Computer Security
[EN] securityvulns.ru no-pyccku


IBM Tivoli Storage Manager Remote Agent buffer overflow
Published:04.05.2009
Source:
SecurityVulns ID:9892
Type:remote
Threat Level:
6/10
Description:Few different buffer overflows.
Affected:IBM : Tivoli Storage Manager Express Client 5.3
CVE:CVE-2008-4828 (Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.)
Original documentdocumentSECUNIA, Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows (04.05.2009)

Linux kernel multiple security vulnerabilities
Published:04.05.2009
Source:
SecurityVulns ID:9889
Type:remote
Threat Level:
7/10
Description:Multiple DoS conditions, peivilege escalations, information leaks and memory corruptions.
Affected:LINUX : kernel 2.6
CVE:CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.)
 CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via a kill command.)
 CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.)
 CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.)
 CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.)
 CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.)
 CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "an off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.)
 CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.)
 CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.)
 CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities (04.05.2009)

Buffer overflow in grabit
Published:04.05.2009
Source:
SecurityVulns ID:9891
Type:client
Threat Level:
5/10
Description:Buffer overflow on .NZB file parsing.
Affected:SHEMES : Grabit 1.7
Original documentdocumentNiels Teusink, Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow (04.05.2009)
Files:Grabit<=1.7.2 Beta 3 (.nzb) SEH Overwrite Exploit

libwmf use-after-free vulnerability
Published:04.05.2009
Source:
SecurityVulns ID:9890
Type:library
Threat Level:
6/10
Description:Use of freed memory on WMF file proceeing.
Affected:LIBWMF : libwmf 0.2
CVE:CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.)
Original documentdocumentUBUNTU, [USN-769-1] libwmf vulnerability (04.05.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.05.2009
Source:
SecurityVulns ID:9893
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. OpenX: crossite scripting, information leak.
Affected:COPPERMINE : Coppermine Photo Gallery 1.4
 OPENX : OpenX 2.6
 MYBB : MyBB 1.4
 OPENX : OpenX 2.8
 PROJECTCMS : ProjectCMS 1.1
Original documentdocumenty3nh4ck3r_(at)_gmail.com, MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta--> (04.05.2009)
 documentJacques Copeau, “Cross-Site Scripting” vulnerability in MyBB 1.4.5 (04.05.2009)
 documentdarkz.gsa_(at)_gmail.com, Coppermine Photo Gallery 1.4.21 Cross-Site Scripting (04.05.2009)
 documentMustLive, Vulnerabilities in OpenX (04.05.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod