Computer Security
[EN] securityvulns.ru no-pyccku


Weborf Web server DoS
Published:10.03.2011
Source:
SecurityVulns ID:11495
Type:remote
Threat Level:
5/10
Description:Crash on invalid HTTP request.
Affected:WEBORF : Weborf 0.12
Original documentdocumentRodrigo Escobar, [DCA-2011-0009] Weborf 0.12.4 Denial-of-Service (10.03.2011)

Apple iPhone information leakage
Published:10.03.2011
Source:
SecurityVulns ID:11493
Type:local
Threat Level:
3/10
Description:Information about Wi-Fi keys for Personal Hotspot feature is logged to debugging console.
Affected:APPLE : iPhone OS 4.3
Original documentdocumentLaurent OUDOT at TEHTRI-Security, [TEHTRI-Security] Security and iPhone iOS 4.3 Personal Hotspot feature (10.03.2011)

nbd Network Block Device server buffer overflow
updated since 21.12.2005
Published:10.03.2011
Source:
SecurityVulns ID:5564
Type:remote
Threat Level:
5/10
Affected:NBD : nbd-client 1.2
 NBD : nbd-server 1.2
 NBD : nbd 2.9
CVE:CVE-2011-0530 (Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.)
 CVE-2005-3534 (Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2183-1] nbd security update (10.03.2011)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 924-1] New nbd packages fix potential arbitrary code execution (21.12.2005)

ProFTPD integer overflow
Published:10.03.2011
Source:
SecurityVulns ID:11488
Type:remote
Threat Level:
5/10
Description:Integer overflow in SFTP module.
CVE:CVE-2011-1137 (Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2185-1] proftpd-dfsg security update (10.03.2011)

Wireshark multiple security vulnerabilities
Published:10.03.2011
Source:
SecurityVulns ID:11490
Type:remote
Threat Level:
6/10
Description:Memory corruptions and DoS conditions on different capture files formats and different network protocols parsing.
Affected:WIRESHARK : Wireshark 1.4
 WIRESHARK : Wireshark 1.5
CVE:CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values.)
 CVE-2011-1141 (epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements.)
 CVE-2011-1140 (Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.)
 CVE-2011-1139 (wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field.)
 CVE-2011-0713 (Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file.)
 CVE-2011-0538 (Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:044 ] wireshark (10.03.2011)

Hiawatha Web-server integer overflow
Published:10.03.2011
Source:
SecurityVulns ID:11494
Type:remote
Threat Level:
5/10
Description:Integer overflow via Content-Length.
Affected:HIAWATHA : Hiawatha 7.4
Original documentdocumentRodrigo Escobar, [DCA-2011-0006] Hiawatha 7.4 - Denial-of-Service (10.03.2011)

ISC DHCP server DoS
Published:10.03.2011
Source:
SecurityVulns ID:11496
Type:remote
Threat Level:
5/10
Description:Crash on IPv6 address.
CVE:CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2184-1] isc-dhcp security update (10.03.2011)

Majordomo2 directory traversal
updated since 03.02.2011
Published:10.03.2011
Source:
SecurityVulns ID:11397
Type:remote
Threat Level:
6/10
Description:Directory traversal on help command processing via e-mail or Web.
CVE:CVE-2011-0049 (Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.)
Original documentdocumentNSO Research, NSOADV-2011-003: Majordomo2 'help' Command Directory Traversal (Patch Bypass) (10.03.2011)
 documentmike_(at)_sitewat.ch, Majordomo2 - Directory Traversal (SMTP/HTTP) (03.02.2011)

OpenSLP / VMWare ESX/ESXi SLPD DoS
Published:10.03.2011
Source:
SecurityVulns ID:11491
Type:remote
Threat Level:
5/10
Description:CPU exhaustion vulnerability.
Affected:VMWARE : VMware ESXi 4.1
 VMWARE : VMWare ESX 4.1
CVE:CVE-2010-3609 (The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.)
Original documentdocumentVMWARE, VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. (10.03.2011)

STARTTLS vulnerability in different mail applications
updated since 10.03.2011
Published:04.10.2012
Source:
SecurityVulns ID:11492
Type:m-i-t-m
Threat Level:
3/10
Description:Atacker can inject cleartext commands before TLS phase.
Affected:POSTFIX : Postfix 2.4
 PUREFTPD : Pure-FTPd 1.0
 CYRUS : cyrus-imapd 2.4
 INN : inn 2.5
CVE:CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.)
 CVE-2011-1926 (The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.)
 CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.)
 CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:156 ] inn (04.10.2012)
 documentMANDRIVA, [ MDVSA-2011:100 ] cyrus-imapd (25.05.2011)
 documentWietse Venema, Plaintext injection in STARTTLS (multiple implementations) (10.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod