Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.12.2008
Source:
SecurityVulns ID:9479
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MVNFORUM : mvnForum 1.2
 PROCLANMANAGER : Pro Clan Manager 0.4
Original documentdocumentr3d.w0rm_(at)_yahoo.com, Joomla Component GameQ (04.12.2008)
 documentoffice_(at)_hackattack.at, [HACKATTACK Advisory 20081203]Pro Clan Manager 0.4.2 - Session Fixation (04.12.2008)
 documentSecurity Vulnerability Research Team, [Full-disclosure] [SVRT-06-08] MULTI SECURITY VULNERABILITIES IN MVNFORUM (04.12.2008)

OptiPNG buffer overflow
Published:04.12.2008
Source:
SecurityVulns ID:9480
Type:remote
Threat Level:
5/10
Description:Buffer overflow on BMP images parsing.
Affected:OPTIPNG : OptiPNG 0.6
CVE:CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow.")
Original documentdocumentGENTOO, [ GLSA 200812-01 ] OptiPNG: User-assisted execution of arbitrary code (04.12.2008)

VMWare sandbox protection bypass
Published:04.12.2008
Source:
SecurityVulns ID:9481
Type:local
Threat Level:
6/10
Description:It's possilbe to access phisical memory from guest machine.
Affected:VMWARE : VMware Server 1.0
 VMWARE : VMWare Workstation 6.0
 VMWARE : VMWare Player 2.0
 VMWARE : VMWare ACE 2.0
 VMWARE : VMware ESX 3.0
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESX 3.5
CVE:CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.)
Original documentdocumentVMWARE, VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 (04.12.2008)

HP-UX DoS
Published:04.12.2008
Source:
SecurityVulns ID:9482
Type:local
Threat Level:
5/10
CVE:CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02389 SSRT080141 rev.1 - HP-UX, Local Denial of Service (DoS) (04.12.2008)

PHP ZipArchive::extractTo() directory traversal
Published:04.12.2008
Source:
SecurityVulns ID:9484
Type:library
Threat Level:
6/10
Description:Directory traversal then upacking ZIP files.
Affected:PHP : PHP 5.2
Original documentdocumentStefan Esser, [Full-disclosure] Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability (04.12.2008)

Orb media server DoS
Published:04.12.2008
Source:
SecurityVulns ID:9485
Type:remote
Threat Level:
5/10
Description:Crash on HTTP request parsing.
Affected:ORB : Orb 2.01
Original documentdocumentDDI.VulnerabilityAlert_(at)_ddifrontline.com, DDIVRT-2008-18 Orb Denial of Service (04.12.2008)

Perl symbolic links race conditions
updated since 27.12.2004
Published:04.12.2008
Source:
SecurityVulns ID:4314
Type:local
Threat Level:
5/10
Description:File::Path::rmtree unsecurely changes file permissions, creating race condiotns for symbolic links manipulation.
Affected:PERL : perl 5.8
 PERL : Perl 5.9
CVE:CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.)
 CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.)
 CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.)
 CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1678-1] New perl packages fix privilege escalation (04.12.2008)
 documentSECUNIA, [SA13643] Perl "File::Path::rmtree" Race Condition (27.12.2004)

Sun Java JRE / JDK / Web Start multiple security vulnerabilities
updated since 04.12.2008
Published:23.04.2009
Source:
SecurityVulns ID:9483
Type:library
Threat Level:
9/10
Description:JNLP may overwrite system properties java.home java.ext.dirs user.home Heap overflow and integer overflow on TrueType fonts parsing, memory corruption on GIF parsing, integer overflow on Pack200 decompression. Multiple sendbox protection bypass vulnerabilities.
Affected:SUN : JRE 1.6
 ORACLE : OpenJDK 6
CVE:CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.)
 CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.)
 CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.)
 CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.)
 CVE-2008-5353 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets and applications to gain privileges via unknown vectors related to "deserializing calendar objects.")
 CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.)
 CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.)
 CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.)
 CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.)
 CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.)
 CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.)
 CVE-2008-2086
Original documentdocumentThierry Zoller, [TZO-12-2009] SUN / Oracle JVM Remote code execution (23.04.2009)
 documentUBUNTU, [USN-713-1] openjdk-6 vulnerabilities (31.01.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA08-340A -- Sun Java Updates for Multiple Vulnerabilities (10.12.2008)
 documentZDI, ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities (09.12.2008)
 documentZDI, ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java Web Start GIF Decoding Memory Corruption Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Heap Overflow Vulnerability (09.12.2008)
 documentVSR Advisories, [Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override (04.12.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod