Computer Security
[EN] securityvulns.ru no-pyccku


Apple Mac OS X multiple security vulnerabilities
updated since 04.07.2011
Published:06.07.2011
Source:
SecurityVulns ID:11754
Type:remote
Threat Level:
8/10
Description:DoS conditions, buffer overflows, information leaks, code execution in different subsystems.
Affected:APPLE : MacOS X 10.6
CVE:CVE-2011-1132 (The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.)
 CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.)
 CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.)
 CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.)
 CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.)
 CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.)
 CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.)
 CVE-2011-0208 (QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.)
 CVE-2011-0207 (The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.)
 CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.)
 CVE-2011-0205 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.)
 CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.)
 CVE-2011-0203 (Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.)
 CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.)
 CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.)
 CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.)
 CVE-2011-0199 (The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.)
 CVE-2011-0198 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.)
 CVE-2011-0197 (App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.)
 CVE-2011-0196 (AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.)
 CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.)
 CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability.")
 CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.)
 CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.)
 CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.)
 CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table.")
 CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.)
 CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.)
 CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.)
 CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments.")
 CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT.")
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.)
 CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.)
 CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.)
 CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.)
 CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability, related to FTP.)
 CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.)
Original documentdocumentZDI, ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability (06.07.2011)
 document[email protected], NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow (06.07.2011)
 document[email protected], NGS00052 Technical Advisory: Apple Mac OS X Image RAW Multiple Buffer Overflows (06.07.2011)
 document[email protected], NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow (06.07.2011)
 documentZDI, ZDI-11-229: Apple QuickTime RIFF fmt Chunk Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentZDI, ZDI-11-228: Apple ColorSync ICC Profile ncl2 Parsing Remote Code Execution Vulnerability (04.07.2011)
 documentAPPLE, About the security content of Mac OS X v10.6.8 and Security Update 2011-004 (04.07.2011)

WinAmp multiple security vulnerabilities
updated since 04.07.2011
Published:06.07.2011
Source:
SecurityVulns ID:11755
Type:client
Threat Level:
5/10
Description:Multiple vulnerabilities on FLV and MIDI files parsing.
Affected:NULLSOFT : WinAmp 5.61
Original documentdocumentLuigi Auriemma, in_midi multiple vulnerabilities in Winamp 5.61 (06.07.2011)
 documentLuigi Auriemma, Multiple vulnerabilities in Winamp 5.61 (04.07.2011)

Cisco VPN client weak permissons
Published:06.07.2011
Source:
SecurityVulns ID:11762
Type:local
Threat Level:
5/10
Description:Weak installation permissions allow unprivileged user to overwrite executable.
Original documentdocument[email protected], NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation (06.07.2011)

PHP directory traversal
Published:06.07.2011
Source:
SecurityVulns ID:11763
Type:library
Threat Level:
7/10
Description:Directory traversal in RFC 1867 files upload.
Affected:PHP : PHP 5.3
CVE:CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability.")

NetBSD network functions buffer overflow
Published:06.07.2011
Source:
SecurityVulns ID:11765
Type:library
Threat Level:
6/10
Description:Buffer overflow on oversized argument in getservbyname() and getservbyport().
Affected:NETBSD : NetBSD 5.1
CVE:CVE-2011-1656
Original documentdocumentMaksymilian Arciemowicz, NetBSD 5.1 libc/net multiple functions stack buffer overflow (06.07.2011)

OpenSSH buffer overflow
Published:06.07.2011
Source:
SecurityVulns ID:11766
Type:remote
Threat Level:
8/10
Description:Buffer overflow on oversized username if pam_opie is enabled.
Affected:OPENSSH : OpenSSH 3.4
Original documentdocumentHI-TECH ., Working Remote Root Exploit for OpenSSH 3.4p1 (FreeBSD) (06.07.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.07.2011
Source:
SecurityVulns ID:11767
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WordPress 3.1
 JOOMLA : Joomla 1.6
 WEBCALENDAR : Webcalendar 1.2
 WORDPRESS : WordPress 3.2
Original documentdocumentpierre.ernst_(at)_ca.ibm.com, Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used (06.07.2011)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20110701-0 :: Multiple SQL injection vulnerabilities in WordPress (06.07.2011)
 documentsschurtz_(at)_t-online.de, Multiple Cross-Site Scripting vulnerabilities in WebCalendar (06.07.2011)
 documentYGN Ethical Hacker Group, Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities (06.07.2011)
 documentSee Me, FCKeditor Multiple 0day Vulnerabilities (06.07.2011)

HP OpenView Storage Data Protector multiple security vulnerabilities
Published:06.07.2011
Source:
SecurityVulns ID:11768
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities in TCP/5555 service.
Affected:HP : OpenView Storage Data Protector 6.00
 HP : OpenView Storage Data Protector 6.11
 HP : OpenView Storage Data Protector 6.10
 HP : OpenView Storage Data Protector 6.20
CVE:CVE-2011-1866 (Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.)
 CVE-2011-1865 (Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.)
 CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters.)
 CVE-2011-1514 (The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing crafted parameters.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0606: HP Data Protector EXEC_CMD Buffer Overflow Vulnerability (06.07.2011)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0514: Multiple vulnerabilities in HP Data Protector (06.07.2011)
 documentHP, [security bulletin] HPSBMU02686 SSRT100541 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code (06.07.2011)

HP Intelligent Management Center User Access Manager code execution
Published:06.07.2011
Source:
SecurityVulns ID:11769
Type:remote
Threat Level:
5/10
Description: Buffer overflow on TCP/9090 data processing.
Affected:HP : HP Intelligent Management Center 5.0
CVE:CVE-2011-1867 (Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.)
Original documentdocumentHP, ZDI-11-232: HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability (06.07.2011)
 documentHP, [security bulletin] HPSB3C02687 SSRT100377 rev.1 - HP Intelligent Management Center User Access Manager (UAM) and Endpoint Admission Defense (EAD), Remote Execution of Arbitrary Code (06.07.2011)

Novell ZenWorks Handheld Management directory traversal
Published:06.07.2011
Source:
SecurityVulns ID:11770
Type:remote
Threat Level:
6/10
Description:Directory traversal on TCP/2398 request processing.
Affected:NOVELL : ZenWorks Handheld Management 7.0
Original documentdocumentLuigi Auriemma, Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2 (06.07.2011)

ISC bind named DNS server DoS
updated since 06.07.2011
Published:09.07.2011
Source:
SecurityVulns ID:11761
Type:remote
Threat Level:
7/10
Description:Crash on request processing.
Affected:ISC : bind 9.6
 ISC : bind 9.7
 BIND : bind 9.8
CVE:CVE-2011-2465 (Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.)
 CVE-2011-2464 (Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.)
Original documentdocumentISC, Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations (09.07.2011)
 documentISC, Security Advisory: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers (09.07.2011)
 documentUBUNTU, [USN-1163-1] Bind vulnerability (06.07.2011)

kvm code execution
updated since 06.07.2011
Published:26.07.2011
Source:
SecurityVulns ID:11764
Type:local
Threat Level:
5/10
Description:virtio commands processing code execution.
Affected:LINUX : kvm 0.14
CVE:CVE-2011-2527 (The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.)
 CVE-2011-2512 (The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.)
 CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2282-1] qemu-kvm security update (26.07.2011)
 documentDEBIAN, [SECURITY] [DSA 2270-1] qemu-kvm security update (06.07.2011)

HP OpenView Performance Agent DoS
updated since 06.07.2011
Published:01.08.2011
Source:
SecurityVulns ID:11771
Type:remote
Threat Level:
5/10
Description:It's possible to remove arbitrary files via TCP/383 HTTP request.
Affected:HP : OpenView Performance Agent 6.20
CVE:CVE-2011-2608 (ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.)
Original documentdocumentHP, [security bulletin] HPSBMU02691 SSRT100483 rev.2 - HP Performance Agent and HP Operations Agent, Remote Arbitrary File Deletion (01.08.2011)
 documentLuigi Auriemma, Arbitrary files deletion in HP OpenView Performance Agent (06.07.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod