Computer Security
[EN] securityvulns.ru no-pyccku


Cisco IOS multiple security vulnerabilities
updated since 26.03.2009
Published:01.04.2009
Source:
SecurityVulns ID:9772
Type:remote
Threat Level:
7/10
Description:Multiple DoS conditions in TCP, cTCP, Mobile IP/Mobile IPv6, WebVPN, SSLVPN implementations, SCP privilege escalation.
Affected:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 CISCO : CISCO 5520
CVE:CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.)
 CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.)
 CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337.)
 CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220.)
 CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets.)
 CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.)
 CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.)
Original documentdocumentBugs NotHugs, Cisco ASA5520 Web VPN Host Header XSS (01.04.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities (26.03.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability (26.03.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Secure Copy Privilege Escalation Vulnerability (26.03.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities (26.03.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS cTCP Denial of Service Vulnerability (26.03.2009)

PayPal resource exhaustion
Published:01.04.2009
Source:
SecurityVulns ID:9780
Type:remote
Threat Level:
6/10
Description:Vulnerability: malicious Web site can cause Denial of Service by forcing user into spending money from his PayPal account to buy different unnecessary things, leading to situation of resource consumption where user can not obtain his daily bread on this day. Workaround: put more money into PayPal account or use cheat codes. Solution: waiting for vendor fix to create official inexhaustible accounts.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:01.04.2009
Source:
SecurityVulns ID:9781
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RotaBanner: crossite scripting.
Affected:ZABBIX : Zabbix 1.6
 SUN : Calendar Server 6.0
 SUN : Calendar Server 6.3
 WEVEDITION : webEdition 6.0
 JOBHUT : JobHut 1.2
 COMMUNITYCMS : Community CMS 0.5
 FAMILYCMS : Family Connection 1.8
 GLFUSION : glFusion 1.1
 MAPSERVER : MapServer 5.2
 MAPSERVER : MapServer 4.10
CVE:CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.)
 CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.)
 CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.)
 CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.)
 CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.)
Original documentdocumentPositron Security, Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3 (01.04.2009)
 documentrgod, glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit (01.04.2009)
 documentSalvatore "drosophila" Fresta, Family Connections 1.8.1 Multiple Remote Vulnerabilities (01.04.2009)
 documentSalvatore "drosophila" Fresta, Community CMS 0.5 Multiple SQL Injection Vulnerabilities (01.04.2009)
 documentAdam Baldwin, Zabbix Multiple Frontend CSRF (Password reset & command execution) (01.04.2009)
 documentvuln_(at)_e-rdc.org, [ECHO_ADV_108$2009] JobHut <= 1.2 (pk) Remote Sql Injection Vulnerability (01.04.2009)
 documentjoseph.giron13_(at)_gmail.com, aspWebCalendar Free Edition bug (01.04.2009)
 documentSalvatore "drosophila" Fresta, webEdition 6.0.0.4 Local File Inclusion (01.04.2009)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server (01.04.2009)
 documentMustLive, New vulnerabilities in RotaBanner (01.04.2009)
Files:glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit

UiltraISO multiple security vulnerabilities
Published:01.04.2009
Source:
SecurityVulns ID:9782
Type:local
Threat Level:
5/10
Description:Format string vulnerability via image filename. Buffer overflows on different disk image formats prasing.
Affected:ULTRAISO : UltraISO 9.3
CVE:CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.)
 CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.)
Original documentdocumentSECUNIA, Secunia Research: UltraISO Image Parsing Buffer Overflow Vulnerabilities (01.04.2009)
 documentSECUNIA, Secunia Research: UltraISO Image Name Parsing Format String Vulnerabilities (01.04.2009)

PrecisionID ActiveX unsafe methods
Published:01.04.2009
Source:
SecurityVulns ID:9783
Type:client
Threat Level:
5/10
Description:Unsafe SaveBarCode() and SaveEnhWMF() methods allow files overwriting.
Original documentdocumentDSecRG, [DSECRG-09-030] PrecisionID Datamatrix ActiveX control - Arbitrary File overwriting (01.04.2009)

SAP SAPDB crossite scripting
Published:01.04.2009
Source:
SecurityVulns ID:9784
Type:remote
Threat Level:
5/10
Description:Crossite scripting in Web Database engine on TCP/9999 port.
Original documentdocumentAlexandr Polyakov, [DSECRG-09-016] SAP SAPDB Multiple XSS (01.04.2009)

IBM WebSphere Application Server crossite scripting
Published:01.04.2009
Source:
SecurityVulns ID:9785
Type:remote
Threat Level:
5/10
Description:Multiple crossite scripting possibilities.
Affected:IBM : WebSphere Application Server 7.0
 IBM : WebSphere Application Server 6.1
Original documentdocumentDSecRG, [DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities (01.04.2009)

Trend Micro Internet Security Pro privilege escalation
Published:01.04.2009
Source:
SecurityVulns ID:9786
Type:local
Threat Level:
5/10
Description:tmactmon.sys driver IOCTL processing privilege escalation.
Affected:TM : Trend Micro Internet Security 2008
 TM : Trend Micro Internet Security 2009
CVE:CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.)
Original documentdocumentValery Marchuk, [Positive Technologies SA 2009-09] Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities (01.04.2009)

OpenSSL library BMPString DoS
Published:01.04.2009
Source:
SecurityVulns ID:9787
Type:library
Threat Level:
5/10
Description:Crash on UniversalString and BMPString parsing.
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.)
Original documentdocumentUBUNTU, [USN-750-1] OpenSSL vulnerability (01.04.2009)

nss-ldapd Weak file permissions
Published:01.04.2009
Source:
SecurityVulns ID:9788
Type:local
Threat Level:
5/10
Description:/etc/nss-ldapd.conf flie with LDAP password is world readable.
Affected:NSSLDAP : nss-ldapd 0.6
CVE:CVE-2009-1073 (nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure (01.04.2009)

Check Point Firewall-1 PKI Web Service buffer overflow
Published:01.04.2009
Source:
SecurityVulns ID:9789
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows on HTTP headers parsing.
Original documentdocumentBugs NotHugs, Check Point Firewall-1 PKI Web Service HTTP Header Remote Overflow (01.04.2009)

auth2db SQL injection
Published:01.04.2009
Source:
SecurityVulns ID:9790
Type:remote
Threat Level:
5/10
Description:SQL injection on multibyte character encodings.
Affected:AUTH2DB : auth2db 0.2
Original documentdocumentDEBIAN, [SECURITY] [DSA 1757-1] New auth2db packages fix SQL injection (01.04.2009)

Openswan / Strongswan DoS
Published:01.04.2009
Source:
SecurityVulns ID:9791
Type:m-i-t-m
Threat Level:
5/10
Description:Crash on R_U_THERE or R_U_THERE_ACK packets replay attack.
Affected:OPENSWAN : Openswan 2.6
 STRONGSWAN : Strongswan 4.2
CVE:CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.)
Original documentdocumentPaul Wouters, CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec (01.04.2009)

MIT Kerberos 5 DoS
Published:01.04.2009
Source:
SecurityVulns ID:9792
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on malformed packet.
Affected:MIT : krb5 1.6
CVE:CVE-2009-0845 (The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:082 ] krb5 (01.04.2009)

Mozilla Firefox / Seamonkey / Thunderbird multiple security vulnerabilities
updated since 06.03.2009
Published:01.04.2009
Source:
SecurityVulns ID:9712
Type:remote
Threat Level:
7/10
Description:Crossite XML access, multiple memory corruptions.
Affected:MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
 MOZILLA : Firefox 3.0
CVE:CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.)
 CVE-2009-1044 (Unspecified vulnerability in Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.)
 CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.)
 CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.)
 CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.)
 CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.)
 CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.)
 CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.)
 CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.)
 CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.)
Original documentdocumentZDI, ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability (01.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-12 (01.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-13 (01.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-11 (06.03.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-10 (06.03.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-09 (06.03.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-08 (06.03.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-07 (06.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod