Computer Security
[EN] securityvulns.ru
no-pyccku

  

Cisco IPSec information leakage
Published:06.12.2010
Source:
SecurityVulns ID:11280
Type:remote
Threat Level:
4/10
Description:It's possible to enumerate group names.
Original documentdocumentResearch@NGSSecure, NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration (06.12.2010)

bind named DNS server vulnerabilities
Published:06.12.2010
Source:
SecurityVulns ID:11279
Type:remote
Threat Level:
6/10
Description:DoS, information leaks.
Affected:ISC : bind 9.7
CVE:CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.)
 CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.)
Original documentdocumentUBUNTU, [USN-1025-1] Bind vulnerabilities (06.12.2010)

Microsoft Windows hidden administrative group membership
Published:06.12.2010
Source:
SecurityVulns ID:11281
Type:local
Threat Level:
3/10
Description:It's possible to include user's account into administrative group without direct group membership.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
Original documentdocumentSteno Plasma, Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) (06.12.2010)

VMWare application multiple security vulnerabilities
updated since 06.12.2010
Published:10.12.2010
Source:
SecurityVulns ID:11282
Type:client
Threat Level:
6/10
Description:Privilege escalation, code execution.
Affected:VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Workstation 6.5
 VMWARE : VMware Player 2.5
 VMWARE : VMware ESXi 4.0
 VMWARE : VMware ESX 4.0
 VMWARE : VMware Workstation 7.1
 VMWARE : VMware Player 3.1
 VMWARE : VMware Fusion 3.1
 VMWARE : VMware ESXi 4.1
 VMWARE : VMWare ESX 4.1
CVE:CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.)
 CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.)
 CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.)
 CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.)
Original documentdocumentBonsai - Information Security, Bonsai Information Security - VMware Tools update OS Command Injection (10.12.2010)
 documentVMWARE, VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues (06.12.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru