Computer Security
[EN] securityvulns.ru no-pyccku


DevIL library buffer overflow
Published:04.12.2009
Source:
SecurityVulns ID:10444
Type:library
Threat Level:
5/10
Description:Buffer overflow in GetUID() function on DICOM image format parsing.
Affected:DEVIL : DevIL 1.7
Original documentdocumentSECUNIA, Secunia Research: DevIL DICOM "GetUID()" Buffer Overflow Vulnerability (04.12.2009)

FreeBSD privilege escalation
updated since 01.12.2009
Published:04.12.2009
Source:
SecurityVulns ID:10429
Type:local
Threat Level:
7/10
Description:It's possible to bypass environment variables filtering on suid program execution.
Affected:FREEBSD : FreeBSD 7.1
 FREEBSD : FreeBSD 7.2
 FREEBSD : FreeBSD 8.0
CVE:CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.)
 CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:16.rtld (04.12.2009)
 documentKingcope Kingcope, ** FreeBSD local r00t zeroday (01.12.2009)
Files:FreeBSD local r00t zeroday exploit

freebsd-update weak permissions
Published:04.12.2009
Source:
SecurityVulns ID:10442
Type:local
Threat Level:
5/10
Description:Read permission is always set for updated files.
Affected:FREEBSD : FreeBSD 6.3
 FREEBSD : FreeBSD 7.1
 FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD 7.2
 FREEBSD : FreeBSD 8.0
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:17.freebsd-update (04.12.2009)

PHP multiple security vulnerabilities
updated since 24.11.2009
Published:04.12.2009
Source:
SecurityVulns ID:10417
Type:local
Threat Level:
5/10
Description:safe_mode bypass via different functions.
Affected:PHP : PHP 5.3
CVE:CVE-2009-3559 (** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.)
 CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.)
 CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.)
Original documentdocumentMaksymilian Arciemowicz, PHP 5.3.1 open_basedir bypass (04.12.2009)
 documentMANDRIVA, [ MDVSA-2009:302 ] php (24.11.2009)

DAZ Studio code execution
Published:04.12.2009
Source:
SecurityVulns ID:10439
Type:local
Threat Level:
3/10
Description:Code execution via .ds, .dsa, .dse, .dsb.
Affected:DAZ3D : DAZ Studio 3.0
 DAZ3D : DAZ Studio 2.3
CVE:CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0911: DAZ Studio Arbitrary Command Execution (04.12.2009)

QEMU virtual machines DoS
Published:04.12.2009
Source:
SecurityVulns ID:10440
Type:remote
Threat Level:
5/10
Description:Invalid configuration of virtio network.
Affected:QEMU : qemu 0.11
Original documentdocumentUBUNTU, [USN-863-1] QEMU vulnerability (04.12.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.12.2009
Source:
SecurityVulns ID:10443
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TYPO3 : typo3 4.2
 WORDPRESS : Yoast GA Plugin 3.4 for Wordpress
 INVISION : Invision Power Board 3.0
Original documentdocumentDawid Golunski, Invision Power Board <= 3.0.4 Local PHP File Inclusion and SQL Injection (04.12.2009)
 documentadvisories_(at)_intern0t.net, [InterN0T] Google Analytics plugin for Wordpress - XSS Vulnerability (04.12.2009)
 documentMustLive, Vulnerabilities in TYPO3 (04.12.2009)

U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation
updated since 04.12.2009
Published:09.12.2009
Source:
SecurityVulns ID:10441
Type:local
Threat Level:
5/10
Description:Application executes all executables with predefined names found in system.
Original documentdocumentFrank Stuart, UPDATE: DISA Unix SRR root compromise / CVE-2009-4211 / VU#433821 (09.12.2009)
 documentFrank Stuart, U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) root compromise / VU#433821 (04.12.2009)

Adobe Illustrator buffer overflow
updated since 04.12.2009
Published:08.01.2010
Source:
SecurityVulns ID:10445
Type:remote
Threat Level:
5/10
Description:Buffer overflow on .EPS files parsing.
Affected:ADOBE : Illustrator CS4
Original documentdocumentSECUNIA, Secunia Research: Adobe Illustrator Encapsulated Postscript Parsing Vulnerability (08.01.2010)
 documentrgod, Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) Overlong DSC Comment Buffer Overflow Exploit (04.12.2009)
Files:Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod