Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Active Directory Federation Service multiple security vulnerabilities
Published:09.12.2009
Source:
SecurityVulns ID:10451
Type:remote
Threat Level:
7/10
Description:Code execution, session hijack.
Affected:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability.")
 CVE-2009-2508 (The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-070 - Important Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) (09.12.2009)
Files:Microsoft Security Bulletin MS09-070 - Important Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

Microsoft Internet Authentication Service multiple security vulnerabilities
Published:09.12.2009
Source:
SecurityVulns ID:10452
Type:remote
Threat Level:
7/10
Description:MS-CHAP authentication bypass, memory corruption.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability.")
 CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-071 - Critical Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) (09.12.2009)
Files:Microsoft Security Bulletin MS09-071 - Critical Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)

Adobe Flash Player multiple security vulnerabilities
Published:09.12.2009
Source:
SecurityVulns ID:10457
Type:remote
Threat Level:
8/10
Description:Buffer overflow on JPEG parsing, integer overflow on ActionScript execution.
Affected:ADOBE : Flash Player 10.0
 ADOBE : AIR 1.5
CVE:CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.)
 CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers.")
 CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.)
 CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.)
 CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability.")
 CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.)
Original documentdocumentADOBE, ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-093: Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-092: Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability (09.12.2009)
Files:Adobe - Security Bulletin APSB09-19 Security Advisory for Adobe Flash Player

Mozilla Firefox dialog spoofing
Published:09.12.2009
Source:
SecurityVulns ID:10449
Type:client
Threat Level:
4/10
Description:It's possible to spoof form URL.
CVE:CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.)
 CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.)
Original documentdocumenttcphttp, Mozilla Firefox JavaScript Prompt Spoofing Weakness (09.12.2009)

Microsoft Windows DoS
Published:09.12.2009
Source:
SecurityVulns ID:10450
Type:remote
Threat Level:
7/10
Description:LSASS DoS on ISAKMP IPSec messages parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-069 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) (09.12.2009)
Files:Microsoft Security Bulletin MS09-069 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

Microsoft Project memory corruption
Published:09.12.2009
Source:
SecurityVulns ID:10455
Type:client
Threat Level:
6/10
Description:Memory corruption on Microsoft Office files parsing.
Affected:MICROSOFT : Project 2000
 MICROSOFT : Project 2002
 MICROSOFT : Project 2003
CVE:CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability.")
Original documentdocumentliubing, Fortinet Advisory: Fortinet Discovers Microsoft Office Project Vulnerability (09.12.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-074 - Critical Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) (09.12.2009)
Files:Microsoft Security Bulletin MS09-074 - Critical Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.12.2009
Source:
SecurityVulns ID:10459
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPSHOP : PHPShop 0.8
 INVISION : Invision Power Board 3.0
 PIWIK : Piwik 0.4
 PHPIDS : PHPIDS 0.6
Original documentdocumentStefan Esser, Advisory 02/2009: PHPIDS Unserialize() Vulnerability (09.12.2009)
 documentStefan Esser, Advisory 03/2009: Piwik Cookie unserialize() Vulnerability (09.12.2009)
 documentBogdan Calin, Zen Cart local file disclosure vulnerability (09.12.2009)
 documentXacker, IPB v2.x up to 3.0.4 XSS vulnerability (09.12.2009)
 documentAndrea Fabrizi, PhpShop Multiple Vulnerabilities (09.12.2009)

HP OpenView Data Protector Application Recovery Manager DoS
updated since 08.12.2009
Published:09.12.2009
Source:
SecurityVulns ID:10446
Type:remote
Threat Level:
5/10
Affected:HP : OpenView Data Protector Application Recovery Manager 6.0
 HP : OpenView Data Protector Application Recovery Manager 5.50
CVE:CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.)
Original documentdocumentZDI, ZDI-09-091: Hewlett-Packard Application Recovery Manager MSG_PROTOCOL Stack Overflow Vulnerability (09.12.2009)
 documentHP, [security bulletin] HPSBMA02481 SSRT090113 rev.1 - HP OpenView Data Protector Application Recovery Manager, Remote Denial (08.12.2009)

U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation
updated since 04.12.2009
Published:09.12.2009
Source:
SecurityVulns ID:10441
Type:local
Threat Level:
5/10
Description:Application executes all executables with predefined names found in system.
Original documentdocumentFrank Stuart, UPDATE: DISA Unix SRR root compromise / CVE-2009-4211 / VU#433821 (09.12.2009)
 documentFrank Stuart, U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) root compromise / VU#433821 (04.12.2009)

ntp server DoS
Published:09.12.2009
Source:
SecurityVulns ID:10458
Type:remote
Threat Level:
5/10
Description:NTP packet from the spoofed address of server itself causes resources exhaustion.
Affected:NTP : ntp 4.2
CVE:CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.)
Original documentdocumentUBUNTU, [USN-867-1] Ntp vulnerability (09.12.2009)

HP OpenView NNM multiple security vulnerabilities
updated since 09.12.2009
Published:10.12.2009
Source:
SecurityVulns ID:10460
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities in different CGI applications.
Affected:HP : OpenView Network Node Manager 7.51
CVE:CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.)
 CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.)
 CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.)
 CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.)
 CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.)
 CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.)
 CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.)
 CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.)
 CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.)
 CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.)
 CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.)
Original documentdocumentHP, [security bulletin] HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (10.12.2009)
 documentZDI, TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability (10.12.2009)
 documentZDI, TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability (09.12.2009)
 documentZDI, TPTI-09-10: HP OpenView NNM webappmon.exe CGI Host Header Buffer Overflow Vulnerability (09.12.2009)
 documentZDI, TPTI-09-09: HP OpenView NNM ovsessionmgr.exe userid/passwd Heap Overflow Vulnerability (09.12.2009)
 documentZDI, TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-096: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities (09.12.2009)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009
Published:10.12.2009
Source:
SecurityVulns ID:10453
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, code execution.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.)
 CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.)
 CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.)
 CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.08.09: Microsoft Internet Explorer HTML Layout Engine Uninitialized Memory Vulnerability (10.12.2009)
 documentZDI, ZDI-09-088: Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability (09.12.2009)
 documentZDI, ZDI-09-087: Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability (09.12.2009)
 documentZDI, ZDI-09-086: Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability (09.12.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325) (09.12.2009)
Files:Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325)

Microsoft Wordpad / Office Text Converters memory corruption
updated since 09.12.2009
Published:10.12.2009
Source:
SecurityVulns ID:10454
Type:client
Threat Level:
6/10
Description:Memory corruption on Office 97 documents parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Office XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Office 2003
CVE:CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.08.09: Microsoft WordPad Word97 Converter Integer Overflow Vulnerability (10.12.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) (09.12.2009)
Files:Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod