Информационная безопасность
[RU] switch to English


Повышение привилегий в FreeBSD
Опубликовано:26 ноября 2012 г.
Источник:
SecurityVulns ID:12724
Тип:локальная
Уровень опасности:
6/10
Описание:Перезапись данных ядра через подсистему совместимости с Linux.
Затронутые продукты:FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 9.0
 FREEBSD : FreeBSD 8.3
 FREEBSD : FreeBSD 9.1
CVE:CVE-2012-4576
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-12:08.linux (26.11.2012)

Многочисленные уязвимости безопасности в Apache Tomcat
Опубликовано:26 ноября 2012 г.
Источник:
SecurityVulns ID:12725
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход авторизации и replay-атаки при использовании авторизации Digest, DoS.
Затронутые продукты:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.)
 CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.)
 CVE-2012-5885 (The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.)
 CVE-2012-2733 (java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.)
Оригинальный текстdocumentUBUNTU, [USN-1637-1] Tomcat vulnerabilities (26.11.2012)

DoS против trousers
Опубликовано:26 ноября 2012 г.
Источник:
SecurityVulns ID:12726
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS против tcsd
Затронутые продукты:TROUSERS : trousers 0.3
CVE:CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2576-1] trousers security update (26.11.2012)

Повреждение памяти в libunity
Опубликовано:26 ноября 2012 г.
Источник:
SecurityVulns ID:12727
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждение памяти при работе с хэш-таблицами.
CVE:CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted web site, related to "certain hash tables.")
Оригинальный текстdocumentUBUNTU, [USN-1635-1] libunity-webapps vulnerability (26.11.2012)

Уязвимости безопасности в TP-LINK TL-WR841N
дополнено с 1 ноября 2012 г.
Опубликовано:26 ноября 2012 г.
Источник:
SecurityVulns ID:12687
Тип:удаленная
Уровень опасности:
4/10
Описание:Обратный путь в каталогах в веб-интерфейсе, межсайтовый скприптинг.
Затронутые продукты:TPLINK : TP-LINK TL-WR841N
CVE:CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.)
Оригинальный текстdocumentMatan Azugi, FW: =| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |= (26.11.2012)
 documentMatan Azugi, [BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE] (01.11.2012)

Переполнение буфера в libproxy
дополнено с 6 ноября 2012 г.
Опубликовано:26 ноября 2012 г.
Источник:
SecurityVulns ID:12699
Тип:библиотека
Уровень опасности:
5/10
Описание:Целочисленное переполнение при разборе заголовка Content-Length приводит к переполнению буфера, переполнение буфера при разборе proxy.pac
Затронутые продукты:LIBPROXY : libproxy 0.3
CVE:CVE-2012-4505 (Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.)
 CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:172 ] libproxy (26.11.2012)
 documentDEBIAN, [SECURITY] [DSA 2571-1] libproxy security update (06.11.2012)

Слабый ключ сети в беспроводных маршрутизаторах Belkin
Опубликовано:26 ноября 2012 г.
Источник:
SecurityVulns ID:12728
Тип:удаленная
Уровень опасности:
5/10
Описание:Заводской ключ сети WPA2 генерируется на основе MAC-адреса.
CVE:CVE-2012-4366 (Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.)
Оригинальный текстdocumentJakob Lell , CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers (26.11.2012)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 26 ноября 2012 г.
Опубликовано:3 декабря 2012 г.
Источник:
SecurityVulns ID:12723
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, переполнения буфера, повышения привилегий и обход защиты.
Затронутые продукты:MOZILLA : Firefox ESR 10.0
 MOZILLA : Thunderbird ESR 10.0
 MOZILLA : SeaMonkey 2.13
 MOZILLA : Firefox 16.0
 MOZILLA : Thunderbird 16.0
CVE:CVE-2012-5843 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-5842 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-5841 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.)
 CVE-2012-5840 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.)
 CVE-2012-5839 (Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-5838 (The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.)
 CVE-2012-5837 (The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.)
 CVE-2012-5836 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.)
 CVE-2012-5835 (Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.)
 CVE-2012-5833 (The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.)
 CVE-2012-5830 (Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.)
 CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-4218 (Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4217 (Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4216 (Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4215 (Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4214 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.)
 CVE-2012-4213 (Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4212 (Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4210 (The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.)
 CVE-2012-4209 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.)
 CVE-2012-4208 (The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.)
 CVE-2012-4207 (The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.)
 CVE-2012-4206 (Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.)
 CVE-2012-4205 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.)
 CVE-2012-4204 (The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.)
 CVE-2012-4203 (The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.)
 CVE-2012-4202 (Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.)
 CVE-2012-4201 (The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Free Vulnerability (03.12.2012)
 documentVUPEN Security Research, VUPEN Security Research - Mozilla Firefox "imgRequestProxy" Remote Use-After-Free Vulnerability (02.12.2012)
Файлы:Mozilla Foundation Security Advisory 2012-91
 Mozilla Foundation Security Advisory 2012-92
 Mozilla Foundation Security Advisory 2012-93
 Mozilla Foundation Security Advisory 2012-94
 Mozilla Foundation Security Advisory 2012-95
 Mozilla Foundation Security Advisory 2012-96
 Mozilla Foundation Security Advisory 2012-97
 Mozilla Foundation Security Advisory 2012-98
 Mozilla Foundation Security Advisory 2012-99
 Mozilla Foundation Security Advisory 2012-100
 Mozilla Foundation Security Advisory 2012-101
 Mozilla Foundation Security Advisory 2012-102
 Mozilla Foundation Security Advisory 2012-103
 Mozilla Foundation Security Advisory 2012-104
 Mozilla Foundation Security Advisory 2012-105
 Mozilla Foundation Security Advisory 2012-106

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород