Computer Security
[EN] securityvulns.ru no-pyccku


Wireshark multiple security vulnerabilities
Published:04.01.2008
Source:
SecurityVulns ID:8520
Type:remote
Threat Level:
5/10
Description:Infinite loop in RPC dissector, memory exhaustion in CIP dissector.
Affected:WIRESHARK : wireshark 0.99
CVE:CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.)
 CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.)

Dovecot password caching vulnerability
Published:04.01.2008
Source:
SecurityVulns ID:8521
Type:local
Threat Level:
2/10
Description:Under some conditions user can be logged with different account with same password.
CVE:CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.)
Original documentdocument , (unnamed)(04.01.2008)

tcpreen buffer overflows
Published:04.01.2008
Source:
SecurityVulns ID:8522
Type:remote
Threat Level:
5/10
Description:FD_SET buffer overflow on large number of incvoming connections.
CVE:CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.)

PHP multiple security vulnerabilities
Published:04.01.2008
Source:
SecurityVulns ID:8523
Type:library
Threat Level:
7/10
Description:DoS conditions, internal state modification, code execution, integer overflows, information leaks.
CVE:CVE-2007-5899
 CVE-2007-5898
 CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.)
 CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.)
 CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.)
 CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.)
 CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.)
 CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.)
 CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.)

MaraDNS DNS server DoS
Published:04.01.2008
Source:
SecurityVulns ID:8524
Type:remote
Threat Level:
5/10
Description:CNAME record fails to resolve on malformed packet.
Affected:MARADNS : MaraDNS 1.0
 MARADNS : MaraDNS 1.2
 MARADNS : MaraDNS 1.3
CVE:CVE-2008-0061 (MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records.")

FortiGuard URL filtering protection bypass
Published:04.01.2008
Source:
SecurityVulns ID:8525
Type:remote
Threat Level:
3/10
Description:It's possible to bypass filtering by removing Host:header from HTTP request of by fragmenting request.
Affected:FORTIGATE : Fortigate 1000
Original documentdocumentDanux, FortiGuard: URL Filtering Application Bypass Vulnerability (04.01.2008)

YaSSL library / MySQL multiple security vulnerabilities
Published:04.01.2008
Source:
SecurityVulns ID:8526
Type:library
Threat Level:
7/10
Description:Buffer overflows in ProcessOldClientHello and operator>>, memory exhaustion in HASHwithTransform::Update.
Affected:MYSQL : MySQL 6.0
 YASSL : yaSSL 1.7
Original documentdocumentLuigi Auriemma, Pre-auth buffer-overflow in mySQL through yaSSL (04.01.2008)
 documentLuigi Auriemma, Multiple vulnerabilities in yaSSL 1.7.5 (04.01.2008)
Files:Exploits yaSSL <= 1.7.5 multiple vulnerabilities
 Exploits mySQL <= 6.0.3 (yaSSL <= 1.7.5) pre-auth buffer-overflow

Foxit Remote Access Server telnet server DoS
Published:04.01.2008
Source:
SecurityVulns ID:8527
Type:remote
Threat Level:
5/10
Description:Crash on oversized option.
Affected:FOXIT : Remote Access Server 2.1
Original documentdocumentLuigi Auriemma, Foxit WAC Server <= 2.1.0.910 crash (04.01.2008)
Files:Exploits Foxit WAC Server <= 2.1.0.910 crash

Pragma FortressSSH SSH server DoS
Published:04.01.2008
Source:
SecurityVulns ID:8528
Type:remote
Threat Level:
5/10
Description:Multiple user-reachable assert()'s.
Affected:PRAGMA : FortressSSH 5.0
Original documentdocumentLuigi Auriemma, Denial of Service in Pragma FortressSSH 5.0.4.293 (04.01.2008)
Files:Exploits Pragma FortressSSH <= 5.0.4.293 Denial of Service

Pragma TelnetServer DoS
Published:04.01.2008
Source:
SecurityVulns ID:8529
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on TELOPT PRAGMA LOGON telnet option.
Affected:PRAGMA : Pragma TelnetServer 7.0
Original documentdocumentLuigi Auriemma, Denial of Service in Pragma TelnetServer 7.0.4.589 (04.01.2008)
Files:Exploits Pragma TelnetServer <= 7.0.4.589 Denial of Service

Seattle Lab telnet Server DoS
Published:04.01.2008
Source:
SecurityVulns ID:8530
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on telnet options parsing.
Affected:SEATTLELAB : Seattle Lab Telnet Server 4.1
Original documentdocumentLuigi Auriemma, Exception message in Seattle Lab Telnet Server 4.1.1.3758 (04.01.2008)
Files:Exploits Seattle Lab Telnet Server <= 4.1.1.3758 exception message

VanDyke VShell DoS
Published:04.01.2008
Source:
SecurityVulns ID:8531
Type:remote
Threat Level:
5/10
Description:DoS on keys exchange.
Affected:VANDYKE : VShell 3.0
Original documentdocumentLuigi Auriemma, Exception message in VanDyke VShell 3.0.3.569 (04.01.2008)
 documentLuigi Auriemma, Exception message in VanDyke VShell 3.0.3.569 (04.01.2008)
Files:vshellmsg.zip

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod