Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox multiple security vulnerabilities
Published:14.06.2009
Source:
SecurityVulns ID:9986
Type:client
Threat Level:
8/10
Description:Privilege escalations, crossite scripting, DoS, race conditions, SSL spoofing if HTTP proxy is used, multiple memory corruptions.
Affected:MOZILLA : Firefox 3.0
CVE:CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.)
 CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.)
 CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.)
 CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.)
 CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.)
 CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.)
 CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.)
 CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.)
 CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.)
 CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction.")
 CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2009-24 (14.06.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-25 (14.06.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-26 (14.06.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-27 (14.06.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-30 (14.06.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-28 (14.06.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-29 (14.06.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-31 (14.06.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-32 (14.06.2009)
 documentSECUNIA, Secunia Research: Mozilla Firefox Java Applet Loading Vulnerability (14.06.2009)

FreeBSD information leak
Published:14.06.2009
Source:
SecurityVulns ID:9987
Type:local
Threat Level:
5/10
Description:Integer overflow on pipe implementation allows reading data from another process' memory.
Affected:FREEBSD : FreeBSD 6.3
 FREEBSD : FreeBSD 7.1
 FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD 7.2
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:09.pipe (14.06.2009)

FreeBSD IPv6 interface DoS
Published:14.06.2009
Source:
SecurityVulns ID:9988
Type:local
Threat Level:
5/10
Description:Unprivileged user can set options and disable interface.
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:10.ipv6 (14.06.2009)

Google Chrome DoS
Published:14.06.2009
Source:
SecurityVulns ID:9989
Type:remote
Threat Level:
3/10
Description:<script>location.hostname = "%";</script> causes endless loop.
Affected:GOOGLE : Chrome 2.0
Original documentdocumentMustLive, DoS vulnerabilities in Mozilla and Google Chrome (14.06.2009)
Files:Mozilla & Google Chrome DoS Exploit

DX Studio Player Firefox plug-in code execution
Published:14.06.2009
Source:
SecurityVulns ID:9991
Type:remote
Threat Level:
5/10
Description:It's possible to execute system commands via Javascript API.
Affected:DXSTUDIO : DX Studio Player 3.0
CVE:CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0521 - DX Studio Player Firefox plug-in command injection (14.06.2009)

F5 FirePass 4100 crossite scripting
updated since 14.11.2007
Published:14.06.2009
Source:
SecurityVulns ID:8340
Type:remote
Threat Level:
5/10
Description:SSL VPN download_plugin.php3, page backurl parameter, my.logon.php3, my.activation.php3 crossite scripting.
Affected:F5 : FirePass 4100
 F5 : FirePass 5.4
 F5 : FirePass 5.5
 F5 : FirePass 6.0
Original documentdocumentProCheckUp Research, PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script (30.11.2007)
 documentProCheckUp Research, PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script (30.11.2007)
 documentProCheckUp Research, PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'download_plugin.php3' server-side script (14.11.2007)

Apache Tomcat multiple security vulnerabilities
updated since 05.06.2009
Published:14.06.2009
Source:
SecurityVulns ID:9965
Type:remote
Threat Level:
6/10
Description:Information leak, user enumeration, DoS, directory traversal.
Affected:APACHE : Tomcat 4.1
 APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.)
 CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.)
 CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.)
 CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.)
Original documentdocumentAPACHE, [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability (14.06.2009)
 documentAPACHE, [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability (09.06.2009)
 documentAPACHE, [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication (05.06.2009)
 documentAPACHE, [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure (05.06.2009)
 documentAPACHE, [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication (05.06.2009)
 documentAPACHE, [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector (05.06.2009)

Microsoft Active Directory multiple security vulnerabilities
updated since 09.06.2009
Published:14.06.2009
Source:
SecurityVulns ID:9975
Type:remote
Threat Level:
7/10
Description:Double free() vulnerability, memory leaks.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability.")
 CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.11.09: Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability (14.06.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) (09.06.2009)
Files:Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

Microsoft Excel multiple security vulnerabilities
updated since 10.06.2009
Published:14.06.2009
Source:
SecurityVulns ID:9978
Type:client
Threat Level:
6/10
Description:Multiple buffer overflows, memory and pointers corruptions.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability.")
 CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability.")
 CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability.")
 CVE-2009-0559 (Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability.")
 CVE-2009-0558 (Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability.")
 CVE-2009-0557 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability.")
 CVE-2009-0549 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.11.09: Microsoft Excel SST Record Integer Overflow Vulnerability (14.06.2009)
 documentZDI, ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability (11.06.2009)
 documentSECUNIA, Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability (10.06.2009)
 documentSECUNIA, Secunia Research: Microsoft Excel String Parsing Integer Overflow Vulnerability (10.06.2009)
 documentnoreply_(at)_telus.com, TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Buffer Overflow (10.06.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-021 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) (10.06.2009)
Files:Microsoft Security Bulletin MS09-021 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)

Windows print spooler multiple security vulnerabilities
updated since 10.06.2009
Published:14.06.2009
Source:
SecurityVulns ID:9979
Type:remote
Threat Level:
8/10
Description:Buffer overflow, unauthorized files access, privilege escalation with dynamic library loading.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-0230 (The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability.")
 CVE-2009-0229 (The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability.")
 CVE-2009-0228 (Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.11.09: Microsoft Windows 2000 Print Spooler Remote Stack Buffer Overflow Vulnerability (14.06.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-022 - Critical Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) (10.06.2009)
Files:Microsoft Security Bulletin MS09-022 - Critical Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)

Microsoft Word buffer overflows
updated since 11.06.2009
Published:14.06.2009
Source:
SecurityVulns ID:9983
Type:client
Threat Level:
8/10
Description:Fre different buffer overflows on document parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability.")
 CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security - Microsoft Office Word Document Parsing Buffer Overflow Vulnerability (14.06.2009)
 documentZDI, ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability (11.06.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-027 - Critical (11.06.2009)
Files:Microsoft Security Bulletin MS09-027 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)

HP OpenView Network Node Manager SNMP code execution
updated since 14.06.2009
Published:27.06.2009
Source:
SecurityVulns ID:9992
Type:remote
Threat Level:
6/10
Description:Bufffer overflow in rping application.
Affected:HP : OpenView Network Node Manager 7.53
CVE:CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.26.09: HP Network Node Manager rping Stack Buffer Overflow Vulnerability (27.06.2009)
 documentHP, [security bulletin] HPSBMA02430 SSRT080094 rev.1 - HP OpenView Network Node Manager (OV NNM) Running SNMP and MIB, Remote Execution of Arbitrary Code, Denial of Service (DoS) (14.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod