Computer Security
[EN] securityvulns.ru no-pyccku


PHP multiple security vulnerabilities
Published:01.12.2009
Source:
SecurityVulns ID:10430
Type:library
Threat Level:
6/10
Description:Multiple buffer overflows, memory corruptions and DoS conditions.
Affected:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2009-4025 (Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information.)
Original documentdocumentGENTOO, [ GLSA 200911-06 ] PEAR Net_Traceroute: Command injection (01.12.2009)
 documentAndrea Barisani, [oCERT-2009-017] PHP multiple issues (01.12.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:01.12.2009
Source:
SecurityVulns ID:10432
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CACTI : cacti 0.8
 XXASP : Xxasp 3.2
Original documentdocumentc0dy_(at)_r00tDefaced.net, Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities (01.12.2009)
 documentfaghani_(at)_nsec.ir, Eshopbuilde CMS SQL Injection Vulnerability (01.12.2009)
 documentsecu_lab_ir_(at)_yahoo.com, Xxasp v3.3.2 Sql injection (01.12.2009)
 documentMoritz Naumann, Cacti 0.8.7e: Multiple security issues (01.12.2009)

Eureka Mail buffer overflow
updated since 26.10.2009
Published:01.12.2009
Source:
SecurityVulns ID:10349
Type:client
Threat Level:
5/10
Description:Buffer overflow on POP3 / SMTP server response parsing.
Affected:EUREKAEMAIL : Eureka Email 2.2
Original documentdocumentk4mr4n_St_(at)_yahoo.com, Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition (01.12.2009)
 documentProtek Research Lab, {PRL} Eureka Mail client BoF (26.10.2009)
Files:Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition

Dovecot weak permissions
Published:01.12.2009
Source:
SecurityVulns ID:10433
Type:local
Threat Level:
5/10
Description:Weak permissions during installation.
Affected:DOVECOT : Dovecot 1.2
CVE:CVE-2009-3897 (Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:306 ] dovecot (01.12.2009)

Asterisk RTP DoS
Published:01.12.2009
Source:
SecurityVulns ID:10434
Type:remote
Threat Level:
5/10
Description:Crash on RTP comfort noise payload processing.
Affected:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
CVE:CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.)
Original documentdocumentASTERISK, AST-2009-010: RTP Remote Crash Vulnerability (01.12.2009)

FreeBSD privilege escalation
updated since 01.12.2009
Published:04.12.2009
Source:
SecurityVulns ID:10429
Type:local
Threat Level:
7/10
Description:It's possible to bypass environment variables filtering on suid program execution.
Affected:FREEBSD : FreeBSD 7.1
 FREEBSD : FreeBSD 7.2
 FREEBSD : FreeBSD 8.0
CVE:CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.)
 CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:16.rtld (04.12.2009)
 documentKingcope Kingcope, ** FreeBSD local r00t zeroday (01.12.2009)
Files:FreeBSD local r00t zeroday exploit

bind DNS server cache poisoning
updated since 01.12.2009
Published:17.03.2010
Source:
SecurityVulns ID:10431
Type:remote
Threat Level:
5/10
Description:It's possible to inject cache record during DNSSEC request processing.
Affected:BIND : bind 9.4
 BIND : bind 9.5
 ISC : bind 9.6
 ISC : bind 9.7
CVE:CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.)
 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.)
 CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.)
Original documentdocumentRPATH, rPSA-2010-0018-1 bind bind-utils caching-nameserver (17.03.2010)
 documentMANDRIVA, [ MDVSA-2010:021 ] bind (21.01.2010)
 documentMANDRIVA, [ MDVSA-2009:304 ] bind (01.12.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod