FUSE symbolic links vulnerability
Published:		01.03.2011
Source:		BUGTRAQ
SecurityVulns ID:		11475
Type:		local
Level:		5/10
Description:		It's possible to unmount arbitrary directories.

CVE:		CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.)
		CVE-2011-0542 (fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.)
		CVE-2011-0541 (fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.)

Original document

UBUNTU, [USN-1077-1] FUSE vulnerabilities (01.03.2011)

Discuss:

Read or add your comments to this news (0 comments)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		01.03.2011
Source:
SecurityVulns ID:		11471
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		WORDPRESS : Mingle Forum 1.0
		WORDPRESS : WP Forum 1.7
		WORDPRESS : Question and Answer Forum 1.2
		WORDPRESS : NextGEN Gallery 1.7

Original document		difficult-511_(at)_hotmail.com, SnapProof (cart.php) Cross Site Scripting (01.03.2011)
		advisory_(at)_htbridge.ch, HTB22862: Path disclosure in NextGEN Gallery wordpress plugin (01.03.2011)
		advisory_(at)_htbridge.ch, HTB22861: XSS in Question and Answer Forum wordpress plugin (01.03.2011)
		advisory_(at)_htbridge.ch, HTB22860: SQL Injection in WP Forum wordpress plugin (01.03.2011)
		advisory_(at)_htbridge.ch, HTB22859: SQL Injection in WP Forum wordpress plugin (01.03.2011)
		advisory_(at)_htbridge.ch, HTB22858: SQL Injection in WP Forum wordpress plugin (01.03.2011)
		advisory_(at)_htbridge.ch, HTB22849: Path disclosure in Mingle Forum wordpress plugin (01.03.2011)
		advisory_(at)_htbridge.ch, HTB22848: XSS in Mingle Forum wordpress plugin (01.03.2011)

Discuss:

Read or add your comments to this news (0 comments)

FreeBSD / MacOS X crontab information leakage
Published:		01.03.2011
Source:		BUGTRAQ
SecurityVulns ID:		11472
Type:		remote
Level:		3/10
Description:		User can retrieve some information about files and directories he has no access to.

Original document

Dan Rosenberg, FreeBSD crontab information leakage (01.03.2011)

Discuss:

Read or add your comments to this news (0 comments)

Samba fd_set array overflow
Published:		01.03.2011
Source:		BUGTRAQ
SecurityVulns ID:		11473
Type:		remote
Level:		6/10
Description:		Memory corruption by setting large number of connections.

Affected:		SAMBA : Samba 3.4
CVE:		CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.)

Original document

MANDRIVA, [ MDVSA-2011:038 ] samba (01.03.2011)

Discuss:

Read or add your comments to this news (0 comments)

ClamAV antivirus double free vulnerability
Published:		01.03.2011
Source:		BUGTRAQ
SecurityVulns ID:		11474
Type:		remote
Level:		5/10
Description:		Double free() vuonerability on microsoft office documents VBA code parsing.

Affected:		CLAMAV : ClamAV 0.96
CVE:		CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.)

Discuss:

Read or add your comments to this news (0 comments)