Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Explorer multiple security vulnerabilities
Published:18.03.2014
Source:
SecurityVulns ID:13605
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
 MICROSOFT : Windows 8.1
CVE:CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.)
 CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.)
 CVE-2014-0321 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0313.)
 CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0321.)
 CVE-2014-0312 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0324.)
 CVE-2014-0311 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0305.)
 CVE-2014-0309 (Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0312, and CVE-2014-0324.)
 CVE-2014-0307 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0306 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0305 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0311.)
 CVE-2014-0304 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0303 (Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0302.)
 CVE-2014-0302 (Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0303.)
 CVE-2014-0299 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0305 and CVE-2014-0311.)
 CVE-2014-0298 (Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-0297 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0308, CVE-2014-0312, and CVE-2014-0324.)
Files:Microsoft Security Bulletin MS14-012 - Critical Cumulative Security Update for Internet Explorer (2925418)

Microsoft Windows multiple security vulnerabilities
Published:18.03.2014
Source:
SecurityVulns ID:13606
Type:library
Threat Level:
8/10
Description:DirectShow memory corruptions, SilverLight restrictions bypass, SAMR restrictions bypass, kernel mode drivers privilege escalations.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
 MICROSOFT : Windows 8.1
CVE:CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability.")
 CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability.")
 CVE-2014-0317 (The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability.")
 CVE-2014-0301 (Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability.")
 CVE-2014-0300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability.")
Files:Microsoft Security Bulletin MS14-013 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
 Microsoft Security Bulletin MS14-014 - Important Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)
 Microsoft Security Bulletin MS14-015 - Important Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
 Microsoft Security Bulletin MS14-016 - Important Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)

sudo security vulnerabilities
Published:18.03.2014
Source:
SecurityVulns ID:13607
Type:local
Threat Level:
5/10
Description:Restrictions bypass
Affected:SUDO : sudo 1.8
CVE:CVE-2014-0106 (Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.)
Original documentdocumentUBUNTU, [USN-2146-1] Sudo vulnerabilities (18.03.2014)

BlackBerry QNX Neutrino RTOS privilege escalation
Published:18.03.2014
Source:
SecurityVulns ID:13608
Type:local
Threat Level:
5/10
Description:Privilege escalation via ifwatchd and ppoectl
Affected:BLACKBERRY : QNX Neutrino RTOS 6.5
Original documentdocumentTim Brown, Medium severity flaw in BlackBerry QNX Neutrino RTOS (18.03.2014)
 documentTim Brown, Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS (18.03.2014)

x2goserver privilege escalation
Published:18.03.2014
Source:
SecurityVulns ID:13609
Type:local
Threat Level:
5/10
Description:Relative path is used to execute application.
CVE:CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, relate to the path to libx2go-server-db-sqlite3-wrapper.pl.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:063 ] x2goserver (18.03.2014)

FreeType memory corruption
Published:18.03.2014
Source:
SecurityVulns ID:13610
Type:library
Threat Level:
6/10
Description:Few different memory corruptions.
CVE:CVE-2014-2241 (The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.)
 CVE-2014-2240 (Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.)
Original documentdocumentUBUNTU, [USN-2148-1] FreeType vulnerabilities (18.03.2014)

GNU libc regcomp buffer overflow / resources exhaustion
updated since 07.01.2011
Published:18.03.2014
Source:
SecurityVulns ID:11342
Type:library
Threat Level:
7/10
Description:Resources exhaustion and buffer overflow on regular expressions like ".*{10,}{10,}{10,}{10,}{10,}"
CVE:CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.)
 CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow.")
Original documentdocumentsubmit_(at)_cxsec.org, MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service (18.03.2014)
 documentMaksymilian Arciemowicz, GNU libc/regcomp(3) Multiple Vulnerabilities (07.01.2011)
Files:proftpd multiple exploit for VU#912279 (only with GNU libc/regcomp(3))

Remote Root via HP-UX rlpdaemon
updated since 21.11.2001
Published:18.03.2014
Source:
SecurityVulns ID:1578
Type:remote
Threat Level:
8/10
Description:Invalid printing commands parsing allows code executions.
Affected:HP : HP-UX 11.00
 HP : HP-UX 10.20
 HP : HP-UX 11.11
Original documentdocumentNomen Nescio, exploit for old rlpdaemon bug (18.03.2014)
 documentG.Borglum, HP-UX setuid rlpdaemon induced to make illicit file writes (17.12.2001)
 documentX-FORCE, ISS Security Advisory: Remote Logic Flaw Vulnerability in HP-UX Line Printer Daemon (21.11.2001)
Files:HP-UX rlpdaemon local exploit

PHP multiple security vulnerabilities
updated since 13.03.2014
Published:18.03.2014
Source:
SecurityVulns ID:13604
Type:library
Threat Level:
7/10
Description:DoS, information leakage, code execution
Affected:PHP : PHP 5.5
CVE:CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.)
 CVE-2014-2020 (ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.)
 CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.)
 CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.)
 CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.)
 CVE-2013-7228
 CVE-2013-7227
 CVE-2013-7226 (Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:059 ] php (18.03.2014)
 documentUBUNTU, USN-2126-1] PHP vulnerabilities (13.03.2014)

imapsync information leakage
Published:18.03.2014
Source:
SecurityVulns ID:13611
Type:m-i-t-m
Threat Level:
5/10
Description:Few information leaks.
Affected:IMAPSYNC : imapsync 1.584
CVE:CVE-2014-2014 (imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.)
 CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:060 ] imapsync (18.03.2014)

oath-toolkit replay attack
Published:18.03.2014
Source:
SecurityVulns ID:13612
Type:library
Threat Level:
5/10
Description:Implementation bug leads to replay attack possibility.
Affected:OATHTOOLKIT : OATH Toolkit 2.4
CVE:CVE-2013-7322 (usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:061 ] oath-toolkit (18.03.2014)

Samba restrictions bypass
Published:18.03.2014
Source:
SecurityVulns ID:13613
Type:remote
Threat Level:
5/10
Description:Few restriction bypass vulnerabilities.
Affected:SAMBA : Samba 3.4
 SAMBA : Samba 4.0
CVE:CVE-2013-6442 (The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.)
 CVE-2013-4496 (Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.)
Original documentdocumentSLACKWARE, [slackware-security] samba (SSA:2014-072-01) (18.03.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod