Computer Security
[EN] securityvulns.ru no-pyccku


Trend Micro antiviral products multiple security vulnerabilities
updated since 22.08.2007
Published:11.09.2007
Source:
SecurityVulns ID:8084
Type:remote
Threat Level:
7/10
Description:Buffer overflow in SSAPI engine on oversized local path. Buffer overflow in ServerProtect on different TCP/5168 RPC requests.
CVE:CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.)
 CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.)
 CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.)
 CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.)
Original documentdocumentZDI, ZDI-07-051: Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability (11.09.2007)
 documentZDI, ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability (11.09.2007)
 documentIDEFENSE, iDefense Security Advisory 08.21.07: Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability (22.08.2007)
 documentIDEFENSE, iDefense Security Advisory 08.21.07: Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities (22.08.2007)
 documentIDEFENSE, iDefense Security Advisory 08.20.07: Trend Micro SSAPI Long Path Buffer Overflow Vulnerability (22.08.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.09.2007
Source:
SecurityVulns ID:8131
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DIRECTADMIN : DirectAdmin 1.30
 OLATE : Olate Download 3.4
 ROIREVOLUTION : Urchin 5.6
 INTERSPIRE : ActiveKB NX 2.5
 CARE2X : CARE2X 2.2
 TOMS : Toms Gastebuch 1.0
 NETJUKE : Netjuke 1.0
 PHPMYQUOTE : phpMyQuote 0.20
 HUSREV : Husrev Forums 2.0
 PROXYANKET : Proxy Anket 3.0
 NUCLEARBB : NuclearBB Alpha 2
Original documentdocumentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] social-networkin SQL Injection (11.09.2007)
 documentb14ck1c3_(at)_hotmail.com, NuclearBB Alpha 2 Remote File Inclusion (11.09.2007)
 documentyollubunlar_(at)_yollubunlar.org, Husrev Forums v2.0.1:PoWerBoard Sql (11.09.2007)
 documentyollubunlar_(at)_yollubunlar.org, Proxy Anket v3.0.1 Sql injection Vulnerable (11.09.2007)
 documentyollubunlar_(at)_yollubunlar.org, phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities (11.09.2007)
 documentcod3in_(at)_gmail.com, Netjuke 1.0-rc2 - sql injection & XSS (11.09.2007)
 documentcod3in_(at)_gmail.com, Toms Gstebuch 1.00 - XSS (11.09.2007)
 documentimei, Olate Download 3.4.2~uploads folder ~ directory traversal (11.09.2007)
 documentimei, Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files (11.09.2007)
 documenthome_edition2001_(at)_irc.mildnet.org, SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion (11.09.2007)
 documentIvan Niiiil, CARE2X php Integ Hospital Info System 2G Deployment 2.2 Multi Remote File Include (11.09.2007)
 documentIvan Niiiil, CRS Manager ($DOCUMENT_ROOT) Multi Remote File Include (11.09.2007)
 documentr0t, DirectAdmin <= v1.30.2 XSS vuln. (11.09.2007)
 documentnoname indexed, XSS UMI CMS (11.09.2007)
 documentdurito, XXS в ActiveKB NX 2.5.4 (11.09.2007)
 documentr0t, Urchin Multiple XSS vuln. (11.09.2007)

IBM DB2 buffer overflow
Published:11.09.2007
Source:
SecurityVulns ID:8132
Type:local
Threat Level:
5/10
Description:Buffer overflow in sysproc.auth_list_groups_for_authid function.
Affected:IBM : DB2 9.1
Original documentdocumentSHATTER, Team SHATTER Advisory: IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid (11.09.2007)

id3lib symbolic links security vulnerability
Published:11.09.2007
Source:
SecurityVulns ID:8133
Type:local
Threat Level:
5/10
CVE:CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1365-1] New id3lib3.8.3 packages fix denial of service (11.09.2007)

PHP safemode bypass
Published:11.09.2007
Source:
SecurityVulns ID:8134
Type:local
Threat Level:
5/10
Description:By using LOAD_FILE, INTO DUMPFILE, INTO OUTFILE SQL modifiers it's possible to access files behind basedir.
Affected:PHP : PHP 5.2
Original documentdocumentlaurent gaffie, PHP <=5.2.4 open_basedir bypass & code exec & denial of service (11.09.2007)
 documentlaurent gaffie, PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass (11.09.2007)

Samba nss_info extension privilege escalation
Published:11.09.2007
Source:
SecurityVulns ID:8135
Type:local
Threat Level:
5/10
Description:Gid 0 is assigned to user, if "winbind nss info" configuration parameter has value "sfu" or "rfc2307".
Affected:SAMBA : Samba 3.0
CVE:CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.)
Original documentdocumentSAMBA, [SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default (11.09.2007)

Microsoft Visual Studio RPT files code execution
Published:11.09.2007
Source:
SecurityVulns ID:8137
Type:client
Threat Level:
5/10
CVE:CVE-2006-6133 (Stack-based buffer overflow in Business Objects Crystal Reports XI Professional has unknown impact and user-assisted attack vectors related to a crafted .RPT file.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-052 - Important (11.09.2007)
Files:Microsoft Security Bulletin MS07-052 - Important Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)

Microsoft Windows Services for UNIX privilege escalation
Published:11.09.2007
Source:
SecurityVulns ID:8138
Type:local
Threat Level:
5/10
Description:Invalid suid files handling.
Affected:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Services for UNIX 3.5
 MICROSOFT : Windows Services for UNIX 3.0
 MICROSOFT : Windows Vista
CVE:CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-053 - Important Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778) (11.09.2007)
Files:Microsoft Security Bulletin MS07-053 - Important Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

Microsoft MSN Messenger / Windows Live Messenger memory corruption
Published:11.09.2007
Source:
SecurityVulns ID:8139
Type:client
Threat Level:
7/10
Description:Memory corruption on Webcam or Video Chat session establishment.
Affected:MICROSOFT : MSN Messenger 6.2
 MICROSOFT : Windows Live Messenger 8.0
 MICROSOFT : MSN Messenger 7.5
 MICROSOFT : MSN Messenger 7.0
CVE:CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live Messenger before 8.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam sessions.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-054 - Important Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099) (11.09.2007)
Files:Microsoft Security Bulletin MS07-054 - Important Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)

Symantec Antivirus privilege escalation
updated since 12.07.2007
Published:11.09.2007
Source:
SecurityVulns ID:7922
Type:local
Threat Level:
6/10
Description:It's possible to overwrite system memory regions with IOCTL 0x83022323 of \\symTDI\ device.
Affected:SYMANTEC : Symantec AntiVirus 5.5
Original documentdocumentSYMANTEC, Symantec Product Security: Symantec Device Driver Local Elevation of Privilege (11.09.2007)
 documentIDEFENSE, iDefense Security Advisory 07.11.07: Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability (12.07.2007)

Microsoft Agent ActiveX buffer overflow
updated since 11.09.2007
Published:12.09.2007
Source:
SecurityVulns ID:8136
Type:client
Threat Level:
6/10
Description:Buffer overflow on oversized URL.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
CVE:CVE-2007-3040 (Stack-based buffer overflow in the Agent.Control function in Microsoft Agent ActiveX control (agentdpv.dll) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL, a different issue than CVE-2007-1205.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 09.11.07: Microsoft Windows 2000 Agent URL Canonicalizing Stack Based Buffer Overflow Vulnerability (12.09.2007)
 documentVR-Subscription-noreply_(at)_assurent.com, Assurent VR - Microsoft Agent Crafted URL Stack Buffer Overflow (11.09.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-051 - Critical Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827) (11.09.2007)
Files:Microsoft Security Bulletin MS07-051 - Critical Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod