Computer Security
[EN] securityvulns.ru no-pyccku


libsndfile / WinAmp integer overflow
Published:04.03.2009
Source:
SecurityVulns ID:9708
Type:library
Threat Level:
5/10
Description:Integer overflow on .CAF format parsing.
Affected:LIBSNDFILE : libsndfile1.0
 WINAMP : Winamp 5.54
 WINAMP : Winamp 5.55
CVE:CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.)
Original documentdocumentSECUNIA, Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability (04.03.2009)

curl protection bypass
Published:04.03.2009
Source:
SecurityVulns ID:9710
Type:client
Threat Level:
4/10
Description:Access restrictons can be bypassed with redirections.
Affected:CURL : curl 7.15
 CURL : libcurl 7.15
CVE:CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.)
Original documentdocumentUBUNTU, [USN-726-1] curl vulnerability (04.03.2009)

Gnome network-manager-applet unauthorized access
updated since 04.03.2009
Published:17.01.2010
Source:
SecurityVulns ID:9709
Type:m-i-t-m
Threat Level:
5/10
Description:Unauthorized access to network connections through dbus, WPA certificate spoofing.
Affected:GNOME : network-manager-applet 0.6
CVE:CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.)
 CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.)
 CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors.)
 CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors.)
 CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2) NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not properly verify privileges, which allows local users to discover (a) network connection passwords and (b) pre-shared keys via unspecified queries.)
 CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2) NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not properly verify privileges, which allows local users to discover (a) network connection passwords and (b) pre-shared keys via unspecified queries.)
Original documentdocumentUBUNTU, [USN-727-2] NetworkManager vulnerability (04.03.2009)
 documentMarc Deslauriers, [USN-727-1] network-manager-applet vulnerabilities (04.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod