Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Published:02.01.2012
Source:
SecurityVulns ID:12122
Type:remote
Threat Level:
8/10
Description:Memory corruptions, protection bypass, integer overflows, DoS conditions.
Affected:MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.1
 MOZILLA : Firefox 8.0
 MOZILLA : Thunderbird 8.0
 MOZILLA : SeaMonkey 2.5
CVE:CVE-2011-3666 (Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X.)
 CVE-2011-3665 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.)
 CVE-2011-3664 (Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site.)
 CVE-2011-3663 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.)
 CVE-2011-3661 (YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.)
 CVE-2011-3660 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.)
 CVE-2011-3658 (The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.)
Files:Mozilla Foundation Security Advisory 2011-59
 Mozilla Foundation Security Advisory 2011-57
 Mozilla Foundation Security Advisory 2011-58
 Mozilla Foundation Security Advisory 2011-57
 Mozilla Foundation Security Advisory 2011-56
 Mozilla Foundation Security Advisory 2011-55
 Mozilla Foundation Security Advisory 2011-54
 Mozilla Foundation Security Advisory 2011-53

ICU library memory corruption
Published:02.01.2012
Source:
SecurityVulns ID:12123
Type:library
Threat Level:
6/10
Description:Memory corruption on locale processing.
Affected:ICU : icu 4.4
CVE:CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:194 ] icu (02.01.2012)

squid proxy server buffer overflow
Published:02.01.2012
Source:
SecurityVulns ID:12124
Type:remote
Threat Level:
5/10
Description:Crash on DNS response parsing.
Affected:SQUID : squid 3.1
CVE:CVE-2011-4096 (The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:193 ] squid (02.01.2012)

FreeBSD multiple security vulnerabilities
Published:02.01.2012
Source:
SecurityVulns ID:12125
Type:remote
Threat Level:
7/10
Description:Invalid nsdispatch() implementation for chroot'ed environment, multiple PAM vulnerabilities.
Affected:FREEBSD : FreeBSD 7.3
 FREEBSD : FreeBSD 8.1
 FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 8.2
 FREEBSD : FreeBSD 9.0
CVE:CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-11:09.pam_ssh (02.01.2012)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-11:10.pam (02.01.2012)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-11:07.chroot (02.01.2012)

lighthttpd security vulnerabilities
updated since 26.12.2011
Published:02.01.2012
Source:
SecurityVulns ID:12116
Type:remote
Threat Level:
4/10
Description:DoS on base64 parsing.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2011-4362 (Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Original documentdocumentpi3_(at)_itsec.pl, Lighttpd Proof of Concept code for CVE-2011-4362 (02.01.2012)
 documentDEBIAN, [SECURITY] [DSA 2368-1] lighttpd security update (26.12.2011)
Files:Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability

Microsoft .Net multiple security vulnerabilities
updated since 02.01.2012
Published:26.03.2012
Source:
SecurityVulns ID:12121
Type:library
Threat Level:
9/10
Description:DoS, multiple vulnerabilities in forms authentication.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-3417 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability.")
 CVE-2011-3416 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability.")
 CVE-2011-3415 (Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability.")
 CVE-2011-3414 (The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability.")
Original documentdocumentIrene Abezgauz, Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter) (26.03.2012)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416 (02.01.2012)
Files:Microsoft Security Bulletin MS11-100 - Critical Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod