Computer Security
[EN] securityvulns.ru no-pyccku


ISC bind named DoS
Published:10.12.2014
Source:
SecurityVulns ID:14139
Type:remote
Threat Level:
7/10
Description:Crash on recursive query parsing. Crash on GeoIP handling.
Affected:ISC : bind 9.10
CVE:CVE-2014-8680 (The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.)
 CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:29.bind (10.12.2014)
Files:CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND
 CVE-2014-8680: Defects in GeoIP features can cause BIND to crash

FreeBSD stdlib fflush vulnereability
Published:10.12.2014
Source:
SecurityVulns ID:14141
Type:library
Threat Level:
7/10
Description:Under some condition, heap buffer overflow can be caused by invalid fflush() behavior.
Affected:FREEBSD : FreeBSD 10.1
CVE:CVE-2014-8611 (The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:27.stdio (10.12.2014)

libmagic / file / fileinfo / PHP security vulnerabilities
updated since 10.12.2014
Published:18.03.2015
Source:
SecurityVulns ID:14140
Type:library
Threat Level:
5/10
Description:Vulnerabilities in ELF parsing.
CVE:CVE-2014-9653 (readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.)
 CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.)
 CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3196-1] file security update (18.03.2015)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:28.file (10.12.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod