Computer Security
[EN] securityvulns.ru no-pyccku


PBS Pro symbolic links vulnerability
Published:11.07.2010
Source:
SecurityVulns ID:10984
Type:local
Threat Level:
5/10
Description:Symbolic links vulnerability on temporary files creation.
Affected:PBSPRO : PBS Pro 10.3
Original documentdocumentBartlomiej Balcerek, PBS Pro race condition vulnerability (11.07.2010)

pam motd privilege escalation
Published:11.07.2010
Source:
SecurityVulns ID:10985
Type:local
Threat Level:
6/10
CVE:CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.)
Original documentdocumentUBUNTU, [USN-959-1] PAM vulnerability (11.07.2010)

libpng multiple security vulnerabilities
Published:11.07.2010
Source:
SecurityVulns ID:10982
Type:library
Threat Level:
6/10
Description:Memory corruption, resources exhaustion on PNG parsing.
Affected:libpng : libpng 1.2
 libpng : libpng 1.4
CVE:CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.)
 CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.)
Original documentdocumentUBUNTU, [USN-960-1] libpng vulnerabilities (11.07.2010)

Cisco Industrial Ethernet 3000 switches unauthorized access
Published:11.07.2010
Source:
SecurityVulns ID:10980
Type:remote
Threat Level:
5/10
Description:Undeletable SNMP communities public and private.
Affected:CISCO : Cisco Industrial Ethernet 3000
CVE:CVE-2010-1574 (IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.)
Original documentdocumentCISCO, Cisco Security Advisory: Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability (11.07.2010)

Heimdal Kerberos server DoS
Published:11.07.2010
Source:
SecurityVulns ID:10981
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on GAA-API token parsing.
Affected:HEIMDAL : heimdal 1.2
CVE:CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:130 ] heimdal (11.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod