Computer Security
[EN] securityvulns.ru no-pyccku


Dovecot insufficient SSL certificates validation
Published:12.12.2011
Source:
SecurityVulns ID:12084
Type:m-i-t-m
Threat Level:
4/10
Description:Insuficcient certificate validation if used as an SSL proxy.
Affected:DOVECOT : Dovecot 2.0
CVE:CVE-2011-4318 (Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.)
Original documentdocumentUBUNTU, [USN-1295-1] Dovecot vulnerability (12.12.2011)

ACPI scripts privilege escalation
Published:12.12.2011
Source:
SecurityVulns ID:12085
Type:local
Threat Level:
5/10
Description:invalid power button events processing, invalid umsk handling.
CVE:CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.)
 CVE-2011-2777 (samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.)
Original documentdocumentUBUNTU, [USN-1296-1] acpid vulnerabilities (12.12.2011)

Linux kernel multiple security vulnerabilities
Published:12.12.2011
Source:
SecurityVulns ID:12086
Type:local
Threat Level:
5/10
Description:Multiple vulnerabilities in file systems implementations.
CVE:CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.)
 CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.)
 CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.)
 CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value.")
 CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket.)
 CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.)
Original documentdocumentUBUNTU, [USN-1293-1] Linux kernel vulnerabilities (12.12.2011)

colord SQL injection
Published:12.12.2011
Source:
SecurityVulns ID:12087
Type:local
Threat Level:
4/10
Affected:COLORD : colord 0.1
Original documentdocumentUBUNTU, [USN-1289-1] colord vulnerability (12.12.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.12.2011
Source:
SecurityVulns ID:12088
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:KNOWLEDGETREE : KnowledgeTree 3.7
 MEDITATE : Meditate 1.2
 WORDPRESS : pretty-link 1.5
 MOJARRA : mojarra 2.0
 SQUIZ : Squiz Matrix 4.6
CVE:CVE-2011-4358 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF.)
Original documentdocumentTroy Rose, OSI Security: Squiz Matrix - User Account Enumeration (12.12.2011)
 documentAmir_(at)_irist.ir, WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability (12.12.2011)
 documentDEBIAN, [SECURITY] [DSA 2359-1] mojarra security update (12.12.2011)
 documentIrIsT.Ir_(at)_gmail.com, Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities (12.12.2011)
 documentsschurtz_(at)_t-online.de, Meditate Web Content Editor 'username_input' SQL-Injection vulnerability (12.12.2011)
 documentEwerson Guimarгes (Crash) - Dclabs, [DCA-2011-0014] - Elxis CMS Cross Site Script (12.12.2011)
 documentddivulnalert_(at)_ddifrontline.com, DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection (12.12.2011)
 documentMustLive, XSS, SQLi и IL уязвимости в Zeema CMS (12.12.2011)

WinAmp integer overflows
Published:12.12.2011
Source:
SecurityVulns ID:12089
Type:local
Threat Level:
4/10
Description:Different integer overflows in AVI parsing.
Affected:WINAMP : Winamp 5.622
CVE:CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.)
Original documentdocumentSECUNIA, Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities (12.12.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod