Computer Security
[EN] securityvulns.ru no-pyccku


Google Chrome / Chromium multiple security vulnerabilities
Published:17.06.2014
Source:
SecurityVulns ID:13842
Type:client
Threat Level:
8/10
Description:Memory corruptions, buffer overflows.
Affected:GOOGLE : Chrome 35
CVE:CVE-2014-3157 (Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.)
 CVE-2014-3156 (Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.)
 CVE-2014-3155 (net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.)
 CVE-2014-3154 (Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2959-1] chromium-browser security update (17.06.2014)

Oracle multiple security vulnerabilities
Published:17.06.2014
Source:
SecurityVulns ID:13843
Type:local
Threat Level:
6/10
Description:Multiple privilege escalations via built-in Java machine.
Affected:ORACLE : Oracle 11g
 ORACLE : Oracle 12c
Original documentdocumentSecurity Explorations, [SE-2014-01] Security vulnerabilities in Oracle Database Java VM (17.06.2014)

Apache commons-beanutils code exeuction
Published:17.06.2014
Source:
SecurityVulns ID:13845
Type:library
Threat Level:
5/10
Description:ActionForm class parameter unrestricted access.
CVE:CVE-2014-0114 (The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.)
Original documentdocumentDavid Jorm, [oss-security] CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE (17.06.2014)

Linux restrictions bypass
Published:17.06.2014
Source:
SecurityVulns ID:13846
Type:local
Threat Level:
5/10
Description:SECCOMPS restrictions bypass on MIPS.
Affected:LINUX : kernel 3.13
Original documentdocumentYves-Alexis Perez, [oss-security] Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS (17.06.2014)

OpenAFS uninitialized memory
Published:17.06.2014
Source:
SecurityVulns ID:13847
Type:remote
Threat Level:
4/10
Description:Uninitialized memory access is possible.
Affected:OPENAFS : OpenAFS 1.6
CVE:CVE-2014-4044 (OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.)
Original documentdocumenteagle_(at)_eyrie.org, [oss-security] CVE request: OpenAFS 1.6.8 TMAY fileserver crashes (17.06.2014)

PHP security vulnerabilities
Published:17.06.2014
Source:
SecurityVulns ID:13848
Type:library
Threat Level:
7/10
Description:Symbolic links vulnerabilities, dns_get_record() buffer overflow.
Affected:PHP : PHP 5.5
CVE:CVE-2014-4049 (Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.)
 CVE-2014-3986 (include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.)
 CVE-2014-3982 (include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.)
 CVE-2014-3981 (acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.)
Original documentdocumentMurray McAllister, [oss-security] CVE request: PHP heap-based buffer overflow in DNS TXT record parsing (17.06.2014)
 documentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure (17.06.2014)
 documentMurray McAllister, [oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure (17.06.2014)

musl-libc buffer overflow
Published:17.06.2014
Source:
SecurityVulns ID:13849
Type:library
Threat Level:
6/10
Description:Buffer overflow on DNS response parsing.
Affected:MUSL : musl-libc 1.1
CVE:CVE-2014-3484
Original documentdocumentRich Felker, [musl] Security advisory for musl libc - remote stack-based buffer overflow in DNS response parsing [CVE-2014-3484] (17.06.2014)

Linux kernel multiple security vulnerabilities
updated since 17.06.2014
Published:21.07.2014
Source:
SecurityVulns ID:13844
Type:local
Threat Level:
6/10
Description:Kernel memory content leak via media_enum_entities() and rd_mcp() IOCTL, DoS, privilege escalations.
Affected:LINUX : kernel 3.13
CVE:CVE-2014-4943 (The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.)
 CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.)
 CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.)
 CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.)
 CVE-2014-4608 (** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.")
 CVE-2014-4508 (arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.)
 CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.)
 CVE-2014-4157 (arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.)
 CVE-2014-4027 (The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.)
 CVE-2014-4014 (The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.)
 CVE-2014-3940 (The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.)
 CVE-2014-1739 (The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.)
 CVE-2014-0206 (Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.)
 CVE-2014-0131 (Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.)
Original documentdocumentUBUNTU, [USN-2289-1] Linux kernel vulnerabilities (21.07.2014)
 documentKees Cook, [oss-security] CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets (21.07.2014)
 documentDon A. Bailey, [oss-security] LMS-2014-06-16-5: Linux Kernel LZ4 (28.06.2014)
 documentDon A. Bailey, [oss-security] LMS-2014-06-16-2: Linux Kernel LZO (28.06.2014)
 documentPetr Matousek, [oss-security] CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem (28.06.2014)
 documentAndy Lutomirski, [oss-security] CVE request: Another Linux syscall auditing bug (28.06.2014)
 documentPetr Matousek, [oss-security] CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io_getevents() (26.06.2014)
 documentMarcus Meissner, Re: [oss-security] CVE Request: Linux kernel ALSA core control API vulnerabilities (26.06.2014)
 documentcve-assign_(at)_mitre.org, [oss-security] CVE-2014-4171 - Linux kernel mm/shmem.c denial of service (19.06.2014)
 documentcve-assign_(at)_mitre.org, [oss-security] Re: (Linux kernel) Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS (19.06.2014)
 documentAndy Lutomirski, [oss-security] CVE-2014-4014: Linux kernel user namespace bug (17.06.2014)
 documentMoritz Muehlenhoff, [oss-security] CVE request: Linux kernel / target information leak (17.06.2014)
 documentcve-assign_(at)_mitre.org, [oss-security] CVE-2014-3940 - Linux kernel - missing check during hugepage migration (17.06.2014)
 documentSalva Peiro, [oss-security] CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities() (17.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod