Computer Security
[EN] securityvulns.ru no-pyccku


polkit authorization bypass in multiple application
updated since 02.10.2013
Published:03.10.2013
Source:
SecurityVulns ID:13316
Type:local
Threat Level:
4/10
Description:Invalid Policy Kit authorization usage.
Affected:UBUNTU : usb-creator 0.2
 UBUNTU : ubuntu-system-service 0.2
CVE:CVE-2013-4327 (systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-4326 (RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.)
 CVE-2013-1066 (language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1065 (backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1064 (apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1063 (usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1062 (ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
 CVE-2013-1061 (dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.)
Original documentdocumentUBUNTU, [USN-1962-1] ubuntu-system-service vulnerability (03.10.2013)
 documentUBUNTU, [USN-1963-1] usb-creator vulnerability (02.10.2013)

Security Guard CMS QT buffer overflow
Published:03.10.2013
Source:
SecurityVulns ID:13317
Type:remote
Threat Level:
5/10
Description:Buffer overflow on client request processing.
Affected:SECURITYGUARD : Security Guard CMS QT 4.7
Original documentdocumentVulnerability Lab, Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability (03.10.2013)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 03.10.2013
Published:03.10.2013
Source:
SecurityVulns ID:13318
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 3.0
 WIKKA : WikkaWiki 1.3
 SILVERSTRIPE : SilverStripe CMS 3.0
 EPROLOG : elproLOG MONITOR WebAccess 2.1
 SEMPERFIWEBDESIG : All in One SEO Pack 2.0
 VTIGER : vtiger CRM 5.4
 EXPRESSIONENGINE : ExpressionEngine 2.6
 MEDIAWIKI : mediawiki 1.20
 MOODLE : Moodle 2.5
 OWASP : ESAPI 2.0
 WORDPRESS : Design-approval-system 3.6
 WORDPRESS : Event Easy Calendar 1.0
CVE:CVE-2013-5679 (The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.)
 CVE-2013-5586 (Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.)
 CVE-2013-5091 (SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.)
 CVE-2013-4303
 CVE-2013-4302 ((1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php.)
 CVE-2013-4301 (includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.)
Original documentdocumentroguecoder_(at)_hush.com, Event Easy Calendar 1.0.0 WP plugin (03.10.2013)
 documentDEBIAN, [SECURITY] [DSA 2752-1] phpbb3 security update (03.10.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in WikkaWiki (03.10.2013)
 documentAlexandro Silva, [iBliss Security Advisory] Cross-Site Scripting (XSS) vulnerability in Design-approval-system wordpress plugin (03.10.2013)
 documentKevin W. Wall, OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption (03.10.2013)
 documentEmilio Pinna, Moodle 2.5.0-1 (badges/external.php) PHP Object Injection Vulnerability (03.10.2013)
 documentMANDRIVA, [ MDVSA-2013:235 ] mediawiki (03.10.2013)
 documentRichard Clifford, ExpressionEngine 2.6 Persistent XSS (03.10.2013)
 documentHigh-Tech Bridge Security Research, SQL Injection in vtiger CRM (03.10.2013)
 documentVulnerability Lab, SilverStripe Framework CMS 3.0.5 - Multiple Web Vulnerabilities (03.10.2013)
 documentVulnerability Lab, elproLOG MONITOR WebAccess 2.1 - Multiple Web Vulnerabilities (03.10.2013)
 documentVulnerability Lab, WebAssist PowerCMS PHP - Multiple Web Vulnerabilities (03.10.2013)

Citrix NetScaler DoS
Published:03.10.2013
Source:
SecurityVulns ID:13319
Type:remote
Threat Level:
5/10
Description:Crash on request processing in nsconfigd TCP/3008, TCP/3010.
Affected:NETSCALER : NetScaler 10.0
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler (03.10.2013)

Apple Face-Time protection bypass
Published:03.10.2013
Source:
SecurityVulns ID:13320
Type:local
Threat Level:
4/10
Description:It's possible to access images.
Affected:APPLE : Face-Time 1.0
Original documentdocumentVulnerability Lab, Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability (03.10.2013)

Apple iTunes memory corruption
Published:03.10.2013
Source:
SecurityVulns ID:13321
Type:client
Threat Level:
7/10
Description:ActiveX control memory corruption.
Affected:APPLE : iTunes 11.0
CVE:CVE-2013-1035 (The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.)
Original documentdocumentAPPLE, APPLE-SA-2013-09-18-1 iTunes 11.1 (03.10.2013)

Cisco Prime Data Center / Prime Central security vulnerabilities
Published:03.10.2013
Source:
SecurityVulns ID:13322
Type:remote
Threat Level:
6/10
Description:Information disclosure, code execution, DoS conditions.
Affected:CISCO : Prime Central for HCS Assurance 9.1
 CISCO : Prime Central for HCS Assurance 1.1
CVE:CVE-2013-5490 (Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.)
 CVE-2013-5487 (DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.)
 CVE-2013-5486 (Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.)
 CVE-2013-3473 (The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600.)
 CVE-2013-3390 (Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets, aka Bug ID CSCub59158.)
 CVE-2013-3389 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port (1) 61615 or (2) 61616, aka Bug ID CSCtz90114.)
 CVE-2013-3388 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776.)
 CVE-2013-3387 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (disk consumption) via a flood of TCP packets to port 5400, leading to large error-log files, aka Bug ID CSCua42724.)
Files:Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
 Cisco Prime Central for Hosted Collaboration Solution Assurance Unauthenticated Username and Password Enumeration Vulnerability
 Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities

Chrony security vulnerabilities
Published:03.10.2013
Source:
SecurityVulns ID:13323
Type:client
Threat Level:
5/10
Description:Buffer overflow and uninitializaed pointer dereference on server reply parsing.
Affected:CHRONY : chrony 1.24
CVE:CVE-2012-4503 (cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.)
 CVE-2012-4502 (Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2760-1] chrony security update (03.10.2013)

VMWare Zimbra Collaboration Suite replay attack
Published:03.10.2013
Source:
SecurityVulns ID:13325
Type:m-i-t-m
Threat Level:
5/10
Description:It's possible to bypass authentication by replaying captured session.
Affected:VMWARE : Zimbra Collaboration Suite 6.0
CVE:CVE-2013-5119 (Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.)
Original documentdocumentbrianwarehime_(at)_gmail.com, Zimbra Collaboration Suite (ZCS) Session Replay Vulnerability (03.10.2013)

Apple Safari security vulnerabilities
Published:03.10.2013
Source:
SecurityVulns ID:13326
Type:client
Threat Level:
8/10
Description:Memory corruptions.
Affected:APPLE : Safari 5.1
CVE:CVE-2013-0997 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.)
Original documentdocumentAPPLE, APPLE-SA-2013-09-12-2 Safari 5.1.10 (03.10.2013)

lightdm weak permissions
Published:03.10.2013
Source:
SecurityVulns ID:13328
Type:local
Threat Level:
5/10
Description:.Xauthority files weak permissions.
Affected:LIGHTDM : lightdm 1.6
CVE:CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.)
Original documentdocumentUBUNTU, [USN-1950-1] Light Display Manager vulnerability (03.10.2013)

Gnome gdm symbolic links vulnerability
Published:03.10.2013
Source:
SecurityVulns ID:13329
Type:local
Threat Level:
5/10
Description:Insecure temporary files creation.
Affected:GNOME : gdm 2.21
CVE:CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:230 ] gdm (03.10.2013)

GSTOOL weak PRNG generator
Published:03.10.2013
Source:
SecurityVulns ID:13330
Type:library
Threat Level:
5/10
Description:Weak PRNG generator in CHIASMUS implementation.
Affected:GSTOOL : gstool 4.7
Original documentdocumentJan Schejbal, Insecure CHIASMUS encryption in GSTOOL (03.10.2013)

Microsoft Sharepoint Server multiple security vulnerabilities
updated since 11.09.2013
Published:03.10.2013
Source:
SecurityVulns ID:13278
Type:remote
Threat Level:
8/10
Description:DoS, crossite scripting, memory corruptions, code execution.
Affected:MICROSOFT : SharePoint Server 2007
 MICROSOFT : SharePoint Server 2010
 MICROSOFT : SharePoint Server 2013
 MICROSOFT : SharePoint Portal Server 2003
 MICROSOFT : SharePoint Portal Server 2007
 MICROSOFT : SharePoint Portal Server 2010
 MICROSOFT : SharePoint Portal Server 2013
CVE:CVE-2013-3858 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.)
 CVE-2013-3857 (Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability.")
 CVE-2013-3849 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.)
 CVE-2013-3848 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.)
 CVE-2013-3847 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.)
 CVE-2013-3180 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability.")
 CVE-2013-3179 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability.")
 CVE-2013-1330 (The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability.")
 CVE-2013-1315 (Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.")
 CVE-2013-0081 (Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability.")
Original documentdocumentVulnerability Lab, Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Web Vulnerability (03.10.2013)
Files:Microsoft Security Bulletin MS13-067 - Critical Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)

Apple Mac OS X multiple security vulnerabilities
updated since 03.10.2013
Published:05.10.2013
Source:
SecurityVulns ID:13327
Type:library
Threat Level:
8/10
Description:Different vulnerabilities in multiple sustem components.
Affected:APPLE : MacOS X 10.8
CVE:CVE-2013-5163 (Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.)
 CVE-2013-1033 (Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.)
 CVE-2013-1032 (QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.)
 CVE-2013-1031 (Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.)
 CVE-2013-1030 (mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.)
 CVE-2013-1029 (The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.)
 CVE-2013-1028 (The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.)
 CVE-2013-1027 (Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.)
 CVE-2013-1026 (Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.)
 CVE-2013-1025 (Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.)
Original documentdocumentAPPLE, APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update (05.10.2013)
 documentAPPLE, APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 (03.10.2013)

glibc security vulnerabilities
updated since 03.10.2013
Published:01.12.2013
Source:
SecurityVulns ID:13324
Type:library
Threat Level:
7/10
Description:Integer overflows in pvalloc, valloc, posix_memalign/memalign/aligned_alloc, invalid PTR_MANGLE implementation, getaddrinfo() stack overflow, strcoll_l.c integer overflow and buffer overflow.
Affected:GNU : glibc 2.15
 GNU : glibc 2.5
 GNU : glibc 2.18
CVE:CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.)
 CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.)
 CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.)
 CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.)
 CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:284 ] glibc (01.12.2013)
 documentgeinblues_(at)_gmail.com, glibc 2.5 <= reloc types to crash bug (28.10.2013)
 documentSLACKWARE, [slackware-security] glibc (SSA:2013-260-01) (03.10.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod