Информационная безопасность
[RU] switch to English


Выполнение кода в PostgreSQL
Опубликовано:26 мая 2010 г.
Источник:
SecurityVulns ID:10862
Тип:локальная
Уровень опасности:
5/10
Описание:Можно выполнить PL/perl или PL/Tcl код через хранимые процедуры.
Затронутые продукты:POSTGRES : PostgreSQL 8.4
CVE:CVE-2010-1170 (The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script.)
 CVE-2010-1169 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447.)
Оригинальный текстdocumentUBUNTU, [USN-942-1] PostgreSQL vulnerabilities (26.05.2010)

Межсайтовый скриптинг в Apache Axis2
Опубликовано:26 мая 2010 г.
Источник:
SecurityVulns ID:10863
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в интерфейсе администрирования.
Затронутые продукты:APACHE : Axis2 1.4
Оригинальный текстdocumentProCheckUp Research, PR10-03: Authenticated Cross-Site Scripting (XSS) within the Apache Axis2 administration console (26.05.2010)

Ошибка форматной строки в rpc.pcnfsd HP-UX, IBM AIX, SGI IRIX
Опубликовано:26 мая 2010 г.
Источник:
SecurityVulns ID:10864
Тип:удаленная
Уровень опасности:
7/10
Описание:Ошибка форматной строки при вызове syslog()
Затронутые продукты:SGI : Irix 6.5
 HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
 IBM : AIX 6.1
CVE:CVE-2010-1039 (Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.)
Оригинальный текстdocumentCHECKPOINT, HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039 (26.05.2010)
Файлы:rpc.pcnfsd remote format string exploit, tested against AIX 6.1.0 and lower

Переполнение буфера в barnowl
Опубликовано:26 мая 2010 г.
Источник:
SecurityVulns ID:10865
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе поля CC:
CVE:CVE-2010-0793 (Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2049-1] New barnowl packages fix arbitrary code execution (26.05.2010)

Переполнение буфера в FTP-сервере CompleteFTP
Опубликовано:26 мая 2010 г.
Источник:
SecurityVulns ID:10866
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при обработке команды PORT.
Оригинальный текстdocumenteidelweiss, CompleteFTP Server v 4.x "PORT" command Remote DOS exploit (26.05.2010)

Целочисленное переполнение в Ziproxy
Опубликовано:26 мая 2010 г.
Источник:
SecurityVulns ID:10867
Тип:удаленная
Уровень опасности:
6/10
Описание:Целочисленные переполнения при обработке JPEG и PNG.
Затронутые продукты:ZIPROXY : Ziproxy 3.0
CVE:CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.)
Оригинальный текстdocumentSECUNIA, Secunia Research: Ziproxy Two Integer Overflow Vulnerabilities (26.05.2010)

Уязвимости безопасности в кабельных модемах Scientific Atlanta DPC2100
Опубликовано:26 мая 2010 г.
Источник:
SecurityVulns ID:10868
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовая подмена запросов. Обход аутентификации.
Затронутые продукты:SCIENTIFICATLANT : WebStar DPC2100
CVE:CVE-2010-2026 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page.)
 CVE-2010-2025 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.)
Оригинальный текстdocumentDan Rosenberg, Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities (26.05.2010)

Многочисленные уязвимости безопасности в ядре Linux
Опубликовано:26 мая 2010 г.
Источник:
SecurityVulns ID:10869
Тип:удаленная
Уровень опасности:
6/10
Описание:Повышение привилегий, DoS, утечка информации.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application.)
 CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and other versions before 2.6.33, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke.)
 CVE-2010-1437 (Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.)
 CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference.)
 CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.)
 CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors.)
 CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.)
 CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.)
 CVE-2010-1086 (The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.)
 CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c.)
 CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).)
 CVE-2010-0727 (The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.)
 CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2053-1] New Linux 2.6.26 packages fix several issues (26.05.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород