Computer Security
[EN] securityvulns.ru no-pyccku


Amarok multiple security vulnerabilities
Published:14.01.2009
Source:
SecurityVulns ID:9579
Type:client
Threat Level:
5/10
Description:Integer overflows, memory corruption.
Affected:AMAROK : Amarok 2.0
Original documentdocumenttk_(at)_trapkit.de, [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities (14.01.2009)

Solaris integer overflow
Published:14.01.2009
Source:
SecurityVulns ID:9582
Type:local
Threat Level:
5/10
Description:Integer overflow in SYS_kaio syscall.
Affected:ORACLE : Solaris 8
 ORACLE : Solaris 9
 ORACLE : Solaris 10
Original documentdocumenttk_(at)_trapkit.de, [TKADV2009-001] Sun Solaris aio_suspend() Kernel Integer Overflow Vulnerability (14.01.2009)

JHead multiple security vulnerabilities
Published:14.01.2009
Source:
SecurityVulns ID:9584
Type:local
Threat Level:
5/10
Description:Buffer overflow, symlink vulnerability, unfiltered shell characters vulnerability.
Affected:JHEAD : JHead 2.84
CVE:CVE-2008-4641 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.)
 CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.)
 CVE-2008-4639 (jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.)
 CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows.")
Original documentdocumentGENTOO, [ GLSA 200901-02 ] JHead: Multiple vulnerabilities (14.01.2009)

KDE Konqueror DoS
Published:14.01.2009
Source:
SecurityVulns ID:9585
Type:client
Threat Level:
4/10
Description:Memory exhaustion on oversized SRC and HREF parameters
Affected:KDE : Konqueror 4.1
Files:KDE Konqueror 4.1.3 'iframe src' Memory Leak Exploit
 KDE Konqueror 4.1.3 'link href' Memory Leak Exploit

PHP popen() function buffer overflow
Published:14.01.2009
Source:
SecurityVulns ID:9581
Type:library
Threat Level:
5/10
Description:Buffer overflow on oversized mode argument.
Affected:PHP : PHP 5.2
Original documentdocumentew1zz_(at)_hotmail.com, PHP Buffer Overflow(popen) (14.01.2009)

Microsoft Windows SMB multiple security vulnerabilities
updated since 13.01.2009
Published:14.01.2009
Source:
SecurityVulns ID:9575
Type:remote
Threat Level:
9/10
Description:Buffer overflows and DoS conditions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-4835 (SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability.")
 CVE-2008-4834 (Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability.")
 CVE-2008-4114 (srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability.")
Original documentdocumentZDI, ZDI-09-002: Microsoft SMB NT Trans2 Request Parsing Remote Code Execution Vulnerability (14.01.2009)
 documentZDI, ZDI-09-001: Microsoft SMB NT Trans Request Parsing Remote Code Execution Vulnerability (13.01.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-001 - Critical Vulnerabilities in SMB Could Allow Remote Code Execution (958687) (13.01.2009)
Files:Microsoft Security Bulletin MS09-001 - Critical Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

HP OpenView Network Node Manager DoS
Published:14.01.2009
Source:
SecurityVulns ID:9580
Type:remote
Threat Level:
5/10
Affected:HP : OpenView Network Node Manager 7.01
 HP : OpenView Network Node Manager 7.51
 HP : OpenView Network Node Manager 7.53
CVE:CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.)
Original documentdocumentHP, [security bulletin] HPSBMA02392 SSRT071481 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Denial of Service (DoS) (14.01.2009)

Zaptel privilege escalation
Published:14.01.2009
Source:
SecurityVulns ID:9583
Type:local
Threat Level:
5/10
Description:It's possible to overwrite kernel memory.
Affected:ZAPTEL : Zaptel 1.4
 ZAPTEL : Zaptel 1.2
CVE:CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check against the value of lc->sync.)
 CVE-2008-5396
Original documentdocumentDEBIAN, [SECURITY] [DSA 1699-1] New zaptel packages fix privilege escalation (14.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod