Computer Security
[EN] securityvulns.ru no-pyccku


HAProxy security vulnerabilities
updated since 06.05.2013
Published:01.07.2013
Source:
SecurityVulns ID:13061
Type:remote
Threat Level:
6/10
Description:Few memory corruptions.
Affected:HAPROXY : haproxy 1.4
 HAPROXY : haproxy 1.5
CVE:CVE-2013-2175 (HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.)
 CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.)
 CVE-2012-2942 (Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.)
Original documentdocumentUBUNTU, [USN-1889-1] HAProxy vulnerability (01.07.2013)
 documentUBUNTU, [USN-1800-1] HAProxy vulnerabilities (06.05.2013)

OpenStack multiple security vulnerabilities
updated since 17.06.2013
Published:01.07.2013
Source:
SecurityVulns ID:13128
Type:library
Threat Level:
6/10
Description:Keystone protection bypass and authentication bypass, Nova DoS.
Affected:OPENSTACK : Nova 2012.2
 OPENSTACK : KeyStone 2012.2
 OPENSTACK : Grizzly 2013.1
 OPENSTACK : Nova 2013.1
 OPENSTACK : OpenStack Object Storage 1.7
CVE:CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.)
 CVE-2013-2161 (XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.)
 CVE-2013-2157 (OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.)
 CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.)
 CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.)
 CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.)
 CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.)
 CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.)
Original documentdocumentUBUNTU, [USN-1887-1] OpenStack Swift vulnerabilities (01.07.2013)
 documentUBUNTU, [USN-1831-1] OpenStack Nova vulnerability (17.06.2013)
 documentUBUNTU, [USN-1830-1] OpenStack Keystone vulnerability (17.06.2013)
 documentUBUNTU, [USN-1875-1] OpenStack Keystone vulnerabilities (17.06.2013)

puppet code exeuction
Published:01.07.2013
Source:
SecurityVulns ID:13139
Type:remote
Threat Level:
7/10
Description:Code execution via YAML object deserialization.
Affected:PUPPET : puppet 2.7
 PUPPET : puppet 2.8
 PUPPET : Puppet 3.2
CVE:CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.)
Files:CVE-2013-3567 (Unauthenticated Remote Code Execution Vulnerability)

Ruby certificate spoofing
Published:01.07.2013
Source:
SecurityVulns ID:13140
Type:m-i-t-m
Threat Level:
5/10
Description:It's possible to bypass certificate name check.
Affected:RUBY : ruby 1.9
CVE:CVE-2013-4073 (The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.)
Original documentdocumentSLACKWARE, [slackware-security] ruby (SSA:2013-178-01) (01.07.2013)

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Published:01.07.2013
Source:
SecurityVulns ID:13141
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, code execution, information leakages, crossite scripting, protection bypass.
Affected:MOZILLA : Thunderbird 17.0
 MOZILLA : Firefox ESR 17.0
 MOZILLA : Firefox 21.0
CVE:CVE-2013-1700 (The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location.)
 CVE-2013-1699 (The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters.)
 CVE-2013-1698 (The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements.)
 CVE-2013-1697 (The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.)
 CVE-2013-1696 (Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.)
 CVE-2013-1695 (Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.)
 CVE-2013-1694 (The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag.)
 CVE-2013-1693 (The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code.)
 CVE-2013-1692 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.)
 CVE-2013-1690 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.)
 CVE-2013-1688 (The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.)
 CVE-2013-1687 (The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.)
 CVE-2013-1686 (Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2013-1685 (Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.)
 CVE-2013-1684 (Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.)
 CVE-2013-1683 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2013-1682 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
Files:Mozilla Foundation Security Advisory 2013-51
 Mozilla Foundation Security Advisory 2013-50
 Mozilla Foundation Security Advisory 2013-49
 Mozilla Foundation Security Advisory 2013-62
 Mozilla Foundation Security Advisory 2013-61
 Mozilla Foundation Security Advisory 2013-60
 Mozilla Foundation Security Advisory 2013-59
 Mozilla Foundation Security Advisory 2013-58
 Mozilla Foundation Security Advisory 2013-57
 Mozilla Foundation Security Advisory 2013-56
 Mozilla Foundation Security Advisory 2013-55
 Mozilla Foundation Security Advisory 2013-54
 Mozilla Foundation Security Advisory 2013-53
 Mozilla Foundation Security Advisory 2013-52

xml-security-c security vulnerabilities
Published:01.07.2013
Source:
SecurityVulns ID:13142
Type:library
Threat Level:
6/10
Description:Stack overflow, heap buffer overflow.
Affected:APACHE : xml-security-c 1.7
CVE:CVE-2013-2210 (Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.)
 CVE-2013-2156 (Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute.)
 CVE-2013-2155 (Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions.)
 CVE-2013-2154 (Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.)
 CVE-2013-2153 (The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue.")
Original documentdocumentCantor, Scott E., Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability (01.07.2013)
 documentCantor, Scott E., CVE-2013-2155: Apache Santuario C++ denial of service vulnerability (01.07.2013)
 documentCantor, Scott E., CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability (01.07.2013)
 documentCantor, Scott E., CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability (01.07.2013)
 documentCantor, Scott E., CVE-2013-2210 (01.07.2013)
 documentDEBIANAN, [SECURITY] [DSA 2710-1] xml-security-c security update (01.07.2013)
 documentDEBIANAN, [SECURITY] [DSA 2717-1] xml-security-c security update (01.07.2013)

libcurl uninitialized memory reference
Published:01.07.2013
Source:
SecurityVulns ID:13144
Type:library
Threat Level:
5/10
Description:Uninitialized memory access in curl_easy_unescape()
Affected:CURL : libcurl 7.24
CVE:CVE-2013-2174 (Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:180 ] curl (01.07.2013)

FreeBSD mmap+ptrace vulnerability
Published:01.07.2013
Source:
SecurityVulns ID:13145
Type:local
Threat Level:
7/10
Description:It's possible to modify mmap memory mapped files via ptrace.
Affected:FREEBSD : FreeBSD 9.1
CVE:CVE-2013-2171 (The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.)
Original documentdocumentHunger, Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :) (01.07.2013)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-13:06.mmap [REVISED] (01.07.2013)
Files:FreeBSD 9.{0,1} mmap/ptrace exploit

libRaw / libKDcraw memory corruption
Published:01.07.2013
Source:
SecurityVulns ID:13146
Type:library
Threat Level:
5/10
Description:Memory corruption on full-color images processing.
Affected:LIBRAW : libraw 0.14
 LIBKDCRAW : libkdcraw 4.8
CVE:CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.)
Original documentdocumentUBUNTU, [USN-1885-1] libKDcraw vulnerability (01.07.2013)
 documentUBUNTU, [USN-1884-1] LibRaw vulnerability (01.07.2013)

Apple iOS personal hotspot unauthorized access
Published:01.07.2013
Source:
SecurityVulns ID:13147
Type:remote
Threat Level:
5/10
Description:Password is generated using short wordlist.
Affected:APPLE : iPhone 5
 APPLE : iPhone 4GS
 APPLE : iPhone 4G
Original documentdocumentJeffrey Walton, Apple and Wifi Hotspot Credentials Management Vulnerability (01.07.2013)

nfs-utils rpc.gssd privilege escalation
Published:01.07.2013
Source:
SecurityVulns ID:13148
Type:remote
Threat Level:
4/10
Description:Unsafe PTR DNS record resoulution is used in a security related operation.
Affected:NFSUTILS : nfs-utils 1.2
CVE:CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:178 ] nfs-utils (01.07.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod