Asterisk VoIP server user accounts enumeration
Published:		08.04.2009
Source:		BUGTRAQ
SecurityVulns ID:		9800
Type:		remote
Level:		3/10
Description:		Different replies for non-exstant SIP account and invalid password.

Affected:		ASTERISK : Asterisk 1.4
		ASTERISK : Asterisk 1.6
CVE:		CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames.)

Original document		VMWARE, TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow (08.04.2009)
		VMWARE, TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow (08.04.2009)
		ASTERISK, AST-2009-003: SIP responses expose valid usernames (08.04.2009)

Discuss:

Read or add your comments to this news (0 comments)

Apache mod_jk information leak
Published:		08.04.2009
Source:		BUGTRAQ
SecurityVulns ID:		9802
Type:		remote
Level:		5/10
Description:		Under specific conditions reply on client's request may be received by different client.

Affected:		APACHE : mod_jk 1.2
CVE:		CVE-2008-5519

Original document

APACHE, [SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability (08.04.2009)

Discuss:

Read or add your comments to this news (0 comments)

MIT Kerberos 5 multiple security vulnerabilities
Published:		08.04.2009
Source:		BUGTRAQ
SecurityVulns ID:		9803
Type:		remote
Level:		7/10
Description:		Multiple DoS conditions, free() of uninitialized pointer.

Affected:		MIT : krb5 1.5
		MIT : krb5 1.6
CVE:		CVE-2009-0847 (The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.)
		CVE-2009-0846 (The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.)
		CVE-2009-0845 (The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.)
		CVE-2009-0844 (The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.)

Original document		MIT, MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846] (08.04.2009)
		MIT, MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847] (08.04.2009)

Discuss:

Read or add your comments to this news (0 comments)

Novell Netware Client code execution
Published:		08.04.2009
Source:		BUGTRAQ
SecurityVulns ID:		9805
Type:		remote
Level:		6/10
Description:		Invalid pointer dereference on named pipe message parsing.

Original document

ZDI, ZDI-09-016: Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability (08.04.2009)

Discuss:

Read or add your comments to this news (0 comments)

xinelib library integer overflow
Published:		08.04.2009
Source:		BUGTRAQ
SecurityVulns ID:		9806
Type:		library
Level:		6/10
Description:		Integer overflow on Quicktime XTTS atom parsing.

Affected:		XINE : xine-lib 1.1
		XINE : xine 1.1

Original document

tk_(at)_trapkit.de, [TKADV2009-005] xine-lib Quicktime STTS Atom Integer Overflow (08.04.2009)

Discuss:

Read or add your comments to this news (0 comments)

xpdf code execution
Published:		08.04.2009
Source:		BUGTRAQ
SecurityVulns ID:		9804
Type:		local
Level:		4/10
Description:		xpdfrc file from current location may be processed.

Affected:		XPDF : xpdf 3.02
CVE:		CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.)

Original document

GENTOO, [ GLSA 200904-07 ] Xpdf: Untrusted search path (08.04.2009)

Discuss:

Read or add your comments to this news (0 comments)

IrfanView integer overflow
Published:		08.04.2009
Source:		BUGTRAQ
SecurityVulns ID:		9807
Type:		local
Level:		4/10
Description:		Integer overflow on XPM image parsing.

Affected:		IRFANVIEW : IrfanView 4.22
CVE:		CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large XPM file that triggers a heap-based buffer overflow.)

Original document

SECUNIA, Secunia Research: IrfanView Formats Plug-in XPM Parsing Integer Overflow (08.04.2009)

Discuss:

Read or add your comments to this news (0 comments)

VMWare multiple security vulnerabilities updated since 08.04.2009
Published:		12.04.2009
Source:		BUGTRAQ
SecurityVulns ID:		9801
Type:		remote
Level:		6/10
Description:		Multiple DoS conditions, privilege escalations, buffer overflows in VNnc codec.

Affected:		VMWARE : VMware Server 1.0
		VMWARE : VMware ESX 3.0
		VMWARE : VMware ESXi 3.5
		VMWARE : VMware ESXi 3.0
		VMWARE : VMware ESX 3.5
		VMWARE : VMware Workstation 6.5
		VMWARE : VMware Player 2.5
		VMWARE : VMware ACE 2.5
		VMWARE : VMware Server 2.0
		VMWARE : VMware Fusion 2.0
CVE:		CVE-2009-1244 (Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.)
		CVE-2009-1147 (Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors.)
		CVE-2009-1146 (Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.)
		CVE-2009-0910 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CVE-436.)
		CVE-2009-0909 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CVE-435.)
		CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.)
		CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.)
		CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130 and earlier, and VMware Player 2.5.1 build 126130 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.)
		CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors.)
		CVE-2008-3761 (hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.)

Original document		VMWARE, VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability (12.04.2009)
		VMWARE, VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues (08.04.2009)

Discuss:

Read or add your comments to this news (0 comments)