Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla FireFox information leak
updated since 08.10.2008
Published:14.10.2008
Source:
SecurityVulns ID:9339
Type:local
Threat Level:
5/10
Description:Information leak on local HTML file opening.
Affected:MOZILLA : Firefox 3.0
Original documentdocumentMustLive, Information Leakage in Firefox 3 (14.10.2008)
 documentLIUDIEYU dot COM, Firefox Privacy Broken If Used to Open Web Page File (08.10.2008)

Oracle privilege escaclation
Published:14.10.2008
Source:
SecurityVulns ID:9353
Type:local
Threat Level:
5/10
Description:User with CREATE ANY DIRECTORY privileges can escalate privileges to SYSDBA.
Affected:ORACLE : Oracle 10g
 ORACLE : Oracle 11g
Original documentdocumentpaul.wright_(at)_oracleforensics.com, CREATE ANY DIRECTORY to SYSDBA (14.10.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.10.2008
Source:
SecurityVulns ID:9355
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WP Comment Remix 1.4
 NLB : NewLife Blogger 3.0
Original documentdocumentPepelux, NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability (14.10.2008)
 documentg30rg3_x, WP Comment Remix 1.4.3 Multiple Vulnerabilities (14.10.2008)
 documentozdemirtravel_(at)_gmail.com, İltaweb Alışveriş Sistemi (tr) Sql inj (14.10.2008)
 documentozdemirtravel_(at)_gmail.com, İltaweb Alışveriş Sistemi (tr) Sql inj (14.10.2008)

Telecom Italia Alice Pirelli routers backdoor
Published:14.10.2008
Source:
SecurityVulns ID:9359
Type:remote
Threat Level:
5/10
Description:Specially constructed IP packet causes router's telnet/ftp/tftp functions to be activated.
Original documentdocumentdrpepppperone_(at)_gmail.com, Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN. (14.10.2008)
Files:Alice BackDoor hash creator

Lenovo Rescue and Recovery buffer overflow
Published:14.10.2008
Source:
SecurityVulns ID:9354
Type:local
Threat Level:
5/10
Description:Buffer overflow in tvtumon.sys driver.
Original documentdocumentChris Clark, iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20 (14.10.2008)

Marvel chipset wireless access points DoS
Published:14.10.2008
Source:
SecurityVulns ID:9356
Type:remote
Threat Level:
5/10
Description:Malformed association request causes access point to hang or reboot.
Affected:Marvell : MARVELL 88W8361P-BEM1
 CISCO : Linksys WAP4400N
CVE:CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197.)
Original documentdocumentLaurent Butti, Marvell Driver Malformed Association Request Vulnerability (14.10.2008)

Microsoft Windows 2000 Active Directory buffer overflow
Published:14.10.2008
Source:
SecurityVulns ID:9363
Type:remote
Threat Level:
6/10
Description:Buffer overflow on LDAP request processing.
Affected:MICROSOFT : Windows 2000 Server
CVE:CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-060 – Critical Vulnerability in Active Directory Could Allow Remote Code Execution (957280) (14.10.2008)
Files:Microsoft Security Bulletin MS08-060 – Critical Vulnerability in Active Directory Could Allow Remote Code Execution (957280)

Sun Solaris Solstice AdminSuite daemon buffer overflow
Published:14.10.2008
Source:
SecurityVulns ID:9358
Type:remote
Threat Level:
6/10
Description:Buffer overflow in sadmind adm_build_path() function.
Affected:ORACLE : Solaris 8
 ORACLE : Solaris 9
Original documentdocumentRISE Security, [RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow Vulnerability (14.10.2008)

Microsoft Office multiple security vulnerabilities
updated since 14.10.2008
Published:15.10.2008
Source:
SecurityVulns ID:9360
Type:local
Threat Level:
5/10
Description:cdo: URI information leak, multiple Excel memory corruptions.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability.")
 CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability.")
 CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability.")
 CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability.")
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 10.14.08: Microsoft Visual Basic for Applications - Multiple Vulnerabilities (15.10.2008)
 documentZDI, [Full-disclosure] ZDI-08-068: Microsoft Office Excel BIFF File Format Parsing Stack Overflow Vulnerability (15.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-056 - Moderate Vulnerability in Microsoft Office Could Allow Information Disclosure (957699) (14.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-057 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416) (14.10.2008)
Files:Microsoft Security Bulletin MS08-057 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

Microsoft Host Integration Server buffer overflow
updated since 14.10.2008
Published:15.10.2008
Source:
SecurityVulns ID:9362
Type:remote
Threat Level:
6/10
Description:Buffer overflow in RPC-based service.
Affected:MICROSOFT : Host Integration Server 2004
 MICROSOFT : Host Integration Server 2000
 MICROSOFT : Host Integration Server 2006
CVE:CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Command Execution Vulnerability (15.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-059 – Critical Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) (14.10.2008)
Files:Microsoft Security Bulletin MS08-059 – Critical Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)

Linux kernel multiple security vulnerabilities
updated since 14.10.2008
Published:18.10.2008
Source:
SecurityVulns ID:9357
Type:local
Threat Level:
6/10
Описание:Многочисленные DoS-условия, повышение привилегий группы через файловую систему и через системные вызовы
Affected:LINUX : kernel 2.6
CVE:CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.)
 CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.)
 CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.)
 CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.)
 CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.)
 CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.)
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.)
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.)
 CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite, which triggers an invalid dereference.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities (18.10.2008)
 documentDEBIAN, [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities (14.10.2008)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 14.10.2008
Published:21.10.2008
Source:
SecurityVulns ID:9361
Type:remote
Threat Level:
7/10
Description:Memory corruptions, information hijack, crossite scripting.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability.")
 CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability.")
 CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability.")
 CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.)
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2008.008 - Internet Explorer HTML Object Memory Corruption and Remote Code Execution (21.10.2008)
 documentifsecure_(at)_gmail.com, Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution (16.10.2008)
 documentZDI, [Full-disclosure] ZDI-08-069: Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability (15.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-058 - Critical Cumulative Security Update for Internet Explorer (956390) (14.10.2008)
Files:Microsoft Security Bulletin MS08-058 - Critical Cumulative Security Update for Internet Explorer (956390)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod