Computer Security
[EN] securityvulns.ru no-pyccku


RealNetworks RealPlayer multiple security vulnerabilities
updated since 21.01.2010
Published:02.02.2010
Source:
SecurityVulns ID:10548
Type:client
Threat Level:
6/10
Description:Memory corruptions, buffer overflows on different codecs and media formats.
Affected:REAL : RealPlayer 10.0
 REAL : RealPlayer 11.0
CVE:CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.)
 CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.)
 CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.)
 CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.)
 CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.)
 CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow.")
 CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.)
 CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.01.10: RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability (02.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.01.10: Real Networks RealPlayer Compressed GIF Handling Integer Overflow (02.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.01.10: RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability (02.02.2010)
 documentZDI, ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability (21.01.2010)

Oracle (Sun) Solaris DoS
Published:02.02.2010
Source:
SecurityVulns ID:10571
Type:local
Threat Level:
5/10
Description:UCODE_GET_VERSION IOCTL NULL pointer dereference.
Affected:ORACLE : Solaris 10
CVE:CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.)
Original documentdocumenttk_(at)_trapkit.de, [TKADV2010-001] Oracle Solaris UCODE_GET_VERSION IOCTL Kernel NULL Pointer Dereference (02.02.2010)

lighttpd DoS
Published:02.02.2010
Source:
SecurityVulns ID:10573
Type:remote
Threat Level:
6/10
Description:Memory exhaustion on HTTP request reading.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service (02.02.2010)

IBM AIX rpc.cmsd buffer overflow
updated since 09.10.2009
Published:02.02.2010
Source:
SecurityVulns ID:10303
Type:remote
Threat Level:
6/10
Description:Buffer overflow on RPC request parsing.
Affected:IBM : AIX 5.3
 IBM : AIX 6.1
 IBM : VIOS 1.4
 IBM : VIOS 1.5
 IBM : VIOS 2.1
Original documentdocumentRodrigo Rubira Branco (BSDaemon), Remote Vulnerability in AIX RPC.cmsd released by iDefense (02.02.2010)
 documentIDEFENSE, iDefense Security Advisory 10.07.09: IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability (09.10.2009)
Files:RPC.cmsd remote PoC for AIX 6.1 and lower

Qihoo 360 Security Guard privilege escalation
Published:02.02.2010
Source:
SecurityVulns ID:10572
Type:local
Threat Level:
5/10
Description:IOCTL privilege escalation.
Affected:QUIHOO360 : 360 Security Guard 6.1
Original documentdocumentqiqiguaiguai_(at)_gmail.com, 360 Security Guard breg device drivers Privilege Escalation Vulnerabilitie (02.02.2010)
Files:360 Security Guard breg device drivers Privilege Escalation exploit

HP Enterprise Cluster Master Toolkit privilege escalation
Published:02.02.2010
Source:
SecurityVulns ID:10574
Type:local
Threat Level:
5/10
Affected:HP : ECMT 05.00
CVE:CVE-2009-4184 (Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02464 SSRT090210 rev.1 - HP Enterprise Cluster Master Toolkit (ECMT) running on HP-UX, Local (02.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod