Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в ядре Linux
дополнено с 11 октября 2014 г.
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:13997
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера и DoS условия в различных драйверах, многочисленные уязвимости в сетевой файловой системе Ceph.
Затронутые продукты:LINUX : kernel 3.16
CVE:CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.)
 CVE-2014-6418 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.)
 CVE-2014-6417 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.)
 CVE-2014-6416 (Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.)
 CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.)
 CVE-2014-3631 (The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.)
 CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.)
 CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.)
 CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.)
 CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:201 ] kernel (27.10.2014)
 documentUBUNTU, [USN-2379-1] Linux kernel vulnerabilities (11.10.2014)

Обход защиты в ejabberd
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14052
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Сервер не требует шифрования.
Затронутые продукты:EJABBERD : ejabberd 2.1
CVE:CVE-2014-8760 (ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:207 ] ejabberd (27.10.2014)

Многочисленные уязвимости безопасности в pidgin
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14053
Тип:удаленная
Уровень опасности:
5/10
Описание:Недостаточная проверка сертификата, повреждения памяти, обратный путь в каталогах, утечка информации.
Затронутые продукты:PIDGIN : Pidgin 2.10
Оригинальный текстdocumentSLACKWARE, [slackware-security] pidgin (SSA:2014-296-02) (27.10.2014)

DoS против OpenBSD
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14054
Тип:локальная
Уровень опасности:
5/10
Описание:Отказ системы при разборе ELF.
Затронутые продукты:OPENBSD : OpenBSD 5.5
Оригинальный текстdocumentAlejandro Hernandez, OpenBSD <= 5.5 Local Kernel Panic (27.10.2014)

DoS против libxml
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14055
Тип:библиотека
Уровень опасности:
5/10
Описание:Исчерпание ресурсов при разборе XML.
Затронутые продукты:LIBXML : libxml 2.7
CVE:CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:204 ] libxml2 (27.10.2014)

Многочисленные уязвимости безопасности в Apple Quicktime
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14057
Тип:клиент
Уровень опасности:
6/10
Описание:Повреждение памяти при декодировании видеофайлов, MIDI и m4a.
Затронутые продукты:APPLE : QuickTime 7.7
CVE:CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.)
 CVE-2014-4351 (Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.)
 CVE-2014-4350 (Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.)
 CVE-2014-1391 (QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2014-10-22-1 QuickTime 7.7.6 (27.10.2014)

DoS против routed в FreeBSD
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14058
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при разборе пакета RIP из нелокальной сети.
Затронутые продукты:FREEBSD : FreeBSD 8.4
 FREEBSD : FreeBSD 9.3
 FREEBSD : FreeBSD 10.1
CVE:CVE-2014-3955 (routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.)
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:21.routed (27.10.2014)

Переполнение буфера в rtsold в FreeBSD
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14059
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе ответа DNS.
Затронутые продукты:FREEBSD : FreeBSD 9.3
 FREEBSD : FreeBSD 10.1
CVE:CVE-2014-3954 (Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.)
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold (27.10.2014)

Утечка информации через namei в FreeBSD
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14060
Тип:локальная
Уровень опасности:
5/10
Описание:Утечка содержимого памяти ядра.
Затронутые продукты:FREEBSD : FreeBSD 9.3
 FREEBSD : FreeBSD 10.1
CVE:CVE-2014-3711 (namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.)
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:22.namei (27.10.2014)

Целочисленное переполнение в python
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14061
Тип:библиотека
Уровень опасности:
6/10
Описание:Целочисленное переполнение в buffer().
Затронутые продукты:PYTHOH : python 2.7
CVE:CVE-2014-7185 (Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:197 ] python (27.10.2014)

Уязвимости безопасности в Apple TV
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14063
Тип:клиент
Уровень опасности:
6/10
Описание:Несанкционированное подключение по Bluetooth, poodle-атака на SSL.
Затронутые продукты:APPLE : Apple TV 7.0
CVE:CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.)
 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2014-10-20-2 Apple TV 7.0.1 (27.10.2014)

Уязвимости безопасности в EMC Avamar
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14064
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, слабое шифрование паролей.
Затронутые продукты:EMC : Avamar 6.1
 EMC : Avamar 7.0
CVE:CVE-2014-4624 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.)
 CVE-2014-4623 (EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.)
Оригинальный текстdocumentEMC, ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability (27.10.2014)
 documentEMC, ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability (27.10.2014)

Утечка информации в EMC NetWorker Module for MEDITECH
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:14065
Тип:удаленная
Уровень опасности:
5/10
Описание:Пароли логгируются в открытом тексте.
Затронутые продукты:EMC : NetWorker Module for MEDITECH 3.0
CVE:CVE-2014-4620 (The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.)
Оригинальный текстdocumentEMC, ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability (27.10.2014)

Повреждение памяти в PHP
дополнено с 27 октября 2014 г.
Опубликовано:3 ноября 2014 г.
Источник:
SecurityVulns ID:14056
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждение памяти при разборе JPEG в exif_thumbnail(), exif_ifd_make_value(), переполнение буфера в XMLRPC, целочисленное переполнение в object_custom function.
Затронутые продукты:PHP : PHP 5.5
CVE:CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.)
 CVE-2014-3669 (Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.)
 CVE-2014-3668 (Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.)
Оригинальный текстdocumentUBUNTU, [USN-2391-1] php5 vulnerabilities (03.11.2014)
 documentMANDRIVA, [ MDVSA-2014:202 ] php (27.10.2014)

Многочисленные уязвимости безопасности в Apple iOS
дополнено с 27 октября 2014 г.
Опубликовано:3 ноября 2014 г.
Источник:
SecurityVulns ID:14062
Тип:библиотека
Уровень опасности:
6/10
Описание:Несанкционированное подключение по Bluetooth, недостаточное шифрование, недостаточная проверка сертификата, утечка информации, атаки poodle на SSL.
Затронутые продукты:APPLE : iOS 8.0
CVE:CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.)
 CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
 CVE-2014-4448 (House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.)
 CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.)
 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.)
Оригинальный текстdocumentVulnerability Lab, Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability (03.11.2014)
 documentAPPLE, APPLE-SA-2014-10-20-1 iOS 8.1 (27.10.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород