Computer Security
[EN] securityvulns.ru no-pyccku


OpenSwan / StrongSwan multiple security vulnerabilities
Published:03.10.2009
Source:
SecurityVulns ID:10280
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities in IKE implementation.
Affected:OPENSWAN : Openswan 2.4
 OPENSWAN : Openswan 2.6
 STRONGSWAN : Strongswan 4.2
 STRONGSWAN : Strongswan 2.8
 STRONGSWAN : Strongswan 4.3
CVE:CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.)
 CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.)
 CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.)
 CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1899-1] New strongswan packages fix denial of service (03.10.2009)

VMWare Fusion multiple security vulnerabilities
Published:03.10.2009
Source:
SecurityVulns ID:10283
Type:local
Threat Level:
5/10
Description:DoS and integer overflow on IOCTL processing.
Affected:VMWARE : VMware Fusion 2.0
CVE:CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.)
 CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.)
Original documentdocumentmu-b, Re: VMSA-2009-0013 VMware Fusion resolves two security issues (03.10.2009)
 documentVMWARE, VMSA-2009-0013 VMware Fusion resolves two security issues (03.10.2009)
Files:VMware Fusion <= 2.0.5 vmx86 kext local denial of service POC
 VMware Fusion <= 2.0.5 vmx86 kext local kernel root exploit

AOL ActiveX buffer overflow
Published:03.10.2009
Source:
SecurityVulns ID:10284
Type:client
Threat Level:
7/10
Description:Buffer overflow in Sb.SuperBuddy.1 control.
Affected:AOL : AOL 9.1
Original documentdocumentrgod, AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit (03.10.2009)
Files:AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit

FreeBSd race conditions (pipe)
updated since 03.10.2009
Published:09.10.2009
Source:
SecurityVulns ID:10281
Type:local
Threat Level:
6/10
Description:Race conditions in pipes close() call allow code execution in kernel context.
Affected:FREEBSD : FreeBSD 6.4
Original documentdocumentPrzemyslaw Frasunek, FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit (09.10.2009)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:13.pipe (03.10.2009)
Files:Exploits FreeBSD <= 6.4 pipeclose()/knlist_cleardel() race condition

FreeBSd race conditions (devfs)
updated since 03.10.2009
Published:09.10.2009
Source:
SecurityVulns ID:10282
Type:local
Threat Level:
6/10
Description:Race conditions between devfs and VFS allow code execution.
Affected:FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD 7.2
Original documentdocumentPrzemyslaw Frasunek, FreeBSD 7.2 VFS/devfs race condition exploit (09.10.2009)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:14.devfs (03.10.2009)
Files: FreeBSD 7.2 devfs kevent() race condition exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod