Computer Security
[EN] securityvulns.ru no-pyccku


Facebook for iPhone multiple security vulnerabilities
updated since 05.01.2010
Published:16.02.2010
Source:
SecurityVulns ID:10499
Type:client
Threat Level:
5/10
Description:Crosste scripting via notes page, session hijacking.
Affected:APPLE : Facebook App 3.1
Original documentdocumentbill.robson_(at)_e-sentinel.com, e-Sentinel Security Advisory - Ref: Session Hijacking iPhone Facebook Application ver 3.1.2 (16.02.2010)
 documentInj3ct0r.com, Facebook for iPhone persistent XSS (05.01.2010)

Oracle quarterly security update
updated since 16.07.2009
Published:16.02.2010
Source:
SecurityVulns ID:10077
Type:remote
Threat Level:
8/10
Description:Approximately 30 vulnerabilities in different applications are fixed.
Affected:ORACLE : WebLogic Server 7.0
 ORACLE : Oracle 9i
 ORACLE : Oracle E-Business Suite 11.5
 ORACLE : Oracle 10g
 ORACLE : WebLogic Server 8.1
 ORACLE : Oracle 11g
 ORACLE : PeopleSoft Enterprise PeopleTools 8.49
 ORACLE : WebLogic Server 9.0
 ORACLE : WebLogic Server 9.1
 ORACLE : WebLogic Server 9.2
 ORACLE : PeopleSoft Enterprise HRMS 8.9
 ORACLE : PeopleSoft Enterprise HRMS 9.0
 ORACLE : WebLogic Server 10.3
 ORACLE : JRockit 27.6
 ORACLE : Oracle E-Business Suite 12.1
 ORACLE : Oracle E-Business Suite 12.0
 ORACLE : Oracle Enterprise Manager Database Control 11
 ORACLE : Oracle Enterprise Manager Grid Control 10g
 ORACLE : Siebel Highly Interactive Client 7.5
 ORACLE : Siebel Highly Interactive Client 7.7
 ORACLE : Siebel Highly Interactive Client 7.8
 ORACLE : Siebel Highly Interactive Client 8.0
 ORACLE : Siebel Highly Interactive Client 8.1
 ORACLE : Oracle Complex Event Processing 10.3
 ORACLE : WebLogic Event Server 2.0
CVE:CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 14, and 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile Manager component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 14, and 9.0 Bundle 9 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2009-1987 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.21 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2009-1984 (Unspecified vulnerability in the Application Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Patch Administrator.)
 CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2009-1982 (Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.6 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2009-1981 (Unspecified vulnerability in the Highly Interactive Client component in Siebel Product Suite 7.5.3, 7.7.2, 7.8.2, 8.0.0.5, and 8.1.0 allows local users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2009-1976 (Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2009-1975 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality, integrity, and availability, related to the WLS Console Package.)
 CVE-2009-1974 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Servlet Container Package.)
 CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to VPD policies.)
 CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect availability via unknown vectors.)
 CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2009-1968 (Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.)
 CVE-2009-1967 (Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-1967 (Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-1966 (Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-1966 (Unspecified vulnerability in the Config Management component in (1) Oracle Database 11.1.0.7 and (2) Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in Oracle Database 11.1.0.6 allows remote authenticated users to affect integrity and availability via unknown vectors.)
 CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote attackers to access arbitrary files via directory traversal sequences in the URI.)
 CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.)
 CVE-2009-1021 (Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-1020 (Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2009-1019 (Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2009-1015 (Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.05, and 10.2.04 allows remote authenticated users to affect integrity via unknown vectors.)
 CVE-2009-0987 (Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.)
 CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.)
Original documentdocumentOfer Maor, Hacktics Advisory Feb09: XSS in Oracle E-Business Suite (16.02.2010)
 documentSHATTER, Team SHATTER Security Advisory: Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter (28.08.2009)
 documentDavid Litchfield, Oracle 11g (11.1.0.6) Password Policy and Compliance (26.08.2009)
 documentDavid Litchfield, Bypassing DBMS_ASSERT in certain situations (26.08.2009)
 documentDavid Litchfield, Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC (26.08.2009)
 documentDavid Litchfield, Oracle 11g (11.1.0.6) Password Policy and Compliance (26.08.2009)
 documentZDI, ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass Vulnerability (19.08.2009)
 documentZDI, ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities (19.08.2009)
 documentSHATTER, Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager (04.08.2009)
 documentDennis Yurichev, Oracle CPUjul2009 (26.07.2009)
 documentDSecRG, [DSECRG-09-031] Oracle BEA Weblogic 10.3 Linked –•SS vulnerability (16.07.2009)
 documentDSecRG, [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability (16.07.2009)
 documentORACLE, Oracle Critical Patch Update Advisory - July 2009 (16.07.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.02.2010
Source:
SecurityVulns ID:10617
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:XOOPS : Xoops 2.4
 CMSMADESIMPLE : cmsmadesimple 1.6
Original documentdocumentMartin Barbella, Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0) (16.02.2010)
 documentbeenudel1986_(at)_gmail.com, Joomla (Jw_allVideos) Remote File Download Vulnerability (16.02.2010)
 documentbeenudel1986_(at)_gmail.com, Multiple Stored XSS in XOOPS 2.4.4 Admin Section (16.02.2010)
 documentarash.setayeshi_(at)_gmail.com, LDF (Default.asp) Sql Injection Vulnerability (16.02.2010)
 documentbeenudel1986_(at)_gmail.com, cmsmadesimple Multiple Security Issues : XSS+ LFI (16.02.2010)

Motorolla Milestone DoS
Published:16.02.2010
Source:
SecurityVulns ID:10618
Type:client
Threat Level:
3/10
Description:Browser crash on Javascript.
Affected:MOTOROLLA : Motorolla Milestone
Original documentdocumentdavid_(at)_majorsecurity.info, [MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service (16.02.2010)

HP Operations Agent unauthorized access
Published:16.02.2010
Source:
SecurityVulns ID:10619
Type:remote
Threat Level:
6/10
Affected:HP : HP Operations Agent 8.51
 HP : HP Operations Agent 8.52
 HP : HP Operations Agent 8.53
 HP : HP Operations Agent 8.60
CVE:CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access (16.02.2010)

Cisco IronPort Encryption Appliance multiple security vulnerabilities
Published:16.02.2010
Source:
SecurityVulns ID:10620
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities in HTTPS interface.
Affected:CISCO : IronPort Encryption Appliance 6.5
 CISCO : IronPort Encryption Appliance 6.2
 CISCO : IronPort PostX MAP 6.2
CVE:CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923.)
 CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922.)
 CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance (16.02.2010)

HP Network Node Manager code execution
Published:16.02.2010
Source:
SecurityVulns ID:10621
Type:remote
Threat Level:
5/10
CVE:CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, 8.12, and 8.13 allows remote attackers to execute arbitrary commands via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02484 SSRT090076 rev.1 - HP Network Node Manager (NNM), Remote Execution of Arbitrary Commands (16.02.2010)

Hyleos ChemviewX ActiveX buffer overflows
Published:16.02.2010
Source:
SecurityVulns ID:10623
Type:client
Threat Level:
5/10
Description:Stack based buffer overflows (stack overruns) in SaveasMolFile and ReadMolFile methods.
Affected:HYLEOS : ChemviewX 1.9
Original documentdocumentPaul Craig, ChemViewX v1.9.5 ActiveX Control Mutliple Stack Overflows (16.02.2010)

Google Chrome information leak
Published:16.02.2010
Source:
SecurityVulns ID:10624
Type:client
Threat Level:
3/10
Description:Password manager allows username/password from external source to be automatically filled.
Affected:GOOGLE : Chrome 3.0
 GOOGLE : Chrome 4.0
CVE:CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.)
Original documentdocumentVSR Advisories, Chrome Password Manager Cross Origin Weakness (CVE-2010-0556) (16.02.2010)

fetchmail buffer overflow
Published:16.02.2010
Source:
SecurityVulns ID:10625
Type:client
Threat Level:
4/10
Description:Buffer overflow in verbose mode on SSL certificate paramters printing.
Affected:FETCHMAIL : fetchmail 6.3
CVE:CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:037 ] fetchmail (16.02.2010)

Linux kernel multiple security vulnerabilities
Published:16.02.2010
Source:
SecurityVulns ID:10626
Type:remote
Threat Level:
9/10
Description:DoS conditions, privilege escalations, kernel memory access, weak permissions.
Affected:LINUX : kernel 2.6
CVE:CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.)
 CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.)
 CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.)
 CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.)
 CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.)
 CVE-2010-0306 (The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.)
 CVE-2010-0298 (The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.)
 CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess.")
 CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.)
 CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.)
 CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.)
 CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.)
 CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session.)
 CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-1996-1] New Linux 2.6.26 packages fix several vulnerabilities (16.02.2010)

gnome-screensaver protection bypass
updated since 16.02.2010
Published:09.03.2010
Source:
SecurityVulns ID:10622
Type:local
Threat Level:
5/10
Description:Screensaver crash on monitor hotplugging.
Affected:GNOME : gnome-screensaver 2.28
CVE:CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.)
 CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.)
 CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.)
 CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.)
Original documentdocumentUBUNTU, [USN-907-1] gnome-screensaver vulnerabilities (09.03.2010)
 documentUBUNTU, [USN-898-1] gnome-screensaver vulnerability (16.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod