Computer Security
[EN] securityvulns.ru no-pyccku


Asterisk DoS
Published:17.06.2012
Source:
SecurityVulns ID:12418
Type:remote
Threat Level:
5/10
Description:Crash in Skinny driver.
Affected:ASTERISK : Asterisk 10.5
CVE:CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.)
Original documentdocumentASTERISK, AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability (17.06.2012)

Opera URL spoof
Published:17.06.2012
Source:
SecurityVulns ID:12419
Type:client
Threat Level:
4/10
Description:It's possible to trace event when user leaves the site and to spoof site content.
Affected:OPERA : Opera 11.61
CVE:CVE-2012-3560 (Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.)
Original documentdocumentvulnhunt_(at)_gmail.com, [CAL-2012-0015] opera website spoof (17.06.2012)

VMWare security vulnerabilities
Published:17.06.2012
Source:
SecurityVulns ID:12420
Type:local
Threat Level:
5/10
Description:DoS, memory corruption.
CVE:CVE-2012-3289 (VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.)
 CVE-2012-3288 (VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.)
Original documentdocumentVMWARE, VMSA-2012-0011 VMware hosted products and ESXi and ESX patches address security issues (17.06.2012)

ffmpeg library multiple security vulnerabilities
updated since 21.05.2012
Published:17.06.2012
Source:
SecurityVulns ID:12385
Type:library
Threat Level:
7/10
Description:Multiple security vulnerabilities on Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV parsing.
Affected:LIBAV : libav 0.5
CVE:CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes.")
 CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array writes.")
 CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array.")
 CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write.")
 CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes.")
 CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters.")
 CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11 has unknown impact and attack vectors related to "too many zeros.")
 CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode.")
 CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).)
 CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk.")
 CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "setup width/height.")
 CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write.")
 CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.)
 CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context.")
 CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784.)
 CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of picture write.")
 CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof.")
 CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing with frame threading.")
 CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.)
 CVE-2012-0853 (The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.)
 CVE-2012-0852 (The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.)
 CVE-2012-0851 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.)
 CVE-2011-3952 (The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.)
 CVE-2011-3951 (The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.)
 CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.)
 CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams.")
 CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.)
 CVE-2011-3929 (The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.)
 CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.)
 CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2494-1] ffmpeg security update (17.06.2012)
 documentDEBIAN, [SECURITY] [DSA-2471-1] ffmpeg security update (21.05.2012)

Checkpoint Endpoint Connect DLL hijacking
Published:17.06.2012
Source:
SecurityVulns ID:12421
Type:local
Threat Level:
5/10
Description:It's possible to load user provided library into system process.
Affected:CHECKPOINT : Checkpoint Endpoint Security VPN R75
CVE:CVE-2012-2753 (Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.)
Original documentdocumentmoshez_(at)_comsecglobal.com, Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack (17.06.2012)

AdNovum NevisProxy XSS
Published:17.06.2012
Source:
SecurityVulns ID:12422
Type:remote
Threat Level:
5/10
Description:Crossite scripting via 302 redirection.
Affected:ADNOVUM : nevisProxy 3.10
Original documentdocumentIvan Buetler, AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections (17.06.2012)
 documentCyrill Brunschwiler, CSNC-2012-004 Generic XSS in AdNovum nevisProxy (17.06.2012)

IObit Protected Folder protection bypass
Published:17.06.2012
Source:
SecurityVulns ID:12423
Type:local
Threat Level:
4/10
Description:It's possible to bypass protection, e.g. by changing return value of password checking function.
Original documentdocumentAdam Behnke, IObit Protected Folder Authentication Bypass (17.06.2012)

ESRI ArcMap code execution
Published:17.06.2012
Source:
SecurityVulns ID:12424
Type:local
Threat Level:
4/10
Description:MXD files may contain VBS scripts.
Affected:ESRI : ArcMap 9
 ESRI : ArcGIS Desktop 10
CVE:CVE-2012-1661 (ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.)
Original documentdocumentBoston Cyber Defense, CVE-2012-1661 - ESRI ArcMap arbitrary code execution via crafted map file. (17.06.2012)

HP Onboard Administrator multiple security vulnerabilities
Published:17.06.2012
Source:
SecurityVulns ID:12425
Type:remote
Threat Level:
5/10
Description:Unauthorized access, DoS.
Affected:HP : HP Onboard Administrator 3.55
CVE:CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.)
 CVE-2012-1583 (Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.)
 CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.)
 CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.)
 CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.)
 CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.)
 CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.)
 CVE-2011-4108 (The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.)
 CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.)
 CVE-2011-2691 (The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.)
 CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.)
Original documentdocumentHP, [security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS) (17.06.2012)

HP Server Automation code execution
Published:17.06.2012
Source:
SecurityVulns ID:12426
Type:remote
Threat Level:
5/10
CVE:CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.)
Original documentdocumentHP, [security bulletin] HPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of Arbitrary Code (17.06.2012)

F5 BIG-IP authentication bypass
Published:17.06.2012
Source:
SecurityVulns ID:12427
Type:remote
Threat Level:
6/10
Description:Full device acces is possible.
Affected:F5 : BIG-IP 11.1
CVE:CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.)
Original documentdocumentFlorent Daigniere, [MATTA-2012-002] CVE-2012-1493; F5 BIG-IP remote root authentication bypass Vulnerability (17.06.2012)

ComSndFTP FTP Server format string vulnerability
Published:17.06.2012
Source:
SecurityVulns ID:12428
Type:remote
Threat Level:
5/10
Description:Format string vulnerability in USER command.
Affected:COMSND : ComSndFTP 1.3
Original documentdocumentdemonalex_(at)_163.com, ComSndFTP Server Remote Format String Overflow Vulnerability (17.06.2012)

Network UPS Tools buffer overflow
Published:17.06.2012
Source:
SecurityVulns ID:12430
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized string.
Affected:NuT : nut 2.6
CVE:CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:087 ] nut (17.06.2012)

Sielco Sistemi Winlog buffer overflow
Published:17.06.2012
Source:
SecurityVulns ID:12431
Type:remote
Threat Level:
5/10
Description:Buffer overflow on TCP/46824 traffic parsing.
Affected:SIELCO : Winlog 2.07
Original documentdocumentdevnull_(at)_s3cur1ty.de, Sielco Sistemi Winlog Buffer Overflow <= v2.07.14 (17.06.2012)

arpwatch protection bypass
Published:17.06.2012
Source:
SecurityVulns ID:12432
Type:local
Threat Level:
3/10
Description:Elevated privileges are dropped incorrectly.
Affected:ARPWATCH : arpwatch 2.1
CVE:CVE-2012-2653 (arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2481-1] arpwatch security update (17.06.2012)

HP DataDirect OpenAccess security vulnerabilities
updated since 17.06.2012
Published:24.06.2012
Source:
SecurityVulns ID:12429
Type:remote
Threat Level:
5/10
Description:Few buffer overflows on traffic parsing.
Affected:HP : HP Database Archiving Software 6.31
CVE:CVE-2011-4165 (Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.)
 CVE-2011-4164 (Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214.)
 CVE-2011-4163 (Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.)
Original documentdocumentZDI, ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability (24.06.2012)
 documentZDI, ZDI-12-089 : HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability (17.06.2012)
 documentZDI, ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability (17.06.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod