Computer Security
[EN] securityvulns.ru no-pyccku


vsftpd FTP server memory leak
updated since 12.07.2008
Published:12.07.2008
Source:
SecurityVulns ID:9143
Type:remote
Threat Level:
5/10
Description:Memory leak on invalid authentication attempt leads to memory exhaustion.
CVE:CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.)
Original documentdocumentRPATH, rPSA-2008-0217-1 vsftpd (12.07.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.07.2008
Source:
SecurityVulns ID:9144
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:GAPICMS : gapicms 9.0
 PHPUSERBASE : phpuserbase 1.3
 MORASP : MorASP Anket Sistemi 2.0
Original documentdocumentAlemin_Krali Krali, MorASP Anket Sistemi v2.0 [PID] Bypass Vulnerability (tr) (12.07.2008)
 documentGhost hacker, phpuserbase 1.3 (menu) Remote File Inclusion Vulnerability (12.07.2008)
 documentGhost hacker, gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability (12.07.2008)
 documentAlemin_Krali Krali, OkulAjansi [ID] Remote SQL Injection Vulnerability (12.07.2008)

Apache multiple DoS conditions
Published:12.07.2008
Source:
SecurityVulns ID:9145
Type:remote
Threat Level:
6/10
Description:mod_proxy requests recursion, mod_ssl memory leak.
Affected:APACHE : Apache 2.2
CVE:CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.)
 CVE-2008-1678
Original documentdocumentGENTOO, [ GLSA 200807-06 ] Apache: Denial of Service (12.07.2008)

Novell eDirectory multiple security vulnerabilities
Published:12.07.2008
Source:
SecurityVulns ID:9146
Type:remote
Threat Level:
6/10
Description:Integer overflows, memory corruptions.
Affected:NOVELL : eDirectory 8.7
 NOVELL : eDirectory 8.8
CVE:CVE-2008-1809
Original documentdocumentZDI, ZDI-08-041: Novell eDirectory dhost Integer Overflow Code Execution Vulnerability (12.07.2008)
 documentIDEFENSE, iDefense Security Advisory 07.09.08: Novell eDirectory LDAP Search Request Heap Corruption Vulnerability (12.07.2008)

Apple Core Image Fun House buffer overflow
Published:12.07.2008
Source:
SecurityVulns ID:9148
Type:client
Threat Level:
5/10
Description:Buffer overflow on .funhouse files parsing.
Affected:APPLE : Core Image Fun House 2.0
Original documentdocumentNetragard Security Advisories, [NETRAGARD SECURITY ADVISORY][Apple Core Image Fun House <= 2.0 OS X -- Arbitrary Code Execution][NETRAGARD-20080711] (12.07.2008)

Sun Java multiple security vulnerabilities
Published:12.07.2008
Source:
SecurityVulns ID:9147
Type:library
Threat Level:
7/10
Description:8 different vulnerabilities, including privilege escalation, sandbox protection bypass and code excutions.
Affected:SUN : JRE 1.3
 SUN : JDK 1.3
 SUN : JDK 1.4
 ORACLE : JRE 1.4
 SUN : JRE 5.0
 ORACLE : JDK 5.0
 ORACLE : Jre 6.0
 ORACLE : JDK 6.0
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-193A -- Sun Java Updates for Multiple Vulnerabilities (12.07.2008)

Multiple DNS servers and clients DNS records spoofing
updated since 12.07.2008
Published:29.07.2008
Source:
SecurityVulns ID:9142
Type:client
Threat Level:
6/10
Description:DNS poisoning attack may be used to spoof query results.
Affected:CISCO : IOS 12.2
 CISCO : IOS 12.3
 BIND : bind 9.3
 CISCO : IOS 12.4
 PDNS : pdns-recursor 3.1
 PYTHON : python-dns 2.3
CVE:CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.)
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing (29.07.2008)
 documentI)ruid, CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit (25.07.2008)
 documentDEBIAN, [SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness (18.07.2008)
 documentCISCO, Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks (12.07.2008)
 documentDEBIAN, [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver (12.07.2008)
Files:DNS BailiWicked Host Attack
 Tool: PorkBind Nameserver Security Scanner

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod