Computer Security
[EN] securityvulns.ru no-pyccku


Rockwell Automation Allen-Bradley MicroLogix products multiple security vulnerabilities
Published:17.01.2010
Source:
SecurityVulns ID:10515
Type:remote
Threat Level:
5/10
Affected:ROCKWELL : Allen-Bradley MicroLogix 1400
 ROCKWELL : Allen-Bradley MicroLogix 1100
Original documentdocumentEyal Udassin, C4 SCADA Security Advisory - Rockwell Automation (Allen Bradley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers (17.01.2010)

MIT Kerberos 5 integer overflows
Published:17.01.2010
Source:
SecurityVulns ID:10517
Type:remote
Threat Level:
6/10
Description:Integer overflows on RC4 and AES decription.
Affected:MIT : krb5 1.6
 MIT : krb5 1.7
CVE:CVE-2009-4212 (Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.)
Original documentdocumentMIT, MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption (17.01.2010)

OpenSSL memory leak
Published:17.01.2010
Source:
SecurityVulns ID:10519
Type:library
Threat Level:
5/10
Description:It's possible to exploit memory leak to create denial of service conditions via resources exhaustion.
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2009-4355 (Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.)
Original documentdocumentUBUNTU, [USN-884-1] OpenSSL vulnerability (17.01.2010)

TurboFTP Server FTP Server buffer overflow
Published:17.01.2010
Source:
SecurityVulns ID:10520
Type:remote
Threat Level:
5/10
Description:Buffer overflow on DELE command.
Affected:TURBOSOFT : TurboFTP Server 1.00
Original documentdocumentSecurity, [CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS (17.01.2010)

Sendmail SSL certificate spoofing
Published:17.01.2010
Source:
SecurityVulns ID:10521
Type:m-i-t-m
Threat Level:
5/10
Description:It's possible to spoof SSL certificate by using NULL character in CN.
Affected:SENDMAIL : Sendmail 8.14
CVE:CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:003 ] sendmail (17.01.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.01.2010
Source:
SecurityVulns ID:10522
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:FCKEDITOR : FCKeditor 2.6
 MYDMS : MyDMS 1.7
 DRUPAL : Node Blocks 1.1 module for Drupal
 DRUPAL : Node Blocks 1.3 module for Drupal
Original documentdocumentMarty Barbella, XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1) (17.01.2010)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS) (17.01.2010)
 documentMustLive, New vulnerability in FCKeditor (17.01.2010)
 documentRonen Z, Cross Site Identification (CSID) attack. Description and demonstration. (17.01.2010)

Novatel MiFi WiFi access point multiple security vulnerabilities
Published:17.01.2010
Source:
SecurityVulns ID:10523
Type:remote
Threat Level:
5/10
Description:Crossite scripting and crossite response forgery.
Affected:NOVATEL : MiFi
Original documentdocumentAdam Baldwin, Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker (17.01.2010)

libthai integer overflow
Published:17.01.2010
Source:
SecurityVulns ID:10524
Type:library
Threat Level:
4/10
Description:Integer overflow on oversized strings.
Affected:LIBTHAI : libthai 0.1
CVE:CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-1971-1] New libthai packages fix arbitrary code execution (17.01.2010)

Mozilla Firefox Yoono extension code execution
Published:17.01.2010
Source:
SecurityVulns ID:10526
Type:client
Threat Level:
4/10
Description:It's possible to inject code via img tag events.
Affected:YOONO : Yoono 6.1
Original documentdocumentNick Freeman, Yoono Firefox Extension - Privileged Code Injection (17.01.2010)

Google SketchUp memory corruption
Published:17.01.2010
Source:
SecurityVulns ID:10527
Type:local
Threat Level:
3/10
Description:Memory corruption on 3DS files parsing.
Affected:GOOGLE : SketchUp 7.1
CVE:CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2009-1209] Google SketchUp 'lib3ds' 3DS Importer Memory Corruption (17.01.2010)

bash terminal characters injection
Published:17.01.2010
Source:
SecurityVulns ID:10528
Type:local
Threat Level:
4/10
Description:It's possible to inject ESC-sequences into ls command output.
Affected:BASH : bash 3.2
CVE:CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:004 ] bash (17.01.2010)

HP Web Jetadmin multiple security vulnerabilities
Published:17.01.2010
Source:
SecurityVulns ID:10529
Type:remote
Threat Level:
4/10
Description:Crossite scripting, DoS.
Affected:HP : Web Jetadmin 10.2
CVE:CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server.)
Original documentdocumentHP, [security bulletin] HPSBPI02500 SSRT090263 rev.1 - HP Web Jetadmin, Remote Unauthorized Access to Data, Denial of Service (DoS) (17.01.2010)

Gnome network-manager-applet unauthorized access
updated since 04.03.2009
Published:17.01.2010
Source:
SecurityVulns ID:9709
Type:m-i-t-m
Threat Level:
5/10
Description:Unauthorized access to network connections through dbus, WPA certificate spoofing.
Affected:GNOME : network-manager-applet 0.6
CVE:CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.)
 CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.)
 CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors.)
 CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors.)
 CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2) NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not properly verify privileges, which allows local users to discover (a) network connection passwords and (b) pre-shared keys via unspecified queries.)
 CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2) NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not properly verify privileges, which allows local users to discover (a) network connection passwords and (b) pre-shared keys via unspecified queries.)
Original documentdocumentUBUNTU, [USN-727-2] NetworkManager vulnerability (04.03.2009)
 documentMarc Deslauriers, [USN-727-1] network-manager-applet vulnerabilities (04.03.2009)

OpenOffice NULL pointer dereference
updated since 17.01.2010
Published:19.01.2010
Source:
SecurityVulns ID:10525
Type:local
Threat Level:
4/10
Description:NULL pointer dereference on CSV and SLK files parsing.
Affected:OPENOFFICE : OpenOffice 3.1
Original documentdocumentkarakorsankara_(at)_hotmail.com, OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability (19.01.2010)
 documentkarakorsankara_(at)_hotmail.com, Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability (17.01.2010)

Adobe Acrobat and Reader multiple security vulnerabilities
updated since 17.01.2010
Published:15.03.2010
Source:
SecurityVulns ID:10516
Type:client
Threat Level:
8/10
Description:Code executions, memory corruptions, buffer overflow, integer overflow, DoS on PDF parsing.
Affected:ADOBE : Reader 8.1
 ADOBE : Acrobat 8.1
 ADOBE : Reader 9.2
 ADOBE : Acrobat 9.2
 ADOBE : Acrobat 9.3
 ADOBE : Reader 9.3
CVE:CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.)
 CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.)
 CVE-2009-3958 (Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.)
 CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.)
 CVE-2009-3956 (The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.)
 CVE-2009-3955 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.)
 CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability.")
 CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.)
Original documentdocumentvillys777_(at)_gmail.com, CVE-2010-0188 Exploit Code (15.03.2010)
 documentIDEFENSE, iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability (17.01.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability (17.01.2010)
 documentADOBE, Security updates available for Adobe Reader and Acrobat (17.01.2010)
 documentCERT, US-CERT Technical Cyber Security Alert TA10-013A -- Adobe Reader and Acrobat Vulnerabilities (17.01.2010)
Files:Adobe PDF LibTiff Integer Overflow Code Execution

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod