Computer Security
[EN] securityvulns.ru no-pyccku


Netgear routers unauthorized password reset
Published:14.01.2014
Source:
SecurityVulns ID:13519
Type:remote
Threat Level:
5/10
Description:Bug in password recovery logic.
Affected:NETGEAR : Netgear N150
Original documentdocumentc1ph04mail_(at)_gmail.com, NETGEAR WNR1000v3 Password Recovery Vulnerability (14.01.2014)

Cisco routers backdoor
Published:14.01.2014
Source:
SecurityVulns ID:13520
Type:remote
Threat Level:
8/10
Description:Undocumented test interface.
Affected:CISCO : Cisco RVS4000
 CISCO : Cisco WRVS4400N
 CISCO : Cisco WAP4410N
CVE:CVE-2014-0659 (The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.)
Files:Undocumented Test Interface in Cisco Small Business Devices

Cisco srtp library buffer overflow
Published:14.01.2014
Source:
SecurityVulns ID:13521
Type:library
Threat Level:
6/10
Description:crypto_policy_set_from_profile_for_rtp() function byffer overflow
Affected:CISCO : libsrtp 1.4
CVE:CVE-2013-2139 (Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2840-1] srtp security update (14.01.2014)

Lorex DVR ActiveX buffer overflow
Published:14.01.2014
Source:
SecurityVulns ID:13522
Type:client
Threat Level:
5/10
Description:INetViewX control buffer overflow
CVE:CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.)
Original documentdocumentPedro Ribeiro, [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow (14.01.2014)

Apache CloudStack security vulnerabilities
Published:14.01.2014
Source:
SecurityVulns ID:13523
Type:library
Threat Level:
6/10
Description:Protection bypass, information leakage.
Affected:APACHE : CloudStack 4.2
CVE:CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.)
 CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.)
Original documentdocumentAPACHE, Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users (14.01.2014)
 documentAPACHE, Updated [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access (14.01.2014)

ISC bind DoS
Published:14.01.2014
Source:
SecurityVulns ID:13524
Type:remote
Threat Level:
6/10
Description:Crash on parsing malformed request to NSEC3-signed zone.
Affected:ISC : bind 9.9
CVE:CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.)
Original documentdocumentUBUNTU, [USN-2081-1] Bind vulnerability (14.01.2014)

ntp traffic amplification
Published:14.01.2014
Source:
SecurityVulns ID:13525
Type:remote
Threat Level:
7/10
Description:monlist ntp feature is used in-the-wild for traffic amplification.
Affected:NTP : ntp 4.2
CVE:CVE-2013-5211 (The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.)
Original documentdocumentHP, [security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS) (14.01.2014)
 documentCERT, TA14-013A: NTP Amplification Attacks Using CVE-2013-5211 (14.01.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod