Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft telnet NTLM relaying
Published:11.08.2009
Source:
SecurityVulns ID:10145
Type:m-i-t-m
Threat Level:
4/10
Description:NTLM relaying attack against telnet client authentication is possible.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-042 - Important Vulnerability in Telnet Could Allow Remote Code Execution (960859) (11.08.2009)
Files:Microsoft Security Bulletin MS09-042 - Important Vulnerability in Telnet Could Allow Remote Code Execution (960859)

libxml multiple security vulnerability
Published:11.08.2009
Source:
SecurityVulns ID:10136
Type:library
Threat Level:
6/10
Description:Memory use-after-free, stack overflow (exhaustion).
Affected:LIBXML : libxml 2.6
CVE:CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.)
 CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1859-1] New libxml2 packages fix several issues (11.08.2009)

OpenJDK multiple security vulnerabilities
Published:11.08.2009
Source:
SecurityVulns ID:10137
Type:library
Threat Level:
8/10
Description:Information leaks, sandbox escape, multiple memory corruptions.
Affected:OPENJDK : OpenJDK 6.0
CVE:CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.)
 CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.)
 CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.)
 CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.)
 CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.)
 CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.)
 CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.)
 CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.)
 CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.)
 CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.)
 CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.)
 CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.)
Original documentdocumentUBUNTU, [USN-814-1] openjdk-6 vulnerabilities (11.08.2009)

HP-UX ttrace DoS
Published:11.08.2009
Source:
SecurityVulns ID:10138
Type:library
Threat Level:
5/10
Description:ttrace implementation allows denial of service conditions.
Affected:HP : HP-UX 11.31
CVE:CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.)
Original documentdocumentHP, [security bulletin] HPSBUX02450 SSRT090141 rev1 - HP-UX ttrace(2), Local Denial of Service (DoS) (11.08.2009)

Microsoft ASP.NET DoS
Published:11.08.2009
Source:
SecurityVulns ID:10140
Type:remote
Threat Level:
6/10
Affected:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-036 - Important Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) (11.08.2009)

Microsoft Windows media files processing memory corruption
Published:11.08.2009
Source:
SecurityVulns ID:10141
Type:library
Threat Level:
8/10
Description:Memory corruptions and integer overflows on AVI processing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability.")
 CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-038 - Critical Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557) (11.08.2009)
Files:Microsoft Security Bulletin MS09-038 - Critical Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)

Microsoft WINS multiple security vulnerabilities
updated since 11.08.2009
Published:12.08.2009
Source:
SecurityVulns ID:10142
Type:remote
Threat Level:
7/10
Description:Integer overflow, heap buffer overflow.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability.")
 CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability.")
Original documentdocumentZDI, ZDI-09-053: Microsoft Windows WINS Service Heap Overflow Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883) (11.08.2009)
Files:Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

Microsoft Windows Workstation service memory corruption
updated since 11.08.2009
Published:12.08.2009
Source:
SecurityVulns ID:10144
Type:local
Threat Level:
6/10
Description:Memory corruption on RPC message parsing.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability.")
Original documentdocumentDVLabs, TPTI-09-06: Microsoft Windows Workstation Service NetrGetJoinInformation Heap Corruption Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-041 - Important Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657) (11.08.2009)
Files:Microsoft Security Bulletin MS09-041 - Important Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)

Microsoft RDP client multiple security vulnerabilities
updated since 11.08.2009
Published:12.08.2009
Source:
SecurityVulns ID:10146
Type:client
Threat Level:
7/10
Description:Memory corruption in ActiveX control, memory corruption on server reply processing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Remote Desktop Connection Client for Mac 2.0
CVE:CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability.")
 CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability.")
Original documentdocumentZDI, ZDI-09-057: Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-044 - Critical Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) (11.08.2009)
Files:Microsoft Security Bulletin MS09-044 - Critical Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

Microsoft Windows MSMQ (message queuing) privilege escalation
updated since 11.08.2009
Published:12.08.2009
Source:
SecurityVulns ID:10143
Type:local
Threat Level:
6/10
Description:DoS conditions in the service lead to named channel spoofing possibility.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability.")
Original documentdocumentValery Marchuk, [PT-2008-09] Microsoft Windows MSMQ Privilege Escalation Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-040 - Important Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) (11.08.2009)
Files:Microsoft Security Bulletin MS09-040 - Important Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

Asterisk SIP DoS
updated since 11.08.2009
Published:17.08.2009
Source:
SecurityVulns ID:10139
Type:remote
Threat Level:
6/10
Description:Stack overlow (exhaustion) on SIP request processing.
Affected:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
CVE:CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.)
Original documentdocumentMu Dynamics Research Team, Multiple sscanf vulnerabilities in Asterisk [MU-200908-01] (17.08.2009)
 documentASTERISK, AST-2009-005: Remote Crash Vulnerability in SIP channel driver (11.08.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod