Search:Vulnerability:10.02.2009 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Nokia N95 / Nokia E90 DoS
Published: 10.02.2009
Source: BUGTRAQ
SecurityVulns ID: 9662
Type: client
Level: 4/10
Description: Device crashes on malformed JPEG parsing.

Affected: NOKIA : Nokia N95
NOKIA : Nokia E90

Original document jplopezy_(at)_gmail.com, Nokia N95-8 JPG crash (10.02.2009)

Discuss: Read or add your comments to this news (0 comments)

OpenCore / Android memory corruption
Published: 10.02.2009
Source: BUGTRAQ
SecurityVulns ID: 9664
Type: library
Level: 5/10
Description: Memory corruption on MP3 parsing.

Affected: OPENCORE : OpenCore 2.0
CVE: CVE-2009-0475 (Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption.)

Original document Will Drewry, [oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding (10.02.2009)

Discuss: Read or add your comments to this news (0 comments)

3COM OfficeConnect routers unauthroized access
Published: 10.02.2009
Source: BUGTRAQ
SecurityVulns ID: 9663
Type: remote
Level: 5/10
Description: Authentication bypass for web pages with sensitive information and device configuration.

Affected: 3COM : 3COM 3CRWE554G72

Original document luca.caretton_(at)_ikkisoft.com, 3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass (10.02.2009)

Discuss: Read or add your comments to this news (0 comments)

ZeroShell unauthorized access
Published: 10.02.2009
Source: BUGTRAQ
SecurityVulns ID: 9667
Type: remote
Level: 5/10
Description: Command executionthorugh web interface.

Affected: ZEROSHELL : ZeroShell 1.0

Original document Luca Carettoni, ZeroShell <= 1.0beta11 Remote Code Execution (10.02.2009)

Discuss: Read or add your comments to this news (0 comments)

Trend Micro InterScan Web Security Appliance / Trend Micro InterScan Web Security Suite information leak
Published: 10.02.2009
Source: BUGTRAQ
SecurityVulns ID: 9665
Type: client
Level: 6/10
Description: Proxy-Authorization header is not removed from client request, leaking proxy username/password.

Original document david.vorel_(at)_honeynet.cz, Trend micro - IWSVA/IWSS - Authorization module password leak (10.02.2009)

Discuss: Read or add your comments to this news (0 comments)

OpenSSL / ntp / bind / boinc certificate validation cryptographic vulnerabilities
updated since 09.01.2009
Published: 10.02.2009
Source: BUGTRAQ
SecurityVulns ID: 9564
Type: library
Level: 7/10
Description: Multiple vulnerabilities in SSL/TLS DSA/ECDSA certificate chain validations.

Affected: OPENSSL : OpenSSL 0.9
BIND : bind 9.3
BIND : bind 9.4
NTP : ntp 4.2
LASSO : lasso 2.2
BOINC : boinc 5.4
CVE: CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.)
CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.)
CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.)
CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.)
CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.)

Original document DEBIAN, [SECURITY] [DSA 1718-1] New boinc packages fix validation bypass (10.02.2009)

DEBIAN, [SECURITY] [DSA 1700-1] New lasso packages fix validation bypass (14.01.2009)

FREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:02.openssl (09.01.2009)

Will Drewry, [oCERT-2008-016] Multiple OpenSSL signature verification API misuses (09.01.2009)

Discuss: Read or add your comments to this news (0 comments)

Netgear SSL312 VPN router DoS
Published: 10.02.2009
Source: FULL-DISCLOSURE
SecurityVulns ID: 9668
Type: remote
Level: 5/10
Description: DoS thorugh Web interface.

Affected: NETGEAR : Netgear SSL312

Original document rembrandt_(at)_jpberlin.de, [Full-disclosure] Netgear SSL312 Router - remote DoS (10.02.2009)

rembrandt_(at)_jpberlin.de, [Full-disclosure] Netgear SSL312 Router - remote DoS (10.02.2009)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 10.02.2009
Source:
SecurityVulns ID: 9666
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PYBLOSXOM : PyBlosxom 1.4
DRUPAL : Drupal 6.9
BUSINESSSPACE : BusinessSpace 1.2

Original document adv_(at)_e-rdc.org, [ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability (10.02.2009)

rasool.nasr_(at)_gmail.com, LFI in Drupal CMS (10.02.2009)

Nam Nguyen, [BMSA-2009-02] XML injection in PyBlosxom (10.02.2009)

Discuss: Read or add your comments to this news (0 comments)

test server