Computer Security

Search:Vulnerability:16.01.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



FreeBSD pty hijacking
Published:16.01.2008
Source:BUGTRAQ
SecurityVulns ID:8570
Type:remote
Level:5/10
Description:'script' users openpty in insecure way, ptsname incorrectly extracts device name.
Affected:FREEBSD : FreeBSD 7.0
 FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
 FREEBSD : FreeBSD 6.2
 FREEBSD : FreeBSD 6.3
CVE:CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.)
 CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:01.pty (16.01.2008)
Discuss:Read or add your comments to this news (0 comments)

Linux kernel IPv6 DoS
Published:16.01.2008
Source:BUGTRAQ
SecurityVulns ID:8575
Type:remote
Level:6/10
Description:Uninitialized memory reference.
Affected:LINUX : kernel 2.6
Original documentdocumentSECURITEAM, [EXPL] Linux Kernel IPv6 Jumbo Bug (16.01.2008)
Files:PoC code for exploiting the jumbo bug found in linux kernels >=2.6.20 and <=2.6.21.1
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 16.01.2008
Published:16.01.2008
Source:BUGTRAQ
SecurityVulns ID:8572
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RiSearch PHP: crossite scripting
Original documentdocumentxcross87_(at)_gmail.com, MicroNews Admin Direct Access vulnerability (16.01.2008)
 documentxcross87_(at)_gmail.com, Max's File Uploader File Upload Vulnerability (16.01.2008)
 documentxcross87_(at)_gmail.com, Article DashBoard all version SQL Injection Vulnerability (16.01.2008)
 documentJose M. Palazon Romero, Exploiting the SpamBam plugin for wordpress (16.01.2008)
 documentJose M. Palazon Romero, Defeating audio captcha systems (16.01.2008)
Discuss:Read or add your comments to this news (0 comments)

FreeBSD libc / libbind memory corruption
Published:16.01.2008
Source:BUGTRAQ
SecurityVulns ID:8571
Type:library
Level:6/10
Description:Off-by-one heap overflow in inet_network() .
Affected:FREEBSD : FreeBSD 7.0
 FREEBSD : FreeBSD 6.2
 FREEBSD : FreeBSD 6.3
CVE:CVE-2008-0122 (Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3, and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:02.libc (16.01.2008)
Discuss:Read or add your comments to this news (0 comments)

TIBCO SmartSockets RTserver multiple security vulnerabilities
Published:16.01.2008
Source:BUGTRAQ
SecurityVulns ID:8573
Type:remote
Level:6/10
Description:Buffer overflows, arrays overflows, pointers manipulation.
Affected:TIBCO : SmartSockets 6.8
CVE:CVE-2007-5658
 CVE-2007-5657
 CVE-2007-5656
 CVE-2007-5655
Original documentdocumentIDEFENSE, iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities (16.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities (16.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTServer Multiple Untrusted Pointer Vulnerabilities (16.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.15.08: TIBCO SmartSockets RTserver Heap Overflow Vulnerability (16.01.2008)
Discuss:Read or add your comments to this news (0 comments)

Apple QuickTime multiple security vulnerabilities
updated since 16.01.2008
Published:17.01.2008
Source:FULL-DISCLOSURE
SecurityVulns ID:8574
Type:client
Level:7/10
Description:Buffer overflow on parsing Macintosh resources embedded into QuickTime movie. Quicktime Image IDSC atom memory corruption.
Affected:APPLE : QuickTime 7.3
 APPLE : QuickTime Player 7.3
 APPLE : QuickTime PictureViewer 7.3
CVE:CVE-2008-0033
 CVE-2008-0032
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-016A -- Apple QuickTime Updates for Multiple Vulnerabilities (17.01.2008)
 documentDVLabs, TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability (17.01.2008)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability (16.01.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server