Computer Security
[EN] securityvulns.ru no-pyccku


Kaspersky Antivirus privilege escalation
updated since 21.10.2006
Published:16.01.2007
Source:
SecurityVulns ID:6738
Type:local
Threat Level:
6/10
Description:Privilege escalation with KLIN and KLICK system drivers IOCTL.
Affected:KASPERSKY : Kaspersky Antivirus 6.0
Original documentdocumentReversemode, [Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation (21.10.2006)
 documentIDEFENCE, iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability (21.10.2006)
Files:Kaspersky Internet Security 6.0.0.303 IOCTL KLICK Local Exploit
 kav 6.0 0day local priv escalation exploit

Mac OS X / Apple Finder multiple file system parsing vulnerabilities
updated since 11.01.2007
Published:16.01.2007
Source:
SecurityVulns ID:7040
Type:local
Threat Level:
6/10
Description:Buffer overflow on oversized DMG volume label in Apple Finder. Integer overflows on UFS DMG image parsing. DoS on processing UFS and HFS+ volumes.
Affected:APPLE : Mac OS X 10.4
 FREEBSD : FreeBSD 6.1
CVE:CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.)
 CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.)
 CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.)
 CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.)
 CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.)
Original documentdocumentMOAB, MOAB-13-01-2007: Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-12-01-2007: Apple DMG UFS ufs_lookup() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-11-01-2007: Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability (16.01.2007)
 documentMOAB, MOAB-10-01-2007: Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability (16.01.2007)
 documentKevin Finisterre, DMA[2007-0109a] - 'Apple Finder Disk Image Volume Label Overflow / DoS' (11.01.2007)
Files:Exploits Apple Finder DMG Volume Name Memory Corruption
 Exploits Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability
 Exploits Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability
 Exploits Apple DMG UFS ufs_lookup() Denial of Service Vulnerability
 Exploits Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability

libgtop buffer overflow
Published:16.01.2007
Source:
SecurityVulns ID:7057
Type:remote
Threat Level:
6/10
Description:Buffer overflow on /proc FS parsing.
Affected:GNU : libgtop 2.12
 GNU : libgtop 2.14
CVE:CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.)
Original documentdocumentUBUNTU, [USN-407-1] libgtop2 vulnerability (16.01.2007)

Ooutpost self-protection bypass
Published:16.01.2007
Source:
SecurityVulns ID:7058
Type:local
Threat Level:
4/10
Description:It's possible to bypass self-protection by using NTFS hard links.
Affected:AGNITUM : Outpost Firewall Pro 4.0
CVE:CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys.)
Original documentdocumentMatousec - Transparent security Research, Outpost Bypassing Self-Protection using file links Vulnerability (16.01.2007)

Mac OS X AppleTalk protocol buffer overflow
Published:16.01.2007
Source:
SecurityVulns ID:7059
Type:remote
Threat Level:
6/10
Description:Heap buffer overflow.
Affected:APPLE : Mac OS X 10.4
CVE:CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.)
Original documentdocumentMOAB, MOAB-14-01-2007: AppleTalk ATPsndrsp() Heap Buffer Overflow Vulnerability (16.01.2007)
Files:Exploits AppleTalk ATPsndrsp() Heap Buffer Overflow Vulnerability

Multiple Mac OS X security privilege escalation
Published:16.01.2007
Source:
SecurityVulns ID:7060
Type:local
Threat Level:
7/10
Description:Few suid application binaries are user-writable.
Affected:APPLE : Mac OS X 10.4
CVE:CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.)
Original documentdocumentMOAB, MOAB-15-01-2007: Multiple Mac OS X Local Privilege Escalation Vulnerabilities (16.01.2007)
Files:Exploits Mac OS X Local Privilege Escalation Vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod