Computer Security
[EN] securityvulns.ru no-pyccku


Linux /bin/login privilege escalation
Published:01.12.2008
Source:
SecurityVulns ID:9472
Type:local
Threat Level:
5/10
Description:It's possible to escalate privileges from utmp group to root.
Original documentdocumentPaul Szabo, /bin/login gives root to group utmp (01.12.2008)
Files:Debian Bug report logs - #505271 symlink attack in login leading to arbitrary file ownership

PHP dba_replace() DoS
Published:01.12.2008
Source:
SecurityVulns ID:9469
Type:library
Threat Level:
5/10
Description:It's possible to destroy ini-file content.
Affected:PHP : PHP 5.2
CVE:CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.)
Original documentdocumentMaksymilian Arciemowicz, SecurityReason : PHP 5.2.6 dba_replace() destroying file (01.12.2008)

jailer symbolic links vulnerability
Published:01.12.2008
Source:
SecurityVulns ID:9470
Type:remote
Threat Level:
5/10
Description:updatejail insecure temporary files creation.
Affected:JAILER : jailer 0.4
CVE:CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.)
Original documentdocumentMoritz Muehlenhoff, [SECURITY] [DSA 1674-1] New jailer packages fix denial of service (01.12.2008)

VLC media player integer overflow
Published:01.12.2008
Source:
SecurityVulns ID:9471
Type:client
Threat Level:
6/10
Description:Integer overflow on RealMedia (.rm) files parsing leads to heap buffer overflow.
Affected:VIDEOLAN : VLC media player 0.9
CVE:CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.)
Original documentdocumenttk_(at)_trapkit.de, [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability (01.12.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod