Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows multiple security vulnerabilities
updated since 14.02.2013
Published:02.03.2013
Source:
SecurityVulns ID:12882
Type:library
Threat Level:
8/10
Description:Quartz.dll memory corruption, .Net privilege escalation, multiple kernel race conditions, CSRSS privilege escalation, TCP/IP DoS.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-1313 (Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability.")
 CVE-2013-1280 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability.")
 CVE-2013-1279 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.)
 CVE-2013-1278 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.)
 CVE-2013-1267 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-1266 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-1265 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-1264 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-1263 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-1262 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-1261 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-1260 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-1259 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-1258 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.)
 CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability.")
 CVE-2013-0076 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability.")
 CVE-2013-0075 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability.")
 CVE-2013-0073 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability (02.03.2013)
Files:Microsoft Security Bulletin MS13-011 - Critical Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
 Microsoft Security Bulletin MS13-015 - Important Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
 Microsoft Security Bulletin MS13-016 - Important Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
 Microsoft Security Bulletin MS13-017 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
 Microsoft Security Bulletin MS13-018 - Important Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
 Microsoft Security Bulletin MS13-019 - Important Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege
 Microsoft Security Bulletin MS13-020 - Critical Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)

OpenSSL / PolarSSL / GnuTLS security vulnerabilities
updated since 14.02.2013
Published:02.03.2013
Source:
SecurityVulns ID:12887
Type:library
Threat Level:
6/10
Description:Timing attacks, DoS.
Affected:OPENSSL : OpenSSL 1.0
 POLARSSL : PolarSSL 1.2
 GNU : gnutls 2.12
CVE:CVE-2013-1622 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is not a security issue. Further investigation showed that, because of RFC noncompliance, no version or configuration of the product had the vulnerability previously associated with this ID. Notes: none.)
 CVE-2013-1621 (Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.)
 CVE-2013-1619 (The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.)
 CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.)
 CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.)
Original documentdocumentUBUNTU, [USN-1752-1] GnuTLS vulnerability (02.03.2013)
 documentDEBIAN, [SECURITY] [DSA 2622-1] polarssl security update (14.02.2013)

Linux kernel security vulnerabilities
updated since 14.02.2013
Published:02.03.2013
Source:
SecurityVulns ID:12888
Type:local
Threat Level:
5/10
Description:Privilege escalation, information leak.
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.4
CVE:CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.)
 CVE-2013-0871 (Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.)
 CVE-2013-0231 (The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.)
 CVE-2013-0190 (The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.)
 CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.)
 CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.)
Original documentdocumentUBUNTU, [USN-1750-1] Linux kernel vulnerabilities (02.03.2013)
 documentUBUNTU, [USN-1739-1] Linux kernel vulnerability (24.02.2013)
 documentUBUNTU, [USN-1720-1] Linux kernel vulnerabilities (14.02.2013)

cfingerd buffer overflow
Published:02.03.2013
Source:
SecurityVulns ID:12911
Type:remote
Threat Level:
6/10
Description:Buffer overflow on request parsing.
Affected:CFINGERD : cfingerd 1.4
CVE:CVE-2013-1049 (Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2635-1] cfingerd security update (02.03.2013)

RSA Authentication Agent protection bypass
Published:02.03.2013
Source:
SecurityVulns ID:12912
Type:local
Threat Level:
4/10
Description:In some cases only PIN is requested insted of full authentication sequence.
Affected:EMC : RSA Authentication Agent 7.1
CVE:CVE-2013-0931 (EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration.)
Original documentdocumentEMC, ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability (02.03.2013)

PHP securiy vulnerabilities
Published:02.03.2013
Source:
SecurityVulns ID:12914
Type:remote
Threat Level:
5/10
Description:safe_dir protection bypass and code execution on SOAP handling.
Affected:PHP : PHP 5.3
CVE:CVE-2013-1643 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.)
 CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:016 ] php (02.03.2013)

dbus-glib privilege escalation
Published:02.03.2013
Source:
SecurityVulns ID:12915
Type:local
Threat Level:
5/10
Description:NameOwnerChanged signale processing privilege escalation
Affected:DBUS : dbus-glib 0.100
CVE:CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.)
Original documentdocumentUBUNTU, [USN-1753-1] DBus-GLib vulnerability (02.03.2013)

Apache security vulnerabilities
Published:02.03.2013
Source:
SecurityVulns ID:12917
Type:remote
Threat Level:
6/10
Description:mod_info, mod_status, mod_imagemap, mod_ldap, mod_proxy_ftp, mod_proxy_balancer crossite scripting
Affected:APACHE : Apache 2.2
 APACHE : Apache 2.4
CVE:CVE-2012-4558 (Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.)
 CVE-2012-3499 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:015 ] apache (02.03.2013)

Transmission memory corruption
Published:02.03.2013
Source:
SecurityVulns ID:12918
Type:remote
Threat Level:
5/10
Description:micro transport packets parsing memory corruption
Affected:TRANSMISSION : Transmission 2.61
CVE:CVE-2012-6129 (Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets.")
Original documentdocumentUBUNTU, [USN-1747-1] Transmission vulnerability (02.03.2013)

War FTP Daemon memory corruption
Published:02.03.2013
Source:
SecurityVulns ID:12919
Type:remote
Threat Level:
5/10
Description:Memory corruption on logging.
Affected:WARFTPD : War FTP Daemon 1.82
Original documentdocumentJarle Aase, Denial of Service vulnerability in War FTP Daemon 1.82 (02.03.2013)

openjpeg library security vulnerabilities
updated since 16.07.2012
Published:02.03.2013
Source:
SecurityVulns ID:12476
Type:library
Threat Level:
6/10
Description:Vulnerabilities on JPEG encoding and decoding.
Affected:OPENJPEG : OpenJPEG 1.3
CVE:CVE-2012-3535 (Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file.)
 CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file.)
 CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an "invalid free.")
Original documentdocumentMANDRIVA, [ MDVSA-2012:104 ] openjpeg (16.07.2012)

sudo protection bypass
updated since 02.03.2013
Published:10.03.2013
Source:
SecurityVulns ID:12913
Type:local
Threat Level:
5/10
Description:It's possible to bypass password request by manipulating timestamps. Session id hijacking is possible under some conditions.
Affected:SUDO : sudo 1.8
CVE:CVE-2013-1776 (sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.)
 CVE-2013-1775 (sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.)
Original documentdocumentUBUNTU, [USN-1754-1] Sudo vulnerability (02.03.2013)

D-Link DIR-645 unauthroized access
updated since 02.03.2013
Published:12.08.2013
Source:
SecurityVulns ID:12916
Type:remote
Threat Level:
5/10
Description:It's possible to obtain administration password without authentication, crossite scripting, buffer overflow.
Affected:DLINK : D-Link DIR-645
Original documentdocumentRoberto Paleari, Multiple vulnerabilities on D-Link DIR-645 devices (12.08.2013)
 documentRoberto Paleari, Unauthenticated remote access to D-Link DIR-645 devices (02.03.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod