Computer Security
[EN] securityvulns.ru no-pyccku


Ventrilo voice chat server DoS
Published:15.08.2008
Source:
SecurityVulns ID:9227
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference.
Affected:VENTRILLO : Ventrilo 3.0
Original documentdocumentLuigi Auriemma, NULL pointer in Ventrilo 3.0.2 (15.08.2008)
Files:Exploits Ventrilo <= 3.0.2 NULL pointer

HP-UX unauthorized access with ftp server
Published:15.08.2008
Source:
SecurityVulns ID:9226
Type:remote
Threat Level:
7/10
Affected:HP : HP-UX 11.11
CVE:CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.)
Original documentdocumentHP, [security bulletin] HPSBUX02356 SSRT080051 rev.1 - HP-UX Running ftpd, Remote Privileged Access (15.08.2008)

Microsoft Messenger unauthorized ActiveX access
updated since 12.08.2008
Published:15.08.2008
Source:
SecurityVulns ID:9221
Type:client
Threat Level:
6/10
Description:Messenger.UIAutomation.1 ActiveX allows access to applciation functionality.
Affected:MICROSOFT : Windows Messenger 4.7
CVE:CVE-2008-0082
Original documentdocumentcocoruder, Microsoft Windows Messenger Remote Illegal Access Vulnerability (15.08.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-050 – Important Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) (12.08.2008)
Files:Microsoft Security Bulletin MS08-050 – Important Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)

VMWare VirtualCenter information leak
Published:15.08.2008
Source:
SecurityVulns ID:9223
Type:remote
Threat Level:
4/10
Description:It's possible to obtain username information.
Affected:VMWARE : VirtualCenter 2.0
 VMWARE : VirtualCenter 2.5
CVE:CVE-2008-3514 (VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users.")
Original documentdocumentVMWARE, VMSA-2008-0012 Updated VirtualCenter addresses User Account Disclosure Vulnerability (15.08.2008)

git buffer overflow
Published:15.08.2008
Source:
SecurityVulns ID:9224
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized repository path.
CVE:CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.)
Original documentdocumentRPATH, rPSA-2008-0253-1 git gitweb (15.08.2008)

CA CA Host-Based Intrusion Prevention System SDK multiple security vulnerabilities
Published:15.08.2008
Source:
SecurityVulns ID:9225
Type:library
Threat Level:
6/10
Description:Invalid IOCTL processing.
Affected:CA : CA Personal Firewall 2007
 CA : CA Internet Security Suite 2007
 CA : CA Internet Security Suite 2008
 CA : CA Personal Firewall 2008
CVE:CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation.")
 CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.)
Original documentdocumenttk_(at)_trapkit.de, [TKADV2008-006] CA HIPS KmxFw.sys Kernel Memory Corruption (15.08.2008)
 documentCA, CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities (15.08.2008)

Symantec VERITAS Storage Foundation multiple security vulnerabilities
updated since 22.02.2008
Published:15.08.2008
Source:
SecurityVulns ID:8715
Type:remote
Threat Level:
6/10
Description:DoS on TCP/4888 request parsing, buffer overflow on UDP/3207 parsing.
Affected:SYMANTEC : Veritas Storage Foundation 5.0
CVE:CVE-2008-0638
 CVE-2007-4516
Original documentdocumentZDI, ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability (15.08.2008)
 documentSYMANTEC, SYM08-015_SFW_SecurityUpdateBypass (15.08.2008)
 documentIDEFENSE, iDefense Security Advisory 02.20.08: Symantec Veritas Storage Foundation Scheduler Service DoS Vulnerability (22.02.2008)
 documentZDI, ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability (22.02.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod