Computer Security
[EN] securityvulns.ru no-pyccku


Tivoli Provisioning Manager for OS Deployment multiple security vulnerabilities
updated since 03.04.2007
Published:04.05.2007
Source:
SecurityVulns ID:7526
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities on parsing HTTP POST requests.
Affected:IBM : Tivoli Provisioning Manager for OS Deployment 5.1
CVE:CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.)
Original documentdocumentZDI, TPTI-07-05: IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities (04.05.2007)
 documentIDEFENSE, iDefense Security Advisory 03.31.07: IBM Tivoli Provisioning Manager for OS Deployment Multiple Vulnerabilities (03.04.2007)

Apple QTJava toQTPointer() code execution
Published:04.05.2007
Source:
SecurityVulns ID:7663
Type:remote
Threat Level:
6/10
Description:Unsafe implementation of Java method allows to overwrite memory regions.
CVE:CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.)
Original documentdocumentZDI, ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability (04.05.2007)

Atmoix MP3 buffer overflow
Published:04.05.2007
Source:
SecurityVulns ID:7664
Type:client
Threat Level:
5/10
Description:Buffer overflow on oversized filename.
CVE:CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287.)
Original documentdocumentpreth00nker_(at)_gmail.com, Atomix Mp3 Buffer Overflow (04.05.2007)

Cisco PIX / Adaptive Security Appliance firewalls multipls security vulnerabilities
Published:04.05.2007
Source:
SecurityVulns ID:7665
Type:remote
Threat Level:
6/10
Description:LDAP authentication bypass. VPN connection and LDAP multiple denial of service.
Affected:CISCO : PIX 7.1
 CISCO : ASA 7.1
 CISCO : PIX 7.2
 CISCO : ASA 7.2
CVE:CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions.")
 CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry.)
 CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.)
 CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used.)
Original documentdocumentCISCO, Cisco Security Advisory: LDAP and VPN Vulnerabilities in PIX and ASA Appliances (04.05.2007)

LiveData Protocol Server buffer overflow
Published:04.05.2007
Source:
SecurityVulns ID:7666
Type:remote
Threat Level:
5/10
Description:Heap buffer overflow on oversized WSDL file HTTP request (TCP/8080).
Affected:LIVEDATA : RTI 5.00
 LIVEDATA : Protocol Server 5.00
 LIVEDATA : Maintenance Server 5.00
CVE:CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets.)
 CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 05.02.07: LiveData Protocol Server Heap Overflow Vulnerability (04.05.2007)

HP Tru64 ps information leak
Published:04.05.2007
Source:
SecurityVulns ID:7667
Type:local
Threat Level:
5/10
Affected:HP : Tru64 UNIX 5.1
 HP : Tru64 UNIX 4.0
Original documentdocumentHP, [security bulletin] HPSBTU02179 SSRT061256 rev.1 - HP Tru64 UNIX Running the ps command, Local Disclosure of Sensitive Information (04.05.2007)

xscreensaver console access protection bypass
Published:04.05.2007
Source:
SecurityVulns ID:7668
Type:remote
Threat Level:
5/10
Description:Application crashes on network link failure, if remote authentication is used. It makes it possible to access protected X session.
Affected:XSCREENSAVER : xscreensaver 4.14
 XORG : xscreensaver 5.01
CVE:CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.)
Original documentdocumentMANDRIVA, [ MDKSA-2007:097 ] - Updated xscreensaver packages fix vulnerability (04.05.2007)

GIMP buffer overflow
Published:04.05.2007
Source:
SecurityVulns ID:7669
Type:local
Threat Level:
4/10
Description:Buffer overflow in SUNRAS plugin on RAS files parsing.
Affected:GNU : GIMP 2.2
CVE:CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.)
Original documentdocumentRPATH, rPSA-2007-0090-1 gimp (04.05.2007)

HP ProCurve 9300 switches DoS
Published:04.05.2007
Source:
SecurityVulns ID:7670
Type:remote
Threat Level:
5/10
Affected:HP : ProCurve 9300
CVE:CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015.)
Original documentdocumentHP, [security bulletin] HPSBMI02210 SSRT071396 rev.1 - ProCurve Series 9300m Switches, Remote Denial of Service (DoS) (04.05.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod