Computer Security
[EN] securityvulns.ru no-pyccku


apt symbolic links vulnerability
Published:13.10.2014
Source:
SecurityVulns ID:14001
Type:local
Threat Level:
5/10
Description:Symbolic links vulnerability on temporary file creation.
Affected:APT : apt 1.0
CVE:CVE-2014-7206 (The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3048-1] apt security update (13.10.2014)

Cisco ASA multiple DoS vulnerabilities
Published:13.10.2014
Source:
SecurityVulns ID:14002
Type:remote
Threat Level:
8/10
Description:DoS on multiple protocols parsing, code executions, information leakgs, insufficient certificate validation.
Affected:CISCO : ASA 9.3
CVE:CVE-2014-3394 (The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.)
 CVE-2014-3393 (The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.)
 CVE-2014-3392 (The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136.)
 CVE-2014-3391 (Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.)
 CVE-2014-3390 (The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.)
 CVE-2014-3389 (The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582.)
 CVE-2014-3388 (The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327.)
 CVE-2014-3387 (The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074.)
 CVE-2014-3386 (The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of GTP packets, aka Bug ID CSCum56399.)
 CVE-2014-3385 (Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556.)
 CVE-2014-3384 (The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401.)
 CVE-2014-3383 (The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176.)
 CVE-2014-3382 (The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027.)
Files: Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software

bash code execution
updated since 25.09.2014
Published:13.10.2014
Source:
SecurityVulns ID:13977
Type:library
Threat Level:
10/10
Description:It's possible to place a function into content of any environment variable.
Affected:GNU : bash 4.3
CVE:CVE-2014-7187 (Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.)
 CVE-2014-7186 (The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.)
 CVE-2014-7169 (GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.)
 CVE-2014-6278 (GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.)
 CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.)
 CVE-2014-6271 (GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.)
 CVE-2014-3659 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE assignments. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Original documentdocumentHP, [security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution (13.10.2014)
 documentCA, CA20141001-01: Security Notice for Bash Shellshock Vulnerability (13.10.2014)
 documentHP, [security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution (05.10.2014)
 documentVMWARE, NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities (05.10.2014)
 documentHP, [security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution (05.10.2014)
 documentMichal Zalewski, the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) (05.10.2014)
 documentHP, [security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code (05.10.2014)
 documentcve-assign_(at)_mitre.org, [oss-security] Re: CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentHanno Bock, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentmancha, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentSolar Designer, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentFlorian Weimer, Re: [oss-security] CVE-2014-6271: remote code execution through bash (25.09.2014)
 documentUBUNTU, [USN-2362-1] Bash vulnerability (25.09.2014)
Files:Bash specially-crafted environment variables code injection attack
  Cisco Security Advisory GNU Bash Environment Variable Command Injection Vulnerability
 Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE-2014-6278)

Exuberant Ctags DoS
Published:13.10.2014
Source:
SecurityVulns ID:14004
Type:local
Threat Level:
5/10
Description:Infinite loop leads to resources exhaustion.
Affected:EXUBERANT : ctags 5.9
CVE:CVE-2014-7204 (jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.)
Original documentdocumentUBUNTU, [USN-2371-1] Exuberant Ctags vulnerability (13.10.2014)

qemu multiple security vulnerabilities
updated since 13.10.2014
Published:08.12.2014
Source:
SecurityVulns ID:14003
Type:local
Threat Level:
6/10
Description:Multiple memory corruptions, DoS, information leakage.
Affected:QEMU : qemu 1.1
CVE:CVE-2014-8106 (Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.)
 CVE-2014-7815 (The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.)
 CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.)
 CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.)
 CVE-2014-3615 (The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.)
 CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.)
 CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.)
 CVE-2014-0147
 CVE-2014-0146
 CVE-2014-0145
 CVE-2014-0144
 CVE-2014-0143
 CVE-2014-0142
Original documentdocumentDEBIAN, [SECURITY] [DSA 3087-1] qemu security update (08.12.2014)
 documentDEBIAN, [SECURITY] [DSA 3066-1] qemu security update (10.11.2014)
 documentDEBIAN, [SECURITY] [DSA 3045-1] qemu security update (13.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod