Computer Security
[EN] securityvulns.ru no-pyccku


libpurple / Pidgin buffer overflow
updated since 01.09.2008
Published:09.06.2009
Source:
SecurityVulns ID:9250
Type:library
Threat Level:
6/10
Description:Buffer overflow on MSN SLP messages parsing.
Affected:PIDGIN : Pidgin 2.4
CVE:CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.)
 CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.)
Original documentdocumentZDI, ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (09.06.2009)
 documentZDI, ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (01.09.2008)

ImageMagick integer overflow
Published:09.06.2009
Source:
SecurityVulns ID:9971
Type:library
Threat Level:
5/10
Description:Memory corruption on TIFF dimensions procesing.
Affected:IMAGEMAGICK : ImageMagick 6.5
CVE:CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.)
Original documentdocumentUBUNTU, [USN-784-1] ImageMagick vulnerability (09.06.2009)

Rasterbar / libtorrent / firetorrent / qBittorrent / deluge Torrent directory traversal
Published:09.06.2009
Source:
SecurityVulns ID:9973
Type:library
Threat Level:
6/10
Description:Directory traversal on .torrent files processing.
Affected:LIBTORRENT : libtorrent 0.14
CVE:CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.)
Original documentdocumentDimitris Glynos, Rasterbar libtorrent arbitrary file overwrite vulnerability (09.06.2009)

eCryptfs information leak
Published:09.06.2009
Source:
SecurityVulns ID:9974
Type:remote
Threat Level:
5/10
Description:mount passphrase may be logged to installation log.
Affected:ECRYPTFS : ecryptfs-utils 73
CVE:CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.)
Original documentdocumentUBUNTU, [USN-783-1] eCryptfs vulnerability (09.06.2009)

Microsoft IIS WevDAV authentication bypass
Published:09.06.2009
Source:
SecurityVulns ID:9977
Type:remote
Threat Level:
6/10
Description:It's possible to access resources? requireing authentication anonymously.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.)
 CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) (09.06.2009)
Files:Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.06.2009
Published:11.06.2009
Source:
SecurityVulns ID:9976
Type:client
Threat Level:
8/10
Description:Crossite data access, multiple memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability.")
 CVE-2009-1531 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2009-1530 (Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2009-1529 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-1528 (Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability.")
 CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability.")
 CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0826 - Internet Explorer Security Zone restrictions bypass (11.06.2009)
 documentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability (11.06.2009)
 documentZDI, ZDI-09-038: Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability (11.06.2009)
 documentZDI, ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability (11.06.2009)
 documentZDI, ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability (11.06.2009)
 documentZDI, ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability (11.06.2009)
 documentZDI, ZDI-09-036: Microsoft Internet Explorer setCapture Memory Corruption Vulnerability (11.06.2009)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [Full-disclosure] CORE-2008-0826 - Internet Explorer Security Zone restrictions bypass (10.06.2009)
Files:Microsoft Security Bulletin MS09-019 - Critical Cumulative Security Update for Internet Explorer (969897)

Microsoft Active Directory multiple security vulnerabilities
updated since 09.06.2009
Published:14.06.2009
Source:
SecurityVulns ID:9975
Type:remote
Threat Level:
7/10
Description:Double free() vulnerability, memory leaks.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability.")
 CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.11.09: Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability (14.06.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) (09.06.2009)
Files:Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

WebKit / Apple Safari multiple security vulnerabilities
updated since 09.06.2009
Published:23.06.2009
Source:
SecurityVulns ID:9972
Type:client
Threat Level:
7/10
Description:Multiple memory corruptions, local files access.
CVE:CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches.")
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.)
 CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.)
 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers.")
 CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.)
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2009.006 - Apple Safari - Null pointer dereference (23.06.2009)
 documentsecurity_(at)_nruns.com, n.runs-SA-2009.005 - Apple Safari - Information disclosure (23.06.2009)
 documentNetragard Security Advisories, [Full-disclosure] [NETRAGARD SECURITY ADVISORY] [< Safari 3.2.3 Arbitrary Code Execution + PoC ][NETRAGARD-20090622] (22.06.2009)
 documentThierry Zoller, [TZO-37-2009] Apple Safari <v4 Remote code execution (16.06.2009)
 documentThierry Zoller, [TZO-36-2009] Apple Safari & Quicktime Denial of Service (16.06.2009)
 documentIDEFENSE, iDefense Security Advisory 06.11.09: Multiple Vendor WebKit Error Handling Use After Free Vulnerability (14.06.2009)
 documentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability (11.06.2009)
 documentChris Evans, Apple Safari cross-domain XML theft vulnerability (10.06.2009)
 documentChris Evans, Apple Safari local file theft vulnerability (09.06.2009)
 documentZDI, ZDI-09-034: Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability (09.06.2009)
 documentZDI, ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (09.06.2009)
 documentZDI, ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability (09.06.2009)
Files: Safari 3.2.3 Arbitrary Code Execution PoC

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod