Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Security Essentials outdated libraries
Published:03.06.2013
Source:
SecurityVulns ID:13093
Type:local
Threat Level:
5/10
Description:Outdated runtime libraries with known vulnerabilities are installed in Windows XP / 2003
Affected:MICROSOFT : Microsoft Security Essentials 4.2
Original documentdocumentStefan Kanthak, Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products) (03.06.2013)

MIT Kerberos 5 DoS
Published:03.06.2013
Source:
SecurityVulns ID:13094
Type:remote
Threat Level:
5/10
Description:Server sends response to response, it makes it possible to loop packets between two servers.
Affected:MIT : krb5 1.11
CVE:CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2701-1] krb5 security update (03.06.2013)

DS3 Authentication Server multiple security vulnerabilities
Published:03.06.2013
Source:
SecurityVulns ID:13096
Type:remote
Threat Level:
5/10
Description:Multiple web interface security vulnerabilities.
Original documentdocumentPedro Andujar, DS3 Authentication Server - Multiple Issues (03.06.2013)

Imperva SecureSphere Operations Manager multiple security vulnerabilities
Published:03.06.2013
Source:
SecurityVulns ID:13097
Type:remote
Threat Level:
5/10
Description:Multiple web interface vulnerabilities.
Affected:IMPERVA : SecureSphere Operations Manager 9.0
Original documentdocumentPedro Andujar, Imperva SecureSphere Operations Manager version 9.0.0.5 - Multiple issues (03.06.2013)

Sketchup multiple security vulnerabilities
Published:03.06.2013
Source:
SecurityVulns ID:13098
Type:local
Threat Level:
3/10
Description:Vulnerabilities on SKP, BMP, PICT parsing.
Affected:SKETCHUP : SketchUp 8.0
CVE:CVE-2013-3664 (Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.)
 CVE-2013-3663 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.)
 CVE-2013-3662 (Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.)
Original documentdocumentFelipe Manzano, CVE-2013-3662 - Sketchup MAC Pict Material Palette Stack Corruption (03.06.2013)
 documentFelipe Manzano, CVE-2013-3663 - SketchUp BMP RLE8 Heap Overflow (03.06.2013)
 documentFelipe Manzano, CVE-2013-3664 - Sketchup Multiple Vulnerabilities (03.06.2013)

Netgear DGN devices security vulnerabilities
Published:03.06.2013
Source:
SecurityVulns ID:13099
Type:remote
Threat Level:
6/10
Description:Authentication bypass, code execution.
Affected:NETGEAR : Netgear DGN1000
 NETGEAR : Netgear DGN2200
Original documentdocumentRoberto Paleari, Unauthenticated command execution on Netgear DGN devices (03.06.2013)

gnutls DoS
Published:03.06.2013
Source:
SecurityVulns ID:13101
Type:library
Threat Level:
6/10
Description:Out-of-bounds read on packet decoding.
Affected:GNU : gnutls 2.12
 GNU : gnutls 2.4
CVE:CVE-2013-2116 (The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:171 ] gnutls (03.06.2013)

Wireshark multiple security vulnerabilities
updated since 03.06.2013
Published:17.06.2013
Source:
SecurityVulns ID:13095
Type:remote
Threat Level:
5/10
Description:Vulnerabilities in GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC, CAPWAP, HTTP, DCP ETSI and Websocket dissectors.
Affected:WIRESHARK : Wireshark 1.8
CVE:CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-4081 (The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.)
 CVE-2013-4074 (The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-3560 (The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-3559 (epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.)
 CVE-2013-3558 (The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-3557 (The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:172 ] wireshark (17.06.2013)
 documentDEBIAN, [SECURITY] [DSA 2700-1] wireshark security update (03.06.2013)

Linux kernel security vulnerabilities
updated since 03.06.2013
Published:15.07.2013
Source:
SecurityVulns ID:13100
Type:remote
Threat Level:
8/10
Description:iSCSI memory corruption, multiple information leaks, DoS, Broadcom B43 driver privilege escalation.
Affected:LINUX : kernel 3.8
CVE:CVE-2013-4127 (Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.)
 CVE-2013-4125 (The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.)
 CVE-2013-3235 (net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3234 (The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3233 (The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3232 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3231 (The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3230 (The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3229 (The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3228 (The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3227 (The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3225 (The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3224 (The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3223 (The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3222 (The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.)
 CVE-2013-2852 (Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.)
 CVE-2013-2851 (Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.)
 CVE-2013-2850 (Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.)
 CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.)
 CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.)
 CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.)
 CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.)
 CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.)
 CVE-2013-2148 (The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.)
 CVE-2013-2147 (The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.)
 CVE-2013-2146 (arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit.)
 CVE-2013-2141 (The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.)
 CVE-2013-2094 (The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.)
 CVE-2013-1774 (The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.)
 CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.)
 CVE-2013-0231 (The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.)
 CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.)
 CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.)
Original documentdocumentchanam.park_(at)_hkpco.kr, (CVE-2013-1059) Linux Kernel libceph Null Pointer Dereference Vulnerability (15.07.2013)
 documentMANDRIVA, [ MDVSA-2013:194 ] kernel (15.07.2013)
 documentUBUNTU, [USN-1878-1] Linux kernel vulnerabilities (17.06.2013)
 documentUBUNTU, [USN-1844-1] Linux kernel vulnerability (03.06.2013)
 documentUBUNTU, [USN-1849-1] Linux kernel (Raring HWE) vulnerability (03.06.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod