBridge. (24.11.2014)
 documentASTERISK, AST-2014-013: PJSIP ACLs are not loaded on startup (24.11.2014)
 documentASTERISK, AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic. (24.11.2014)

Обход ограничений в AppArmor
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14098
Тип:локальная
Уровень опасности:
5/10
Описание:Обход ограничений в apparmor_parser
Затронутые продукты:APPARMOR : apparmor 2.8
CVE:CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw.")
Оригинальный текстdocumentUBUNTU, [USN-2413-1] AppArmor vulnerability (24.11.2014)

DoS против Ruby
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14099
Тип:библиотека
Уровень опасности:
5/10
Описание:Исчерпание ресурсов при разборе XML. Повреждение памяти в encodes().
Затронутые продукты:RUBY : Ruby 2.1
CVE:CVE-2014-8090 (The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.)
 CVE-2014-8080 (The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.)
 CVE-2014-4975 (Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.)
Оригинальный текстdocumentUBUNTU, [USN-2412-1] Ruby vulnerability (24.11.2014)

Повреждение памяти в GnuTLS
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14100
Тип:библиотека
Уровень опасности:
7/10
Описание:Повреждение памяти при работе с ECC.
Затронутые продукты:GNU : GnuTLS 3.3
CVE:CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:215 ] gnutls (24.11.2014)

Утечка информации в libcurl
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14101
Тип:клиент
Уровень опасности:
5/10
Описание:Утечка содержимого памяти через POST-запрос.
Затронутые продукты:CURL : libcurl 7.38
CVE:CVE-2014-3707 (The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:213 ] curl (24.11.2014)

Повышение привилегий в mountall
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14102
Тип:локальная
Уровень опасности:
5/10
Описание:Некорректно обрабатывается umask.
Затронутые продукты:MOUNT : mountall 2.54
CVE:CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.)
Оригинальный текстdocumentUBUNTU, [USN-2411-1] mountall vulnerability (24.11.2014)

Многочисленные уязвимости безопасности в Apple Mac OS X
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14104
Тип:библиотека
Уровень опасности:
6/10
Описание:Утечка информации, повреждение памяти.
Затронутые продукты:APPLE : MacOS X 10.10
CVE:CVE-2014-4460 (CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.)
 CVE-2014-4459 (Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.)
 CVE-2014-4458 (The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.)
 CVE-2014-4453 (Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 (24.11.2014)

Многочисленные уязвимости безопасности в Apple TV
Опубликовано:24 ноября 2014 г.
Источник:
SecurityVulns ID:14105
Тип:удаленная
Уровень опасности:
5/10
Описание:Повреждения памяти, выполнение неподписанного кода, повышение привилегий.
Затронутые продукты:APPLE : Apple TV 7.0
CVE:CVE-2014-4462 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.)
 CVE-2014-4461 (The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.)
 CVE-2014-4455 (dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.)
 CVE-2014-4452 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2014-11-17-3 Apple TV 7.0.2 (24.11.2014)

Многочисленные уязвимости безопасности в Apple iOS
дополнено с 24 ноября 2014 г.
Опубликовано:21 декабря 2014 г.
Источник:
SecurityVulns ID:14103
Тип:библиотека
Уровень опасности:
7/10
Описание:Утечка информации, выполнение неподписанного кода, выполнение кода, обход ограничений, повреждения памяти.
Затронутые продукты:APPLE : iPhone 4s
 APPLE : iPhone 5
 APPLE : iPhone 5s
 APPLE : iPhone 6
CVE:CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.)
 CVE-2014-4462 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.)
 CVE-2014-4461 (The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.)
 CVE-2014-4460 (CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.)
 CVE-2014-4457 (The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.)
 CVE-2014-4455 (dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.)
 CVE-2014-4453 (Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.)
 CVE-2014-4452 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.)
 CVE-2014-4451 (Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.)
Оригинальный текстdocument, Apple iOS v8.x - Message Context & Privacy Vulnerability (21.12.2014)
 documentAPPLE, APPLE-SA-2014-11-17-1 iOS 8.1.1 (24.11.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород