Computer Security
[EN] securityvulns.ru no-pyccku


Apache HTTPD information leak
Published:09.03.2010
Source:
SecurityVulns ID:10674
Type:remote
Threat Level:
5/10
Description:Under some conditions it's possible to access memory with data related to prvious requests.
Affected:APACHE : Apache 2.2
CVE:CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:057 ] apache (09.03.2010)

gnome-screensaver protection bypass
updated since 16.02.2010
Published:09.03.2010
Source:
SecurityVulns ID:10622
Type:local
Threat Level:
5/10
Description:Screensaver crash on monitor hotplugging.
Affected:GNOME : gnome-screensaver 2.28
CVE:CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.)
 CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.)
 CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.)
 CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.)
Original documentdocumentUBUNTU, [USN-907-1] gnome-screensaver vulnerabilities (09.03.2010)
 documentUBUNTU, [USN-898-1] gnome-screensaver vulnerability (16.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod