Computer Security
[EN] securityvulns.ru no-pyccku


libgssapi / libgssglue privilege escalation
Published:09.04.2013
Source:
SecurityVulns ID:12996
Type:library
Threat Level:
5/10
Description:Insecure getenv() usage
CVE:CVE-2011-2709 (libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:043 ] libgssglue (09.04.2013)

MIT Kerberos 5 DoS
Published:09.04.2013
Source:
SecurityVulns ID:12997
Type:remote
Threat Level:
5/10
Description:pkinit_crypto_openssl.c NULL pointer dereference
Affected:MIT : krb5 1.11
CVE:CVE-2013-1415 (The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.)

HP LoadRunner security vulnerabilities
Published:09.04.2013
Source:
SecurityVulns ID:12998
Type:remote
Threat Level:
6/10
Description:Few different buffer overflows.
Affected:HP : LoadRunner 11.00
CVE:CVE-2011-4789 (Stack-based buffer overflow in magentservice.exe in the server in HP Diagnostics allows remote attackers to execute arbitrary code via a crafted size value in a packet.)
 CVE-2011-2328 (Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives.)
Original documentdocumentHP, [security bulletin] HPSBMU02785 SSRT100526 rev.2 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) (09.04.2013)

Aastra IP phones backdoor
Published:09.04.2013
Source:
SecurityVulns ID:12999
Type:remote
Threat Level:
5/10
Description:Hardcoded telnet account admin/[M]qozn~
Affected:AASTRA : Aastra 6753i
Original documentdocumentTimo Juhani Lindfors, Aastra IP Telephone hardcoded telnet admin password (09.04.2013)

Subversion multiple security vulnerabilities
Published:09.04.2013
Source:
SecurityVulns ID:13000
Type:remote
Threat Level:
5/10
Description:Multiple DoS conditions
Affected:SUBVERSION : subversion 1.7
CVE:CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.)
 CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.)
 CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.)
 CVE-2013-1846 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.)
 CVE-2013-1845 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.)
Original documentdocumentSLACKWARE, [slackware-security] subversion (SSA:2013-095-01) (09.04.2013)

Multiple vulnerabilities in D-Link devices
Published:09.04.2013
Source:
SecurityVulns ID:13001
Type:remote
Threat Level:
5/10
Description:Code execution, information leakage.
Affected:DLINK : D-Link DIR-300
 DLINK : D-Link DIR-600
 DLINK : D-Link DIR-645
 DLINK : D-Link DIR-815
 DLINK : D-Link DIR-412
 DLINK : D-Link DIR-456U
 DLINK : D-Link DIR-110
Original documentdocumentdevnull_(at)_s3cur1ty.de, Multiple Vulnerabilities in D-Link devices (09.04.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod