 |
|
|
|
| Microsoft telnet NTLM relaying | | Published: |  | 11.08.2009 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 10145 | | Type: |  | m-i-t-m | | Level: |  | 4/10 | | Description: |  | NTLM relaying attack against telnet client authentication is possible. |
| libxml multiple security vulnerability | | Published: | | 11.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10136 | | Type: | | library | | Level: | | 6/10 | | Description: | | Memory use-after-free, stack overflow (exhaustion). |
| Affected: |  | LIBXML : libxml 2.6 | | CVE: |  | CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.) | | | | CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.) |
| OpenJDK multiple security vulnerabilities | | Published: | | 11.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10137 | | Type: | | library | | Level: | | 8/10 | | Description: | | Information leaks, sandbox escape, multiple memory corruptions. |
| Affected: | | OPENJDK : OpenJDK 6.0 | | CVE: | | CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.) | | | | CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet.) | | | | CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.) | | | | CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.) | | | | CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.) | | | | CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.) | | | | CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.) | | | | CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.) | | | | CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.) | | | | CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.) | | | | CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.) | | | | CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.) |
| HP-UX ttrace DoS | | Published: | | 11.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10138 | | Type: | | library | | Level: | | 5/10 | | Description: | | ttrace implementation allows denial of service conditions. |
| Affected: | | HP : HP-UX 11.31 | | CVE: | | CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.) |
| Microsoft ASP.NET DoS | | Published: | | 11.08.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10140 | | Type: | | remote | | Level: | | 6/10 |
| Affected: | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability.") |
| Microsoft Windows media files processing memory corruption | | Published: | | 11.08.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10141 | | Type: | | library | | Level: | | 8/10 | | Description: | | Memory corruptions and integer overflows on AVI processing. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability.") | | | | CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability.") |
Microsoft WINS multiple security vulnerabilities
updated since 11.08.2009 | | Published: | | 12.08.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10142 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Integer overflow, heap buffer overflow. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2003 Server | | CVE: | | CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability.") | | | | CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability.") |
Microsoft Windows Workstation service memory corruption
updated since 11.08.2009 | | Published: | | 12.08.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10144 | | Type: | | local | | Level: | | 6/10 | | Description: | | Memory corruption on RPC message parsing. |
Microsoft RDP client multiple security vulnerabilities
updated since 11.08.2009 | | Published: | | 12.08.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10146 | | Type: | | client | | Level: | | 7/10 | | Description: | | Memory corruption in ActiveX control, memory corruption on server reply processing. |
Microsoft Windows MSMQ (message queuing) privilege escalation
updated since 11.08.2009 | | Published: | | 12.08.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10143 | | Type: | | local | | Level: | | 6/10 | | Description: | | DoS conditions in the service lead to named channel spoofing possibility. |
Asterisk SIP DoS
updated since 11.08.2009 | | Published: | | 17.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10139 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Stack overlow (exhaustion) on SIP request processing. |
| Affected: | | ASTERISK : Asterisk 1.4 | | | | ASTERISK : Asterisk 1.6 | | CVE: | | CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.) |
|
|
|
|
|
|
|
|
