Search:Vulnerability:05.11.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

T-Mobile G1 phone Google Android protection bypass
Published: 05.11.2008
Source: BUGTRAQ
SecurityVulns ID: 9410
Type: remote
Level: 5/10
Description: Pplication can run telnetd with root privileges.

Affected: T-MOBILE : G1

Original document Jim Paris, Applications can open up remote root access on G1 Phone (05.11.2008)

Discuss: Read or add your comments to this news (0 comments)

Adobe Acrobat / Reader multiple security vulnerabilities
Published: 05.11.2008
Source: CERT
SecurityVulns ID: 9408
Type: client
Level: 9/10
Description: Buffer overflows, memory corruptions,code execution on PDF parsing.

Affected: ADOBE : Adobe Reader 8.1
ADOBE : Acrobat 8.1
CVE: CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.)
CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.)

Original document IDEFENSE, iDefense Security Advisory 11.04.08: Adobe Acrobat And Reader AcroJS Heap Corruption Vulnerability (05.11.2008)

ZDI, ZDI-08-072: Adobe Acrobat PDF Javascript printf Stack Overflow Vulnerability (05.11.2008)

ZDI, ZDI-08-073: Adobe Acrobat Reader Malformed PDF Code Execution Vulnerability (05.11.2008)

document ZDI, ZDI-08-074: Adobe Acrobat PDF Javascript getCosObj Memory Corruption Vulnerability (05.11.2008)

IDEFENSE, iDefense Security Advisory 11.04.08: Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability (05.11.2008)

CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0526: Adobe Reader Javascript Printf Buffer Overflow (05.11.2008)

document SECUNIA, Secunia Research: Adobe Acrobat/Reader "util.printf()" Buffer Overflow (05.11.2008)

CERT, US-CERT Technical Cyber Security Alert TA08-309A -- Adobe Reader and Acrobat Vulnerabilities (05.11.2008)

Discuss: Read or add your comments to this news (0 comments)

Linux kernel multiple security vulnerabilities
updated since 05.11.2008
Published: 24.11.2008
Source: BUGTRAQ
SecurityVulns ID: 9409
Type: remote
Level: 6/10
Description: Buffer overflow on oversized ESSID in ndiswrapper. DoS with corrupter ext2 / ext3 filesystem.

Affected: LINUX : kernel 2.6
CVE: CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.)
CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.)

Original document UBUNTU, [USN-662-1] Linux kernel vulnerabilities (05.11.2008)

Discuss: Read or add your comments to this news (0 comments)

test server