Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Adobe Flash Player
дополнено с 11 ноября 2011 г.
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12035
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, переполнения буфера, межсайтовый доступ к данным.
Затронутые продукты:ADOBE : Flash Player 11.0
 ADOBE : AIR 3.0
CVE:CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.)
 CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.)
 CVE-2011-2458 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.)
 CVE-2011-2457 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2456 (Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2455 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2454 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2453 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2452 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2451 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
 CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459) (26.12.2011)
Файлы:Security update available for Adobe Flash Player

Уязвимости безопасности при разборе SIP в Asterisk
дополнено с 11 декабря 2011 г.
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12079
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS, утечка информации.
Затронутые продукты:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
Оригинальный текстdocumentBen Williams, Exploit for Asterisk Security Advisory AST-2011-013 (26.12.2011)
 documentASTERISK, AST-2011-014: Remote crash possibility with SIP and the "automon" feature enabled (11.12.2011)
 documentASTERISK, AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings (11.12.2011)
Файлы:SIP Username Enumerator for Asterisk (UDP) Security Advisory AST-2011-013, CVE-2011-4597

Многочисленные уязвимости безопасности Microsoft Windows
дополнено с 15 декабря 2011 г.
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12090
Тип:клиент
Уровень опасности:
9/10
Описание:Переполнение буфера при разборе шрифтов TTF, повреждение памяти при разборе объектов OLE, повышение приуилегий через CSRSS и ядро системы, выполнение кода через ActiveX.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 2008 Server_
CVE:CVE-2011-3408 (Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability.")
 CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability.")
 CVE-2011-3400 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability.")
 CVE-2011-3397 (The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability.")
 CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090) (26.12.2011)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090) (26.12.2011)
Файлы:Microsoft Security Bulletin MS11-087 - Critical Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
 Microsoft Security Bulletin MS11-093 - Important Vulnerability in OLE Could Allow Remote Code Execution (2624667)
 Microsoft Security Bulletin MS11-097 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
 Microsoft Security Bulletin MS11-098 - Important Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
 Microsoft Security Bulletin MS11-090 - Critical Cumulative Security Update of ActiveX Kill Bits (2618451)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 15 декабря 2011 г.
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12091
Тип:клиент
Уровень опасности:
6/10
Описание:Утечка информации, небезопасная загрузка библиотек.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-3404 (Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability.")
 CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability.")
 CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092) (26.12.2011)
Файлы:Microsoft Security Bulletin MS11-099 - Important Cumulative Security Update for Internet Explorer (2618444)

Переполнения буфера в tor
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12108
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнения буфера динамической памяти при обработке запросов SOCKS.
Затронутые продукты:TOR : tor 0.2
CVE:CVE-2011-2778 (Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.)

Подмена информации сертификата в Google Chrome для Android
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12109
Тип:клиент
Уровень опасности:
4/10
Описание:Возможно подменить информацию о сертификате используя IFRAME.
Затронутые продукты:GOOGLE : Android 2.3
Оригинальный текстdocumentMustLive, Certificate Spoofing in Google Chrome for Android (26.12.2011)

Переполнение буфера в библиотеке libarchive
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12110
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе образа ISO 9660
CVE:CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:191 ] libarchive (26.12.2011)

Обход аутентификации в ленточных библиотеках IBM TS3100 / IBM TS3200
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12111
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход аутентификации в Web-интерфейсе.
CVE:CVE-2011-1372 (The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.)
Оригинальный текстdocumentTrustwave Advisories, TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface (26.12.2011)

DoS-условия в DNS-резолвере unbound
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12112
Тип:удаленная
Уровень опасности:
5/10
Описание:Несколько различных условий отказа в обслуживании.
Затронутые продукты:UNBOUND : unbound 1.4
CVE:CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.)
 CVE-2011-4528 (Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2370-1] unbound security update (26.12.2011)

Некорректный выпуск сертификатов в pfSense
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12113
Тип:библиотека
Уровень опасности:
5/10
Описание:Все сертификаты выпускаются с флагом CA:true
Затронутые продукты:PFSENSE : pfSense 2.0
CVE:CVE-2011-4197 (etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.)
Оригинальный текстdocumentFlorent Daigniere, [MATTA-2011-001] pfSense x509 Insecure Certificate Creation (26.12.2011)

Переполнение буфера в WellinTech KingView
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12114
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе запроса TCP/777
CVE:CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet.)
Оригинальный текстdocumentZDI, ZDI-11-351 : WellinTech KingView HistoryServer.exe Opcode 3 Parsing Remote Code Execution Vulnerability (26.12.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12117
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPMYADMIN : phpMyAdmin 3.4
 TIKI : Tiki Wiki CMS Groupware 8.2
 EPESIBIM : epesi BIM 1.2
 OBM : obm 2.4
 PHPSHOP : PHPShop CMS Free 3.4
 MEDIAWIKI : mediawiki 1.16
 DTC : dtc 0.34
 BOOKINGCALENDAR : PHP Booking Calendar 10e
 SASHA : SASHA 0.2
 APPRAIN : appRain CMF 0.1
 NOVELL : Sentinel Log Manager 1.2
CVE:CVE-2011-4782 (Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.)
 CVE-2011-4551 (Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.)
 CVE-2011-4361 (MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.)
 CVE-2011-4360 (MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.)
 CVE-2011-3199 (Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.)
 CVE-2011-3198 (Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments.)
 CVE-2011-3197 (SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector.)
 CVE-2011-3196 (The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.)
 CVE-2011-3195 (shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.)
 CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.)
 CVE-2011-1580 (The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.)
 CVE-2011-1579 (The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.)
 CVE-2011-1578 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.)
Оригинальный текстdocumentAndrea Fabrizi, Novell Sentinel Log Manager <=1.2.0.1 Path Traversal (26.12.2011)
 documentVulnerability Lab, appRain CMF v0.1.5 - Multiple Web Vulnerabilities (26.12.2011)
 documenttom, SASHA v0.2.0 Mutiple XSS (26.12.2011)
 documenttom, PHP Booking Calendar 10e XSS (26.12.2011)
 documentDEBIAN, [SECURITY] [DSA 2365-1] dtc security update (26.12.2011)
 documentDEBIAN, [SECURITY] [DSA 2366-1] mediawiki security update (26.12.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in PHPShop CMS Free (26.12.2011)
 documentsecurity_(at)_infoserve.de, Tiki Wiki CMS Groupware Stored Cross-Site-Scripting (26.12.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in epesi BIM (26.12.2011)
 documentTrustwave Advisories, TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin (26.12.2011)
 documentn0b0d13s_(at)_gmail.com, Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection (26.12.2011)

Многочисленные уязвимости в протоколе WhatsApp
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12118
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно изменение статуса пользователя. Обход регистрации. Информация передается в открытом тексте.
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp (26.12.2011)

Переполнение буфера в Enterasys NetSight
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12119
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в nssyslogd при разборе пакета UDP/514
Оригинальный текстdocumentZDI, ZDI-11-350 : Enterasys NetSight nssyslogd PRI Remote Code Execution Vulnerability (26.12.2011)

Уязвимости безопасности в lighttpd
дополнено с 26 декабря 2011 г.
Опубликовано:2 января 2012 г.
Источник:
SecurityVulns ID:12116
Тип:удаленная
Уровень опасности:
4/10
Описание:Отказ в обслуживании при разборе base64
Затронутые продукты:LIGHTTPD : lighttpd 1.4
CVE:CVE-2011-4362 (Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Оригинальный текстdocumentpi3_(at)_itsec.pl, Lighttpd Proof of Concept code for CVE-2011-4362 (02.01.2012)
 documentDEBIAN, [SECURITY] [DSA 2368-1] lighttpd security update (26.12.2011)
Файлы:Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability

Многочисленные уязвимости безопасности в HP Managed Printing Administration
дополнено с 26 декабря 2011 г.
Опубликовано:9 января 2012 г.
Источник:
SecurityVulns ID:12115
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера, несанкционированный доступ к файлам, обратный путь в каталогах.
CVE:CVE-2011-4169 (Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.)
 CVE-2011-4168 (Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.)
 CVE-2011-4167 (Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.)
 CVE-2011-4166 (Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.)
Оригинальный текстdocumentHP, [security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities (09.01.2012)
 documentZDI, ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities (09.01.2012)
 documentZDI, ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities (26.12.2011)
 documentZDI, ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability (26.12.2011)
 documentZDI, ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities (26.12.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород