Информационная безопасность
[RU] switch to English


Несанционированный доступ через HP OpenView Network Node Manager
Опубликовано:26 марта 2009 г.
Источник:
SecurityVulns ID:9774
Тип:удаленная
Уровень опасности:
6/10
Затронутые продукты:HP : OpenView Network Node Manager 7.51
 HP : OpenView Network Node Manager 7.53
CVE:CVE-2009-0921 (Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.dll, or (2) a long Accept-Language HTTP header, which triggers the error in ovwww.dll or libovwww.so.4.)
 CVE-2009-0920 (Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02416 SSRT090008 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (26.03.2009)

Повышение привилегий через файловую систему VERITAS VRTSvxfs в HP-UX
Опубликовано:26 марта 2009 г.
Источник:
SecurityVulns ID:9773
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
CVE:CVE-2009-0207 (Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02409 SSRT080171 rev.1 - HP-UX Running VERITAS File System (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation of Privilege (26.03.2009)

Кратковременные условия в Systemtap
Опубликовано:26 марта 2009 г.
Источник:
SecurityVulns ID:9775
Тип:локальная
Уровень опасности:
4/10
Описание:Повышение привилегий через stap tool для группы stapusr.
Затронутые продукты:SYSTEMTAP : Systemtap 0.0
CVE:CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1755-1] New systemtap packages fix local privilege escalation (26.03.2009)

Многочисленные уязвимости безопасности в IOS Cisco
дополнено с 26 марта 2009 г.
Опубликовано:1 апреля 2009 г.
Источник:
SecurityVulns ID:9772
Тип:удаленная
Уровень опасности:
7/10
Описание:Уязвимости в реализации TCP, cTCP, Mobile IP/Mobile IPv6, WebVPN, SSLVPN приводят к отказу устройства, повышение привилегий через SCP.
Затронутые продукты:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 CISCO : CISCO 5520
CVE:CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.)
 CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.)
 CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337.)
 CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220.)
 CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets.)
 CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.)
 CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.)
Оригинальный текстdocumentBugs NotHugs, Cisco ASA5520 Web VPN Host Header XSS (01.04.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities (26.03.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability (26.03.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege Escalation Vulnerability (26.03.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities (26.03.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability (26.03.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород