Computer Security
[EN] securityvulns.ru no-pyccku


Lookup electronic dictionaries interface symbolic links problem
Published:18.03.2007
Source:
SecurityVulns ID:7424
Type:local
Threat Level:
5/10
Description:Symbolic links problem on temporary files creation.
Affected:LOOKUP : lookup 1.4
CVE:CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.)
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1269-1] New lookup-el packages fix insecure temporary file (18.03.2007)

Linux netfilter multiple security vulnerabilities
Published:18.03.2007
Source:
SecurityVulns ID:7425
Type:remote
Threat Level:
6/10
Description:Protection bypass with fragmented IPv6 packets, denial of service.
Affected:LINUX : kernel 2.6
CVE:CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.)
 CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference.)

Apple MacOS X multiple security vulnerabilities
Published:18.03.2007
Source:
SecurityVulns ID:7426
Description:Mac OS X security update closes a number of vulnerabilities.
Affected:APPLE : MacOS X 10.3
 APPLE : Mac OS X 10.4
 CUPS : cups 1.2
CVE:CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.)
 CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.)
 CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration.)
 CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.)
 CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.)
 CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.)
 CVE-2007-0723 (Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.)
 CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.)
 CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.)
 CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.)
 CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA07-072A -- Apple Updates for Multiple Vulnerabilities (18.03.2007)

PennMUSH mud environment DoS
Published:18.03.2007
Source:
SecurityVulns ID:7427
Type:remote
Threat Level:
5/10
Description:Multiple DoS conditions on different commands processing.
Affected:PENNMUSH : PennMUSH 1.8
CVE:CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions.)

D-Link TFTP server memory corruption
Published:18.03.2007
Source:
SecurityVulns ID:7428
Type:remote
Threat Level:
5/10
Description:Memory corruption on oversized GET/PUT commands.
Affected:DLINK : D-Link TFTP Server 1.0
CVE:CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)

netperf netserver symbolic links vulnerability
Published:18.03.2007
Source:
SecurityVulns ID:7429
Type:local
Threat Level:
5/10
Description:Symbolic links vulnerability on /tmp/netperf.debug file creation.
Affected:NETPERF : netperf 2.4
CVE:CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.)

Adobe JRun / ColdFusion DoS
Published:18.03.2007
Source:
SecurityVulns ID:7430
Type:remote
Threat Level:
5/10
Description:Denial of service under IIS Server on file request to JRun root folder.
Affected:ADOBE : JRun 4.0
 ADOBE : Macromedia ColdFusion MX 7
 ADOBE : Macromedia ColdFusion MX 6.1
CVE:CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.)

Sun Java Web Server unauthorized access
Published:18.03.2007
Source:
SecurityVulns ID:7431
Type:remote
Threat Level:
6/10
Affected:SUN : Sun Java System Web Server 6.1
 SUN : Sun Java System Web Server 6.0
CVE:CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.)
 CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.)

Rhapsody IRC client multiplesecurity vulnerabilities
Published:18.03.2007
Source:
SecurityVulns ID:7423
Type:client
Threat Level:
5/10
Description:Multiple buffer overflows and formatstring vulnerabilities.
Affected:RHAPSODY : Rhapsody IRC 0.28
CVE:CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands.)
 CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a (1) long command, (2) long server argument to the (a) connect or (b) server commands, (3) long nick argument to the (c) nick command, or a long (4) nick or (5) message argument to the (d) ctcp, (e) chat, (f) notice, (g) message (msg), or (h) query commands.)
Original documentdocumentstarcadi starcadi, Rhapsody IRC 0.28b (NICK) Multiple fs and bof vulnerability (18.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod