Computer Security
[EN] securityvulns.ru no-pyccku


FUSE symbolic links vulnerability
Published:01.03.2011
Source:
SecurityVulns ID:11475
Type:local
Threat Level:
5/10
Description:It's possible to unmount arbitrary directories.
CVE:CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.)
 CVE-2011-0542 (fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.)
 CVE-2011-0541 (fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.)
Original documentdocumentUBUNTU, [USN-1077-1] FUSE vulnerabilities (01.03.2011)

FreeBSD / MacOS X crontab information leakage
Published:01.03.2011
Source:
SecurityVulns ID:11472
Type:remote
Threat Level:
3/10
Description:User can retrieve some information about files and directories he has no access to.
Original documentdocumentDan Rosenberg, FreeBSD crontab information leakage (01.03.2011)

Samba fd_set array overflow
Published:01.03.2011
Source:
SecurityVulns ID:11473
Type:remote
Threat Level:
6/10
Description:Memory corruption by setting large number of connections.
Affected:SAMBA : Samba 3.4
CVE:CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:038 ] samba (01.03.2011)

ClamAV antivirus double free vulnerability
Published:01.03.2011
Source:
SecurityVulns ID:11474
Type:remote
Threat Level:
5/10
Description:Double free() vuonerability on microsoft office documents VBA code parsing.
Affected:CLAMAV : ClamAV 0.96
CVE:CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod