Computer Security
[EN] securityvulns.ru no-pyccku


PHP security vulnerabilities
updated since 19.12.2011
Published:08.02.2012
Source:
SecurityVulns ID:12097
Type:library
Threat Level:
6/10
Description:Reading outside allocated memory on JPEG exif headers parsing. CPU exhaustion because of predictable hash collisions for form data.
Affected:PHP : PHP 5.3
 PHP : PHP 5.4
CVE:CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.)
 CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.)
 CVE-2011-4566 (Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.)
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (02.01.2012)
 documentAndrea Barisani, [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision (02.01.2012)

usbmuxd buffer overflow
Published:08.02.2012
Source:
SecurityVulns ID:12167
Type:local
Threat Level:
5/10
Description:Buffer overflow on USB device SerialNumber parsing.
Affected:USBMUXD : usbmuxd 1.0
CVE:CVE-2012-0065 (Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list.)
Original documentdocumentUBUNTU, [USN-1354-1] usbmuxd vulnerability (08.02.2012)

Ubuntu utilities security vulnerabilities
Published:08.02.2012
Source:
SecurityVulns ID:12168
Type:local
Threat Level:
5/10
Description:AccountsService and Software Properties privlege escalation.
Affected:UBUNTU : Ubuntu 11.10
CVE:CVE-2011-4407 (ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.)
 CVE-2011-4406 (The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.)
Original documentdocumentUBUNTU, [USN-1352-1] Software Properties vulnerability (08.02.2012)
 documentUBUNTU, [USN-1351-1] AccountsService vulnerability (08.02.2012)

X.Org privilege escalation
Published:08.02.2012
Source:
SecurityVulns ID:12169
Type:local
Threat Level:
4/10
Description:Unprivileged user can start X server.
Affected:XORG : X11 7.6
CVE:CVE-2011-4613 (The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.)
Original documentdocumentUBUNTU, [USN-1349-1] X.Org vulnerability (08.02.2012)

Linux privilege escalation
Published:08.02.2012
Source:
SecurityVulns ID:12170
Type:local
Threat Level:
6/10
Description:Under some condirions mem_write allows to overrite process memory.
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.0
CVE:CVE-2012-0056 (The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.)

curl data injection
Published:08.02.2012
Source:
SecurityVulns ID:12171
Type:library
Threat Level:
5/10
Description:Data injection via request URL.
Affected:CURL : curl 7.21
CVE:CVE-2012-0036 (curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.)
Original documentdocumentUBUNTU, [USN-1346-1] curl vulnerability (08.02.2012)

QEMU buffer overflow
Published:08.02.2012
Source:
SecurityVulns ID:12172
Type:local
Threat Level:
5/10
Description:Buffer overflow in network card emulation.
Affected:QEMU : qemu 0.14
CVE:CVE-2012-0029 (Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.)

Mathopd directory traversal
Published:08.02.2012
Source:
SecurityVulns ID:12173
Type:remote
Threat Level:
5/10
Affected:MATHOPD : Mathopd 1.5
Original documentdocumentMateusz Goik, Mathopd - Directory Traversal Vulnerability (08.02.2012)

EMC Documentum xPlore information leakage
Published:08.02.2012
Source:
SecurityVulns ID:12174
Type:remote
Threat Level:
5/10
Description:Under specific circumstances, an authenticated user who does not have BROWSE permission on the object may be able to see the existence of or certain metadata on that object in a search result
Affected:EMC : Documentum xPlore 1.0
 EMC : Documentum xPlore 1.1
 EMC : Documentum xPlore 1.2
CVE:CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search.)
Original documentdocumentEMC, ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability (08.02.2012)

Opera array index overflow
Published:08.02.2012
Source:
SecurityVulns ID:12175
Type:client
Threat Level:
5/10
Description:Integer overflows in array functions.
Affected:OPERA : Opera 11.60
Original documentdocumentvulnhunt_(at)_gmail.com, [CAL-2012-0004] opera array integer overflow (08.02.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod