Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime multiple security vulnerabilities
updated since 12.12.2010
Published:04.07.2011
Source:
SecurityVulns ID:11290
Type:remote
Threat Level:
8/10
Description:Memory corruptions on MPEG, Sorenson, AVI, JP2, FlashPix, GIF, PICT, QTVR and another video formats parsing.
Affected:QUICKTIME : QuickTime 7.6
CVE:CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.)
 CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.)
 CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.)
 CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.)
 CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.)
 CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.)
 CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.)
 CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.)
 CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.)
 CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.)
 CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.)
 CVE-2010-1508 (Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.)
 CVE-2010-0530 (Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.)
Original documentdocumentZDI, ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-231: Apple QuickTime Pict File Matrix Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-038: Apple Quicktime Sprite Transformation Remote Code Execution Vulnerability (04.02.2011)
 documentCHECKPOINT, Apple Quicktime Memory Corruption - CVE-2010-3801 (17.12.2010)
 documentIDEFENSE, iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability (12.12.2010)
 documentSECUNIA, Secunia Research: QuickTime Track Dimensions Buffer Overflow Vulnerability (12.12.2010)
 documentAPPLE, About the security content of QuickTime 7.6.9 (12.12.2010)

Ashampoo 3D CAD ActiveX unsafe method
Published:04.07.2011
Source:
SecurityVulns ID:11751
Type:client
Threat Level:
5/10
Description:Unsafe SaveData method allows to create files.
Original documentdocumentHigh-Tech Bridge Security Research, Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method (04.07.2011)

smallftp DoS
Published:04.07.2011
Source:
SecurityVulns ID:11752
Type:remote
Threat Level:
5/10
Description:Connection flood causes server to hang or crash.
Affected:SMALLFTPD : smallftpd 1.0
Original documentdocumentYGN Ethical Hacker Group, smallftpd <= 1.0.3-fix | Connection Saturation Remote Denial of Service Vulnerability (04.07.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.07.2011
Source:
SecurityVulns ID:11753
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Original documentdocumentMustLive, Уязвимости в модуле Print для Drupal (04.07.2011)

pidgin instant messenger DoS
Published:04.07.2011
Source:
SecurityVulns ID:11756
Type:remote
Threat Level:
5/10
Description:Memory exhaustion on GIF icons parsing.
Affected:PIDGIN : Pidgin 2.9
CVE:CVE-2011-2485 (The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.)
Original documentdocumentSLACKWARE, [slackware-security] pidgin (SSA:2011-178-01) (04.07.2011)

Asterisk user account enumeration
Published:04.07.2011
Source:
SecurityVulns ID:11757
Type:remote
Threat Level:
5/10
Description:Different replies on mismatched usernames and passwords.
Affected:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
CVE:CVE-2011-2536 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.)
Original documentdocumentASTERISK, AST-2011-011: Possible enumeration of SIP users due to differing authentication responses (04.07.2011)

Citrix EdgeSight buffer overflow
Published:04.07.2011
Source:
SecurityVulns ID:11759
Type:remote
Threat Level:
7/10
Description:Buffer overflow on TCP/18747 request parsing.
Original documentdocumentZDI, ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution Vulnerability (04.07.2011)

Novell File Reporter Engine buffer overflow
Published:04.07.2011
Source:
SecurityVulns ID:11760
Type:remote
Threat Level:
6/10
Description:Buffer overflow on TCP/3035 HTTPs response parsing.
CVE:CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.)
Original documentdocumentZDI, ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability (04.07.2011)

Apple Mac OS X multiple security vulnerabilities
updated since 04.07.2011
Published:06.07.2011
Source:
SecurityVulns ID:11754
Type:remote
Threat Level:
8/10
Description:DoS conditions, buffer overflows, information leaks, code execution in different subsystems.
Affected:APPLE : MacOS X 10.6
CVE:CVE-2011-1132 (The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.)
 CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.)
 CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.)
 CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.)
 CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.)
 CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.)
 CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.)
 CVE-2011-0208 (QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.)
 CVE-2011-0207 (The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.)
 CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.)
 CVE-2011-0205 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.)
 CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.)
 CVE-2011-0203 (Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.)
 CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.)
 CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.)
 CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.)
 CVE-2011-0199 (The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.)
 CVE-2011-0198 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.)
 CVE-2011-0197 (App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.)
 CVE-2011-0196 (AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.)
 CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.)
 CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability.")
 CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.)
 CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.)
 CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.)
 CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table.")
 CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.)
 CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.)
 CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.)
 CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments.")
 CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT.")
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.)
 CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.)
 CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.)
 CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.)
 CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability, related to FTP.)
 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.)
Original documentdocumentZDI, ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability (06.07.2011)
 document[email protected], NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow (06.07.2011)
 document[email protected], NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows (06.07.2011)
 document[email protected], NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow (06.07.2011)
 documentZDI, ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentAPPLE, About the security content of Mac OS X v10.6.8 and Security Update 2011-004 (04.07.2011)

WinAmp multiple security vulnerabilities
updated since 04.07.2011
Published:06.07.2011
Source:
SecurityVulns ID:11755
Type:client
Threat Level:
5/10
Description:Multiple vulnerabilities on FLV and MIDI files parsing.
Affected:NULLSOFT : WinAmp 5.61
Original documentdocumentLuigi Auriemma, in_midi multiple vulnerabilities in Winamp 5.61 (06.07.2011)
 documentLuigi Auriemma, Multiple vulnerabilities in Winamp 5.61 (04.07.2011)

Sybase Advantage Server buffer overflow
updated since 04.07.2011
Published:14.07.2011
Source:
SecurityVulns ID:11758
Type:remote
Threat Level:
5/10
Description:Off-by-one overflow on TCP/6262, UDP/6262 traffic parsing. Format string vulnerability on TCP/5001 traffic processing.
Affected:SYBASE : Sybase Advantage Server 10.0
 SYBASE : Sybase Adaptive Server 15.5
Original documentdocumentLuigi Auriemma, bcksrvr format string in Sybase Adaptive Server 15.5 (14.07.2011)
 documentLuigi Auriemma, bcksrvr format string in Sybase Adaptive Server 15.5 (06.07.2011)
 documentLuigi Auriemma, Off-by-one in Sybase Advantage Server 10.0.0.3 (04.07.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod