Computer Security
[EN] securityvulns.ru no-pyccku


GRUB 2 password bypass
Published:10.12.2009
Source:
SecurityVulns ID:10461
Type:local
Threat Level:
5/10
Description:Error in password protection allows to boot system by guessing first character of the password.
Affected:GNU : GRUB 2 1.97
CVE:CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.)
Original documentdocumentUBUNTU, [USN-868-1] GRUB 2 vulnerability (10.12.2009)

CA Service Desk crossite scripting
Published:10.12.2009
Source:
SecurityVulns ID:10463
Type:remote
Threat Level:
5/10
Description:freeaccess.spl and webengine CGIs are vulnerable to crossite scripting.
Affected:CA : CA Service Desk 12.1
CVE:CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.)
Original documentdocumentCA, CA20091208-01: Security Notice for CA Service Desk (10.12.2009)

HP OpenView NNM multiple security vulnerabilities
updated since 09.12.2009
Published:10.12.2009
Source:
SecurityVulns ID:10460
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities in different CGI applications.
Affected:HP : OpenView Network Node Manager 7.51
CVE:CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.)
 CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.)
 CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.)
 CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.)
 CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.)
 CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.)
 CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.)
 CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.)
 CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.)
 CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.)
 CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.)
Original documentdocumentHP, [security bulletin] HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (10.12.2009)
 documentZDI, TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability (10.12.2009)
 documentZDI, TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability (09.12.2009)
 documentZDI, TPTI-09-10: HP OpenView NNM webappmon.exe CGI Host Header Buffer Overflow Vulnerability (09.12.2009)
 documentZDI, TPTI-09-09: HP OpenView NNM ovsessionmgr.exe userid/passwd Heap Overflow Vulnerability (09.12.2009)
 documentZDI, TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-096: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability (09.12.2009)
 documentZDI, ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities (09.12.2009)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009
Published:10.12.2009
Source:
SecurityVulns ID:10453
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, code execution.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.)
 CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.)
 CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.)
 CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.08.09: Microsoft Internet Explorer HTML Layout Engine Uninitialized Memory Vulnerability (10.12.2009)
 documentZDI, ZDI-09-088: Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability (09.12.2009)
 documentZDI, ZDI-09-087: Microsoft Internet Explorer CSS Race Condition Code Execution Vulnerability (09.12.2009)
 documentZDI, ZDI-09-086: Microsoft Internet Explorer XHTML DOM Manipulation Memory Corruption Vulnerability (09.12.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325) (09.12.2009)
Files:Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325)

Microsoft Wordpad / Office Text Converters memory corruption
updated since 09.12.2009
Published:10.12.2009
Source:
SecurityVulns ID:10454
Type:client
Threat Level:
6/10
Description:Memory corruption on Office 97 documents parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Office XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Office 2003
CVE:CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.08.09: Microsoft WordPad Word97 Converter Integer Overflow Vulnerability (10.12.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) (09.12.2009)
Files:Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

Symantec Veritas multiple applications unauthorized access
updated since 10.12.2009
Published:15.12.2009
Source:
SecurityVulns ID:10462
Type:remote
Threat Level:
7/10
Description:Authentication bypass in TCP/14300 VRTSweb.exe allows code execution.
Affected:HP : HP-UX 11.23
 HP : HP-UX 11.31
 SYMANTEC : Backup Exec Continuous Protection Server 12.5
 SYMANTEC : Veritas NetBackup Operations Manager 6.5
 SYMANTEC : Veritas Backup Reporter 6.6
 SYMANTEC : Veritas Storage Foundation 3.5
 SYMANTEC : Veritas Storage Foundation for Windows High Availability 5.1
 SYMANTEC : Veritas Storage Foundation for High Availability 3.5
 SYMANTEC : Veritas Storage Foundation for Oracle 5.0
 SYMANTEC : Veritas Storage Foundation for DB2 5.0
 SYMANTEC : Veritas Storage Foundation for Sybase 5.0
 SYMANTEC : Veritas Storage Foundation for Oracle Real Application Cluster 5.0
 SYMANTEC : Veritas Storage Foundation Manager 1.1
 SYMANTEC : Veritas Storage Foundation Manager 2.0
 SYMANTEC : Veritas Cluster Server 5.0
 SYMANTEC : Veritas Cluster Server One 2.0
 SYMANTEC : Veritas Application Director 1.1
 SYMANTEC : Veritas Cluster Server Management Console 5.5
 SYMANTEC : Veritas Storage Foundation Cluster File System 5.0
 SYMANTEC : Veritas Storage Foundation Cluster File System for Oracle RAC 5.0
 SYMANTEC : Veritas Command Central Storage 5.1
 SYMANTEC : Veritas Command Central Enterprise Reporter 5.1
 SYMANTEC : Veritas Command Central Storage Change Manager 5.1
 SYMANTEC : Veritas MicroMeasure 5.0
 SYMANTEC : VRTSweb 5.0
CVE:CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1)
Original documentdocumentHP, [security bulletin] HPSBUX02480 SSRT090253 rev.1 - HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege (15.12.2009)
 documentZDI, ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability (10.12.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod