Информационная безопасность
[RU] switch to English


Подмена сигнатур RSA в библиотеке Mozilla NSS
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13978
Тип:библиотека
Уровень опасности:
6/10
Описание:Обход проверки сигнатуры из-за неправильной обработки длины записи в ASN.1
Затронутые продукты:MOZILLA : Firefox 32.0
 MOZILLA : Firefox ESR 31.1
 MOZILLA : Thunderbird 31.1
 MOZILLA : SeaMonkey 2.29
 MOZILLA : nss 3.17
Файлы:Mozilla Foundation Security Advisory 2014-73

Многочисленные уязвимости безопасности в libvncserver
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13979
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнения буфера, повреждения памяти, DoS.
Затронутые продукты:LIBVNCSERVER : LibVNCServer 0.9
CVE:CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.)
 CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.)
 CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.)
 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.)
 CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.)
Оригинальный текстdocumentAndrea Barisani, [oCERT-2014-007] libvncserver multiple issues (29.09.2014)

Переполнение стека в Perl
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13980
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера при рекурсии.
Затронутые продукты:PERL : perl 5.20
CVE:CVE-2014-4330 (The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.)
Оригинальный текстdocumentLSE Leading Security Experts GmbH (Security Advisories), LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow (29.09.2014)

Многочисленные уязвимости безопасности в wireshark
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13981
Тип:удаленная
Уровень опасности:
6/10
Описание:Повреждения памяти и DoS условия при разборе различных форматов.
Затронутые продукты:WIRESHARK : Wireshark 1.10
CVE:CVE-2014-6432 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.)
 CVE-2014-6431 (Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.)
 CVE-2014-6430 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.)
 CVE-2014-6429 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.)
 CVE-2014-6428 (The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2014-6427 (Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.)
 CVE-2014-6424 (The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.)
 CVE-2014-6423 (The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.)
 CVE-2014-6422 (The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.)
 CVE-2014-6421 (Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:188 ] wireshark (29.09.2014)

Обход проверки сертификата в libgadu
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13982
Тип:библиотека
Уровень опасности:
5/10
Описание:Не проверяется сертификат сервера.
Затронутые продукты:LIBGADU : libgadu 1.12
CVE:CVE-2013-4488 (libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:185 ] libgadu (29.09.2014)

DoS против net-snmp
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13983
Тип:удаленная
Уровень опасности:
5/10
Описание:Обращение по нулевому адресу в snmptrapd.
Затронутые продукты:NETSNMP : net-snmp 5.7
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:184 ] net-snmp (29.09.2014)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 3 сентября 2014 г.
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13951
Тип:удаленная
Уровень опасности:
7/10
Описание:DoS через SCTP, многочисленные DoS условия и утечка информации в ALSA, DoS через autofs.
Затронутые продукты:LINUX : kernel 3.15
CVE:CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.)
 CVE-2014-5471 (Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.)
 CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.)
 CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.)
 CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.)
 CVE-2014-4655 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.)
 CVE-2014-4654 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.)
 CVE-2014-4653 (sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.)
 CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.)
 CVE-2014-4508 (arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.)
 CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.)
 CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.)
Оригинальный текстdocumentUBUNTU, [USN-2359-1] Linux kernel vulnerabilities (29.09.2014)
 documentUBUNTU, [USN-2332-1] Linux kernel vulnerabilities (03.09.2014)

Обход фильтрации в Glype
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13985
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможен доступ к локальным адресам по десятичным адресам. Обратный путь к каталогам.
Затронутые продукты:GLYPE : glype 1.4
Оригинальный текстdocumentSecurify B.V., Glype proxy cookie jar path traversal allows code execution (29.09.2014)
 documentSecurify B.V., Glype proxy privacy settings can be disabled via CSRF (29.09.2014)
 documentSecurify B.V., Glype proxy local address filter bypass (29.09.2014)

Утечка информации в nginx
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13986
Тип:удаленная
Уровень опасности:
5/10
Описание:Некорректное использование кэшированных сессий.
Затронутые продукты:NGINX : nginx 1.4
CVE:CVE-2014-3616 (nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.)
Оригинальный текстdocumentUBUNTU, [USN-2351-1] nginx vulnerability (29.09.2014)

Многочисленные уязвимости безопасности в Cisco IOS
Опубликовано:29 сентября 2014 г.
Источник:
SecurityVulns ID:13984
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные DoS-уязвимости.
CVE:CVE-2014-3361 (The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.)
 CVE-2014-3360 (Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586.)
 CVE-2014-3359 (Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets, aka Bug ID CSCum90081.)
 CVE-2014-3358 (Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950.)
 CVE-2014-3357 (Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866.)
 CVE-2014-3356 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753.)
 CVE-2014-3355 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942.)
 CVE-2014-3354 (Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCui11547.)
Файлы: Cisco Security Advisory Cisco IOS Software Metadata Vulnerabilities
  Cisco Security Advisory Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System
  Cisco Security Advisory Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability
  Cisco Security Advisory Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
  Cisco Security Advisory Cisco IOS Software Network Address Translation Denial of Service Vulnerability
  Cisco Security Advisory Cisco IOS Software RSVP Vulnerability

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород