Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Sun Java JRE / JDK
дополнено с 29 октября 2007 г.
Опубликовано:30 октября 2007 г.
Источник:
SecurityVulns ID:8300
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные уязвимости выхода из ограниченной среды.
Затронутые продукты:SUN : JDK 1.4
 ORACLE : JRE 1.4
 SUN : JRE 5.0
 ORACLE : JDK 5.0
CVE:CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.)
 CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.)
 CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.)
 CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.)
 CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities.")
 CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.)
Оригинальный текстdocumentNGSSoftware Insight Security Research Advisory (NISR), Memory overwrites in JVM via malformed TrueType font (30.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Untrusted Java applet can connect to localhost (30.10.2007)

Уязвимости во многих утилитах IBM AIX (multiple bugs)
Опубликовано:30 октября 2007 г.
Источник:
SecurityVulns ID:8301
Тип:клиент
Уровень опасности:
7/10
Описание:Уязвимости в 7 различных утилитах: bellmail, ftp, lquerypv, lqueryvg, dig, crontab, swcons.
Затронутые продукты:IBM : AIX 5.3
 IBM : AIX 5.2
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 10.30.07: IBM AIX bellmail Stack Buffer Overflow Vulnerability (30.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.30.07: IBM AIX ftp domacro Parameter Buffer Overflow Vulnerability (30.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.30.07: IBM AIX lquerypv Stack Buffer Overflow Vulnerability (30.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.30.07: IBM AIX lqueryvg Stack Buffer Overflow Vulnerability (30.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.30.07: IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability (30.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.30.07: IBM AIX 5.2 crontab BSS Buffer Overflow Vulnerability (30.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.30.07: IBM AIX swcons Local Arbitrary File Access Vulnerability (30.10.2007)

Многочисленыне уязвимости в браузере Opera
Опубликовано:30 октября 2007 г.
Источник:
SecurityVulns ID:8302
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода, межсайтовый доступ.
Затронутые продукты:OPERA : Opera 9.23
CVE:CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.)
 CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.)
Оригинальный текстdocumentGENTOO, [ GLSA 200710-31 ] Opera: Multiple vulnerabilities (30.10.2007)

DoS против библиотеки сжатия zlib
дополнено с 6 июля 2005 г.
Опубликовано:30 октября 2007 г.
Источник:
SecurityVulns ID:4963
Тип:библиотека
Уровень опасности:
6/10
Описание:DoS на некорректном потоке (включая потоки PNG файлов).
Затронутые продукты:CVS : CVS 1.12
 QT : qt 3.3
 ZLIB : zlib 1.2
 ZSYNC : zsync 0.3
 SUN : Network Security Services 3.10
 sash : sash 3.7
 CURL : curl 7.17
 GSVIEW : GSview 4.8
CVE:CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.)
Оригинальный текстdocumentStefan Kanthak, Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) (30.10.2007)
 documentStefan Kanthak, Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) (19.10.2007)
 documentStefan Kanthak, Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) (19.10.2007)
 documentSECUNIA, zsync Multiple zlib Vulnerabilities (03.09.2005)
 documentSUSE, SUSE Security Announcement: zlib denial of service attack (SUSE-SA:2005:039) (06.07.2005)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород