Информационная безопасность
[RU] switch to English


DoS против Firebird SQL
Опубликовано:29 июля 2009 г.
Источник:
SecurityVulns ID:10107
Тип:удаленная
Уровень опасности:
5/10
Описание:Запрос op_connect_request с некорректным параметром приводит к закрытию слушающего сокета и вечному циклу.
Затронутые продукты:FIREBIRD : Firebird SQL 2.0
 FIREBIRD : Firebird SQL 2.1
 FIREBIRD : Firebird SQL 2.5
CVE:CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0707: Firebird SQL op_connect_request main listener shutdown vulnerability (29.07.2009)

Переполнения буфера в eCryptfs под Linux
Опубликовано:29 июля 2009 г.
Источник:
SecurityVulns ID:10108
Тип:локальная
Уровень опасности:
6/10
Описание:Переполнения буфера при обработке вызовов parse_tag_11_packet и parse_tag_3_packet.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.)
 CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.)
Оригинальный текстdocumentRISE Security, [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability (29.07.2009)
 documentRISE Security, [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability (29.07.2009)

DoS против ядра Linux
Опубликовано:29 июля 2009 г.
Источник:
SecurityVulns ID:10110
Тип:локальная
Уровень опасности:
5/10
Описание:Обращение по нулевому указателю при работе с /dev/kvm
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.)

DoS против серверов HP c LO100i (HP Lights Out 100)
Опубликовано:29 июля 2009 г.
Источник:
SecurityVulns ID:10111
Тип:удаленная
Уровень опасности:
5/10
CVE:CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, and G6 servers with ProLiant Onboard Administrator Powered by LO100i (formerly Lights Out 100) 3.07 and earlier allows remote attackers to cause a denial of service via unknown vectors.)

DoS через BGP против Cisco IOS
Опубликовано:29 июля 2009 г.
Источник:
SecurityVulns ID:10112
Тип:удаленная
Уровень опасности:
6/10
Описание:Несколько условий отказа в обслуживании при разборе BGP update с 4-байтовыми номерами автономных систем.
Затронутые продукты:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 CISCO : IOS XE 2.1
 CISCO : IOS XE 2.2
 CISCO : IOS XE 2.3
 CISCO : IOS XE 2.4
CVE:CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973.)
 CVE-2009-1168 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities (29.07.2009)

DoS против DNS-сервера ISC bind
дополнено с 29 июля 2009 г.
Опубликовано:30 июля 2009 г.
Источник:
SecurityVulns ID:10109
Тип:удаленная
Уровень опасности:
8/10
Описание:Отказ при получении сообщения динамического обновления с типом записи ANY (даже если динамические обновления не разрешены).
Затронутые продукты:BIND : bind 9.4
 BIND : bind 9.5
 ISC : bind 9.6
CVE:CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.)
Оригинальный текстdocumentISC, BIND Dynamic Update DoS (29.07.2009)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:12.bind (29.07.2009)
Файлы:ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 29 июля 2009 г.
Опубликовано:7 августа 2009 г.
Источник:
SecurityVulns ID:10105
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти, кроме того, добавлено временное решение для уязвимости библиотеки ATL.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2009-1917 (Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-09-047: Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability (07.08.2009)
 documentZDI, ZDI-09-048: Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability (07.08.2009)
 documentMICROSOFT, iDefense Security Advisory 08.06.09: Microsoft Internet Explorer HTML TIME 'ondatasetcomplete' Use After Free Vulnerability (07.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer (972260) (29.07.2009)
Файлы:Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer (972260)

Многочисленные уязвимости в библиотеке Microsoft Active Template Library (ATL)
дополнено с 29 июля 2009 г.
Опубликовано:13 октября 2009 г.
Источник:
SecurityVulns ID:10106
Тип:библиотека
Уровень опасности:
9/10
Описание:Повреждения памяти, утечка информации, проблема с инициализацией, приводящие к обходу проверки kill-bit.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability.")
 CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability.")
 CVE-2009-0901 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525) (13.10.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525) (13.10.2009)
 documentIDEFENSE, iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability (20.08.2009)
 documentIDEFENSE, iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Information Disclosure Vulnerability (20.08.2009)
 documentIDEFENSE, iDefense Security Advisory 08.11.09: Multiple Vendor Microsoft ATL/MFC ActiveX Type Confusion Vulnerability (20.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-037 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) (11.08.2009)
 documentCISCO, Cisco Security Advisory: Active Template Library (ATL) Vulnerability (29.07.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-209A -- Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities (29.07.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) (29.07.2009)
Файлы:Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
 Microsoft Security Bulletin MS09-037 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
 Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525)
 Microsoft Security Bulletin MS09-060 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород