Computer Security
[EN] securityvulns.ru no-pyccku


Trillian multiple security vulnerabilities
Published:09.12.2008
Source:
SecurityVulns ID:9486
Type:remote
Threat Level:
6/10
Description:Multiple AIM plugin vulnerabilities, HTML parsing vulnerabilities for multiple protocols.
Original documentdocumentZDI, ZDI-08-079: Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability (09.12.2008)
 documentZDI, ZDI-08-078: Trillian IMG SRC ID Memory Corruption Vulnerability (09.12.2008)
 documentZDI, ZDI-08-077: Trillian AIM IMG Tag Parsing Stack Overflow Vulnerability (09.12.2008)

PHP php_getuid() invalid implementation
Published:09.12.2008
Source:
SecurityVulns ID:9487
Type:library
Threat Level:
5/10
Description:Under some conditions user's uid or gid may be incorrectly identified.
Affected:PHP : PHP 5,2
Original documentdocumentMaksymilian Arciemowicz, SecurityReason: PHP 5.2.6 SAPI php_getuid() overload (09.12.2008)

PHP proc_open() safe_mode bypass
Published:09.12.2008
Source:
SecurityVulns ID:9490
Type:local
Threat Level:
6/10
Description:It's possible to execute any code from shared library via proc_open().
Affected:PHP : PHP 5.2
Original documentdocumentgat3way_(at)_gat3way.eu, PHP safe_mode can be bypassed via proc_open() and custom environment. (09.12.2008)
Files:Exploits PHP safe_mode bypass via proc_open()

DoS against multiple e-mail applications and anti-viruses
Published:09.12.2008
Source:
SecurityVulns ID:9491
Type:remote
Threat Level:
6/10
Description:MIME messages with large recursion level may cause application to hang or crash.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 OPERA : Opera 9.51
 INCREDIMAIL : Incredimail 5853710
 SYMANTEC : Norton Internet Security 15.5
 ESET : NOD32 2.70
 KASPERSKY : Kaspersky Internet Security 2009
Original documentdocumentbruhns_(at)_recurity-labs.com, DoS attacks on MIME-capable software via complex MIME emails (09.12.2008)

Microsoft SQL Server 2000 sp_replwritetovarbin privilege escalation
updated since 09.12.2008
Published:11.12.2008
Source:
SecurityVulns ID:9489
Type:local
Threat Level:
6/10
Description:It's possible to overwrite process internal data and execute code in server context.
Affected:MICROSOFT : SQL Server 2000
 MICROSOFT : SQL Server 2005
Original documentdocumentSEC Consult Vulnerability Lab, Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209) (11.12.2008)
 documentSEC Consult Vulnerability Lab, [Full-disclosure] SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability (09.12.2008)

Linux kernel multiple security vulnerabilities
updated since 09.12.2008
Published:29.12.2008
Source:
SecurityVulns ID:9488
Type:local
Threat Level:
6/10
Description:Double listen() on the same socket causes creation of unassigned vcc table entry, which causes infinite loop in kernel on attempt to cat vc table. inotify subsystem race conditions allow privilege escalation, socket-related memory exhaustion. chip_command() NULL pointer dereference. HFS file sytem mounting buffer overflow.
Affected:LINUX : kernel 2.6
CVE:CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.)
 CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.)
 CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.)
 CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.)
 CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:246 ] kernel (29.12.2008)
 documentHugo Dias, CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table (09.12.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod