Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в OpenJDK
Опубликовано:28 марта 2009 г.
Источник:
SecurityVulns ID:9777
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные DoS-условия, повреждения памяти при разборе различных форматов и запросов LDAP.
Затронутые продукты:OPENJDK : OpenJDK 6.0
CVE:CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation.")
 CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak.")
 CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.)
 CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.)
 CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation during display on the splash screen, aka CR 6804996, and (2) a crafted GIF image, aka CR 6804997.)
 CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.)
 CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.)
 CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.)
 CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).)
 CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.)
Оригинальный текстdocumentUBUNTU, [USN-748-1] OpenJDK vulnerabilities (28.03.2009)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:28 марта 2009 г.
Источник:
SecurityVulns ID:9778
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:MOODLE : Moodle 1.6
 MOODLE : Moodle 1.7
 MOODLE : Moodle 1.8
 MOODLE : moodle 1.9
 NOVELL : Netstorage 3.1
Оригинальный текстdocumentMustLive, Cross-Site Scripting vulnerability in Webglimpse (28.03.2009)
 documentBugs NotHugs, Aurora Nutritive Analysis Module Multiple XSS (28.03.2009)
 documentChristian Eibl, Moodle: Sensitive File Disclosure (28.03.2009)
 documentBugs NotHugs, Novell Netstorage Multiple Vulnerabilities (28.03.2009)

Многочисленные уязвимости безопасности в Sun Java (JRE / JWS)
Опубликовано:28 марта 2009 г.
Источник:
SecurityVulns ID:9776
Тип:библиотека
Уровень опасности:
7/10
Описание:Многочисленные целочисленные переполнения и повреждения памяти при разборе различных форматов данных.
Затронутые продукты:ORACLE : JDK 5.0
 ORACLE : JDK 6.0
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability (28.03.2009)
 documentIDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability (28.03.2009)
 documentIDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability (28.03.2009)
 documentIDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) GIF Decoding Heap Corruption Vulnerability (28.03.2009)
 documentIDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability (28.03.2009)

Исчерпание памяти в squid
Опубликовано:28 марта 2009 г.
Источник:
SecurityVulns ID:9779
Тип:удаленная
Уровень опасности:
5/10
Описание:Исчерпание памяти при работе с сервером по протоколу ICAP.
Оригинальный текстdocumentMartin Huter, ICAP adaptation: missing data flow control to client side (28.03.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород