Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в mod_proxy_ftp под Apache
дополнено с 23 сентября 2009 г.
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10253
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ в обслуживании, обход ограничений.
Затронутые продукты:APACHE : Apache 2.0
 APACHE : Apache 2.2
 HP : HP Secure Web Server 2.1
CVE:CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.)
 CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.)
Оригинальный текстdocumentHP, [security bulletin] HPSBOV02506 SSRT090244 rev.1 - HP Secure Web Server for OpenVMS (based on Apache) CSWS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification of Information (31.03.2010)
 documentMANDRIVA, [ MDVSA-2009:240 ] apache (23.09.2009)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10726
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:VIEWVC : ViewVC 1.0
 APACHE : ActiveMQ 5.3
 OXID : eShop EE 4.2
 VIEWVC : viewvc 1.1
 PHOTOPOST : vBGallery 2.5
 OSSIM : OSSIM 2.2
CVE:CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.)
 CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.)
Оригинальный текстdocumentnicolas.grandjean_(at)_conix.fr, Multiple XSS vulnerabilities in OSSIM 2.2.1 (31.03.2010)
 documentAndreas Kirbach, SQL Injection Vulnerabilitie in PhotoPost vBGallery 2.5 (31.03.2010)
 documentinfo_(at)_securitylab.ir, XSS vulnerability in easy page cms (31.03.2010)
 documentinfo_(at)_securitylab.ir, Joomla Component com_xmap Sql Injection Vulnerability (31.03.2010)
 documentinfo_(at)_securitylab.ir, Joomla Component com_weblinks Sql Injection Vulnerability (31.03.2010)
 documentSECUNIA, Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting (31.03.2010)
 documentmichael.mueller_(at)_integralis.com, OXID eShop Enterprise: Session Fixation and XSS Vulnerabilities (31.03.2010)
 documentrajat swarup, CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting (XSS) Vulnerability (31.03.2010)

Повышение привилегий в Varnish
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10728
Тип:локальная
Уровень опасности:
5/10
Описание:Имеется процесс, выполняющий команды пользователя с привилегиями root.
Затронутые продукты:REDPILLLINPRO : Varnish 2.0
 VARNISH : Varnish 2.1
CVE:CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.")
Оригинальный текстdocumentTim Brown, Medium security hole in Varnish reverse proxy (31.03.2010)

Повышение привилегий в emacs
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10729
Тип:локальная
Уровень опасности:
5/10
Описание:Возможен доступ к файлам других пользвоателей через email helper.
Затронутые продукты:EMACS : emacs 22.2
 EMACS : emacs 23.1
CVE:CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.)
Оригинальный текстdocumentUBUNTU, [USN-919-1] Emacs vulnerability (31.03.2010)

Переполнение буфера в aircrack-ng
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10730
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе пакетов IEEE 802.11 EAPOL.
Оригинальный текстdocumentLukas Lueg, Remote buffer overflow in aircrack-ng causes DOS and possible code execution (31.03.2010)

Доступ по NFS в HP-UX с NFS/ONCplus
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10731
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP-UX 11.31
CVE:CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02509 SSRT100032 rev.1 - HP-UX Running NFS/ONCplus, NFS Inadvertently Enabled (31.03.2010)

DoS через AudFilter в HP-UX
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10732
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:HP : HP-UX 11.31
CVE:CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02514 SSRT100010 rev.1 - HP-UX running AudFilter rules enabled, Local Denial of Service (DoS) (31.03.2010)

Многочисленные уязвимости безопасности в HP SOA Registry Foundation
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10733
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, выполнение кода, повышение привилегий.
Затронутые продукты:HP : SOA Registry Foundation 6.63
 HP : SOA Registry Foundation 6.64
CVE:CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors.)
 CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.)
 CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02490 SSRT090222 rev.1 - HP SOA Registry Foundation, Remote Unauthorized Access to Data, Cross Site Scripting (XSS), Privilege Escalation (31.03.2010)

Многочисленные уязвимости безопасности в HP Insight Control for Linux
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10734
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода, повышение привилегий.
Затронутые продукты:HP : Insight Control for Linux 5.0
CVE:CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors.)
 CVE-2009-2288 (statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02513 SSRT090110 rev.1 - Insight Control for Linux (IC-Linux) Remote Execution of Arbitrary Code, Local Unauthorized Elevation of Privilege (31.03.2010)

Многочисленные уязвимости в WebAccess продуктов VMWare
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10735
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости межсайтового скриптинга.
Затронутые продукты:VMWARE : VMware Server 1.0
 VMWARE : VMware ESX 3.0
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Server 2.0
 VMWARE : Virtual Center 2.5
 VMWARE : Virtual Center 2.0
CVE:CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.)
 CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.)
 CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability.")
 CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data.")
Оригинальный текстdocumentTrustwave Advisories, Trustwave's SpiderLabs Security Advisory TWSL2010-002 (31.03.2010)
 documentVMWARE, VMSA-2010-0005 VMware products address vulnerabilities in WebAccess (31.03.2010)

Переполнение буфера в OpenDcHub
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10736
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе сообщений MyINFO.
Затронутые продукты:OPENDCHUB : OpenDcHub 0.8
Оригинальный текстdocumentPierre Noguès, OpenDcHub 0.8.1 Remote Code Execution Exploit (31.03.2010)
Файлы:OpenDcHub 0.8.1 Remote Code Execution Exploit

Повышение привилегий в Apple iTunes на Windows
Опубликовано:31 марта 2010 г.
Источник:
SecurityVulns ID:10738
Тип:удаленная
Уровень опасности:
5/10
Описание:Приложение запускается с правами локальной системы из папки, в которую имеют доступ непривилегированные пользователи, что позволяет подменить динамические библиотеки.
Затронутые продукты:APPLE : iTunes 9.0
CVE:CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.)
Оригинальный текстdocumentjason_(at)_ngssoftware.com, Elevation of Privilege Vulnerability in iTunes for Windows (31.03.2010)

Многочисленные уязвимости в Microsoft Internet Explorer
дополнено с 31 марта 2010 г.
Опубликовано:5 апреля 2010 г.
Источник:
SecurityVulns ID:10725
Тип:удаленная
Уровень опасности:
9/10
Описание:Многочисленные уязвимости используются для скрытой установки вредоносного кода.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability.")
 CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability.")
 CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability.")
 CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability.")
 CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability.")
 CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-033: Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability (05.04.2010)
 documentIDEFENSE, iDefense Security Advisory 03.30.10: Microsoft Internet Explorer 'onreadystatechange' Use After Free Vulnerability (31.03.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182) (31.03.2010)
Файлы:Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182)

Многочисленные уязвимости безопасности в Oracle Sun Java
дополнено с 31 марта 2010 г.
Опубликовано:7 апреля 2010 г.
Источник:
SecurityVulns ID:10737
Тип:библиотека
Уровень опасности:
9/10
Описание:Переполнение буфера при разборе Soundbank, переполнения буфера при разборе изображений и архивов. Многочисленные повышения привилегий и выполнение кода.
Затронутые продукты:SUN : JDK 1.6
 SUN : JRE 1.6
 ORACLE : JRE 6
 ORACLE : JDK 6
CVE:CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.)
 CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.)
 CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.)
 CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".)
 CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability.")
 CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.)
 CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.)
 CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
Оригинальный текстdocumentUBUNTU, [USN-923-1] OpenJDK vulnerabilities (07.04.2010)
 documentZDI, ZDI-10-057: Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-059: Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability (06.04.2010)
 documentZDI, ZDI-10-052: Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-054: Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-056: Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Sun Java JDK/JRE Unpack200 Buffer Overflow Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Pointer Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Index Vulnerability (05.04.2010)
 documentSECUNIA, Secunia Research: Sun Java JDK/JRE Soundbank Resource Parsing Buffer Overflow (31.03.2010)
 documentSECUNIA, Secunia Research: Sun Java JDK/JRE Soundbank Resource Name Buffer Overflow (31.03.2010)
 documentIDEFENSE, iDefense Security Advisory 03.30.10: Oracle Java Runtime Environment Image FIle Buffer Overflow Vulnerability (31.03.2010)

Переполнение буфера в FTP-сервере Novell Netware
дополнено с 31 марта 2010 г.
Опубликовано:23 марта 2011 г.
Источник:
SecurityVulns ID:10727
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в командах rmdir/mkdir/dele.
Затронутые продукты:NOVELL : Netware 6.5
CVE:CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.)
 CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.)
Оригинальный текстdocumentZDI, ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability (23.03.2011)
 documentZDI, ZDI-10-062: Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities (06.04.2010)
 documentFrancis Provencher, {PRL} Novell Netware FTP Remote Stack Overflow (31.03.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород