Computer Security
[EN] securityvulns.ru no-pyccku


Nessus privilege escalation
updated since 24.03.2014
Published:07.04.2014
Source:
SecurityVulns ID:13622
Type:local
Threat Level:
5/10
Description:Weak permissions for plugin library, insecure temporary files creation.
Affected:TEANABLE : Nessus 5.2
Original documentdocument0a29 40, 0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day] (07.04.2014)
 documentNCC Group Research, NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation (24.03.2014)

RSA BSAFE multiple security vulnerabilities
Published:07.04.2014
Source:
SecurityVulns ID:13663
Type:remote
Threat Level:
6/10
Description:Buffer overflows, SSL attacks, protection bypass.
Affected:EMC : RSA BSAFE SSL-J
 EMC : RSA BSAFE SSL-C
CVE:CVE-2014-0627 (The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.)
 CVE-2014-0626 (The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.)
 CVE-2014-0625 (The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.)
 CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.)
 CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.)
 CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
 CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.)
Original documentdocumentEMC, ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities (07.04.2014)
 documentEMC, ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities (07.04.2014)
 documentEMC, ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities (07.04.2014)

CA Erwin Web Portal directory traversal
Published:07.04.2014
Source:
SecurityVulns ID:13664
Type:remote
Threat Level:
5/10
Description:File request is not checked.
Affected:CA : ERwin Web Portal 9.5
CVE:CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.)
Original documentdocumentCA, CA20140403-01: Security Notice for CA Erwin Web Portal (07.04.2014)

HP Integrated Lights-Out unauthorized access
Published:07.04.2014
Source:
SecurityVulns ID:13665
Type:remote
Threat Level:
5/10
Description:Information leakage of password.
Affected:HP : Integrated Lights-Out 3
 HP : Integrated Lights-Out 4
 HP : Integrated Lights-Out 2
CVE:CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.)
Original documentdocumentHP, [security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) (07.04.2014)

Microsoft Outlook DoS
Published:07.04.2014
Source:
SecurityVulns ID:13666
Type:client
Threat Level:
5/10
Description:Outlook hangs on XML parsing.
Affected:MICROSOFT : Outlook 2008
 MICROSOFT : Outlook 2010
 MICROSOFT : Outlook 2013
 MICROSOFT : Outlook 2011 for Mac
Original documentdocumentLubomir Stroetmann, [softScheck] Denial of Service in Microsoft Office 2007-2013 (07.04.2014)

MobileIron authentication bypass
Published:07.04.2014
Source:
SecurityVulns ID:13667
Type:remote
Threat Level:
5/10
Description:Unauthorized XML files access.
CVE:CVE-2014-1409
 CVE-2013-7286
Original documentdocumentFlorent Daigniere, [MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability (07.04.2014)

Rhythm File Manager multiple security vulnerabilities
Published:07.04.2014
Source:
SecurityVulns ID:13668
Type:remote
Threat Level:
5/10
Description:Information leakage, privilege escalation, code execution.
Affected:RHYTHM : Rhythm File Manager 1.16
 RHYTHM : Rhythm File Manager HD 1.11
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager (07.04.2014)

EMC RSA Adaptive Authentication security vulnerabilities
Published:07.04.2014
Source:
SecurityVulns ID:13669
Type:remote
Description:Crossite scripting.
Affected:EMC : RSA Adaptive Authentication 7.1
CVE:CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue.)
 CVE-2014-0637 (Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentEMC, ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities (07.04.2014)

a2ps code execution
Published:07.04.2014
Source:
SecurityVulns ID:13671
Type:library
Threat Level:
5/10
Description:Macro are not filtered in Postscript processin.
Affected:A2PS : a2ps 4.14
CVE:CVE-2014-0466 (The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.)
 CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2892-1] a2ps security update (07.04.2014)

OpenLDAP DoS
Published:07.04.2014
Source:
SecurityVulns ID:13672
Type:remote
Threat Level:
5/10
Description:Resources exhaustion.
Affected:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:026 ] openldap (07.04.2014)

Apple BootCamp privilege escalation
Published:07.04.2014
Source:
SecurityVulns ID:13673
Type:local
Threat Level:
5/10
Description:Kernel memory corruption on PE files parsing.
Affected:APPLE : Boot Camp 5.1
CVE:CVE-2014-1253 (AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file.)
Original documentdocumentAPPLE, APPLE-SA-2014-02-11-1 Boot Camp 5.1 (07.04.2014)

lxc protection bypass
Published:07.04.2014
Source:
SecurityVulns ID:13674
Type:library
Threat Level:
5/10
Description:Invalid sshd mount permissions template.
Affected:LXC : LXC 1.0
CVE:CVE-2013-6441 (The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.)
Original documentdocumentUBUNTU, [USN-2104-1] LXC vulnerability (07.04.2014)

Symantec Endpoint Protection security vulnerabilities
Published:07.04.2014
Source:
SecurityVulns ID:13676
Type:remote
Threat Level:
5/10
Description:SQL injection, information leakage.
Affected:SYMANTEC : Symantec Endpoint Protection 12.1
CVE:CVE-2013-5015 (SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2013-5014 (The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection (07.04.2014)

Dassault Systemes Catia buffer overflow
Published:07.04.2014
Source:
SecurityVulns ID:13677
Type:remote
Threat Level:
5/10
Description:Buffer overflow on network request parsing.
Affected:DASSAULT : Catia V5-6R2013
CVE:CVE-2014-2072
Original documentdocument0xnanoquetz9l_(at)_gmail.com, Public disclosure of Buffer Overflow Dassault Systems (07.04.2014)

Openswan / Strongswan security vulnerabilities
updated since 07.04.2014
Published:07.05.2014
Source:
SecurityVulns ID:13670
Type:remote
Threat Level:
7/10
Description:Buffer overflow, DoS, protection bypass.
Affected:OPENSWAN : Openswan 2.6
 STRONGSWAN : strongSwan 5.1
CVE:CVE-2014-2891 (strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.)
 CVE-2014-2338 (IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.)
 CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.)
 CVE-2013-2053 (Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2922-1] strongswan security update (07.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2903-1] strongswan security update (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2893-1] openswan security update (07.04.2014)

Asus RT routers unauthorized access
updated since 07.04.2014
Published:11.02.2015
Source:
SecurityVulns ID:13675
Type:remote
Threat Level:
5/10
Description:Full anonymous access is allowed be default. Authentication bypass. Crossite scripting.
Affected:ASUS : Asus RT-N66U
 ASUS : Asus RT-AC66U
 ASUS : Asus RT-AC56U
 ASUS : Asus RT-N56U
 ASUS : Asus RT-N16
 ASUS : Asus RT-AC68U
 ASUS : Asus RT-N10U
 ASUS : Asus DSL-N55U
 ASUS : Asus RT-N15U
 ASUS : Asus RT-N53
 ASUS : Asus RT-N10
CVE:CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.)
Original documentdocumentkingkaustubh_(at)_me.com, CVE-2015-1437 XSS In ASUS Router. (11.02.2015)
 documentkingkaustubh_(at)_me.com, Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router (02.02.2015)
 documentkingkaustubh_(at)_me.com, Reflected XSS vulnarbility in Asus RT-N10 Plus Router (02.02.2015)
 documentbuqtraq_(at)_kyber.fi, ASUS router drive-by code execution via XSS and authentication bypass (07.04.2014)
 documentkyle Lovett, ASUS RT Series Routers FTP Service - Default anonymous access (07.04.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod