Computer Security
[EN] securityvulns.ru no-pyccku


EMC NetWorker address spoofing
updated since 28.01.2011
Published:17.05.2011
Source:
SecurityVulns ID:11386
Type:remote
Threat Level:
6/10
Description:librpc.dll library accepts RPC commands in UDP packets with spoofed IPs.
Affected:EMC : EMC NetWorker 7.5
 EMC : Emc Networker 7.6
CVE:CVE-2011-1210
 CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands.)
Original documentdocumentZDI, ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability (17.05.2011)
 documentEMC, ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability. (28.01.2011)

Ubuntu apturl DoS
Published:17.05.2011
Source:
SecurityVulns ID:11679
Type:client
Threat Level:
2/10
Description:Crash on oversized URL.
Affected:APT : apturl 0.4
Original documentdocumentUBUNTU, [USN-1132-1] apturl vulnerability (17.05.2011)

Vmware vSphere Management Assistant privilege escalation
Published:17.05.2011
Source:
SecurityVulns ID:11680
Type:local
Threat Level:
5/10
Description:It's possible to elevate privileges via sudo because of invalid sudoers file.
Original documentdocumentPiotr Duszynski, Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation (17.05.2011)

Apache Tomcat protection bypass
updated since 15.03.2011
Published:17.05.2011
Source:
SecurityVulns ID:11503
Type:library
Threat Level:
5/10
Description:@ServletSecurity parameters are ignored.
Affected:APACHE : Tomcat 7.0
CVE:CVE-2011-1582 (Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.)
 CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.)
 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.)
Original documentdocumentAPACHE, [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass (17.05.2011)
 documentAPACHE, [SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass (15.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod