Computer Security
[EN] securityvulns.ru no-pyccku


Trend Micro OfficeScan multiple security vulnerabilities
Published:19.07.2007
Source:
SecurityVulns ID:7946
Type:remote
Threat Level:
7/10
Description:Unauthorized access to administration interface, buffer overflow on session cookie parsing.
Affected:TM : OfficeScan 7.3
 TM : Trend Micro Client Server Messaging Security 3.6
 TM : OfficeScan 8.0
CVE:CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information.")
 CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.16.07: Trend Micro OfficeScan Management Console Authorization Bypass Vulnerability (19.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.16.07: Trend Micro OfficeScan Session Cookie Buffer Overflow Vulnerability (19.07.2007)

CA eTrust Integrated Threat Management multiple buffer overflow
Published:19.07.2007
Source:
SecurityVulns ID:7948
Type:remote
Threat Level:
5/10
Description:Buffer overflows in Alert Notification Server RPC interface.
Affected:CA : eTrust Integrated Threat Management 8
CVE:CVE-2007-3825 (Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.)
Original documentdocumentCA, [CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities (19.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.17.07: Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities (19.07.2007)

Cisco Wide Area Application Services DoS
Published:19.07.2007
Source:
SecurityVulns ID:7949
Type:remote
Threat Level:
5/10
Description:TCP TYN flood to TCP/139 and TCP/445 ports causes device to hang.
Affected:CISCO : NM-WAE-502
 CISCO : WAE appliance
Original documentdocumentCISCO, Cisco Security Advisory: Denial of Service Vulnerability in Cisco Wide Area Application Services (WAAS) Software (19.07.2007)

Opera use-after-free vulnerability
Published:19.07.2007
Source:
SecurityVulns ID:7953
Type:client
Threat Level:
6/10
Description:Memory is used after free() on BitTorrent headers parsing.
Affected:OPERA : Opera 9.21
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.19.07: Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability (19.07.2007)

IBM Lotus Notes information leak
Published:19.07.2007
Source:
SecurityVulns ID:7955
Type:local
Threat Level:
3/10
Description:Administrator can enable debugging function to log all user's passwords.
Original documentdocumentJuergen Schmidt, [Full-disclosure] heise Security: Password exposure in Lotus Notes (19.07.2007)

Mozilla Firefox cache crossite access
updated since 10.07.2007
Published:19.07.2007
Source:
SecurityVulns ID:7906
Type:client
Threat Level:
7/10
Description:wyciwyg:// URL in combination with 302 HTTP response allows to access cached pages.
Affected:MOZILLA : Firefox 2.0
 XULRUNNER : xulrunner 1.8
 ICEWEASEL : iceweasel 2.0
CVE:CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-24 (19.07.2007)
 documentMichal Zalewski, Firefox wyciwyg:// cache zone bypass (10.07.2007)

Microsoft Internet Explorer 0-day vulnerability
updated since 10.07.2007
Published:19.07.2007
Source:
SecurityVulns ID:7904
Type:client
Threat Level:
6/10
Description:Unfiltered shell characters on executed URL: protocol application handler.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability (19.07.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-23 (19.07.2007)
 documentThor Larholm, [Full-disclosure] Internet Explorer 0day exploit (10.07.2007)
Files: Internet Explorer 0day Exploit

Linux kernel multiple security vulnerabilities
updated since 19.07.2007
Published:19.07.2007
Source:
SecurityVulns ID:7954
Type:remote
Threat Level:
6/10
Description:DoS with cluster manager, DoS with usblcd driver, DoS with VFAT IOCTL.
Affected:LINUX : kernel 2.6
CVE:CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption).)
 CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service.)
 CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.)
 CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.)
 CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.)
 CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.)
Original documentdocumentUBUNTU, [USN-489-1] Linux kernel vulnerabilities (19.07.2007)

IBM Tivoli Provisioning Manager for OS Deployment TFTP server DoS
Published:19.07.2007
Source:
SecurityVulns ID:7947
Type:remote
Threat Level:
5/10
Description:Devision by zero on invalid blksize argument.
Affected:IBM : Tivoli Provisioning Manager for OS Deployment 5.1
CVE:CVE-2007-3268 (The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.17.07: IBM Tivoli Provisioning Manager for OS Deployment TFTP Blocksize DoS Vulnerability (19.07.2007)

Microsoft DirectX buffer overflow
Published:19.07.2007
Source:
SecurityVulns ID:7951
Type:library
Threat Level:
5/10
Description:Buffer overflow on compressed TGA images parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : DirectX 9.0
 MICROSOFT : Windows Vista
CVE:CVE-2006-4183 (Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.)
Original documentdocumentReversemode, [Reversemode Advisory] Microsoft DirectX RLE Compressed Targa Image File Heap Overflow (19.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.18.07: Microsoft DirectX RLE Compressed Targa Image File Heap Overflow (19.07.2007)

Trillian multiple security vulnerabilities
Published:19.07.2007
Source:
SecurityVulns ID:7952
Type:client
Threat Level:
6/10
Description:Buffer overflow and unfiltered shell characters on aim:// URL processing.
Original documentdocumentBilly Rios, [Full-disclosure] Cross Application Scripting (IE pwns Trillian, Trillian pwns YOU!) (19.07.2007)

Mozilla Firefox, Thunderbird, Seamonkey multiple securityvulnerabilities
Published:19.07.2007
Source:
SecurityVulns ID:7941
Type:client
Threat Level:
8/10
Description:Code execution, memory corruption, content spoofing, crossite scripting, DoS.
Affected:MOZILLA : Firefox 2.0
 MOZILLA : Thunderbird 2.0
 XULRUNNER : xulrunner 1.8
 ICEWEASEL : iceweasel 2.0
CVE:CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.)
 CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document.")
 CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.)
 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.)
 CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.)
 CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.)
 CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-25 (19.07.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-22 (19.07.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-21 (19.07.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-20 (19.07.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-19 (19.07.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-18 (19.07.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-199A -- Mozilla Updates for Multiple Vulnerabilities (19.07.2007)

Asterisk VoIP server multiple security vulnerabilities
Published:19.07.2007
Source:
SecurityVulns ID:7943
Type:remote
Threat Level:
7/10
Description:Buffer overflow and DoS on IAX2 implementation, DoS in Skinny and STUN implementation.
Affected:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk s800i
CVE:CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.)
 CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy.")
 CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.)
 CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.)
Original documentdocumentASTERISK, ASA-2007-017: Remote Crash Vulnerability in STUN implementation (19.07.2007)
 documentASTERISK, ASA-2007-016: Remote crash vulnerability in Skinny channel driver (19.07.2007)
 documentASTERISK, ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver (19.07.2007)
 documentASTERISK, ASA-2007-014: Stack buffer overflow in IAX2 channel driver (19.07.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 19.07.2007
Published:19.07.2007
Source:
SecurityVulns ID:7944
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SIMPLEMACHINES : Simple Machines Forum 1.0
 LEDGERSMB : LedgerSMB 1.2
 INSANELYSIMPLE : Insanely Simple Blog 0.5
 MAILMARSHAL : MailMarshal SMTP 6.2
 GEOBLOG : Geoblog 1
 DOKUWIKI : DokuWiki 2007-06-26
CVE:CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.)
 CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.)
Original documentdocumentCyrill Brunschwiler, DokuWiki suffers XSS (19.07.2007)
 documentjoseph.giron13_(at)_gmail.com, Geoblog v1 administrator bypass (19.07.2007)
 documentGary O'leary-Steele, [Full-disclosure] [Sec-1 Ltd] Advisory: MailMarshal Spam Quarantine Password Retrieval Vulnerability (19.07.2007)
 documentChris Travers, Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6 (19.07.2007)
 documentChris Travers, Clarifications on LedgerSMB vulnerability with Bugtraq ID:24940 (19.07.2007)
 documentUBUNTU, [USN-487-1] Dovecot vulnerability (19.07.2007)
 documentjoseph.giron13_(at)_gmail.com, Insanely simple blog - Multiple vulnerabilities (19.07.2007)
 documentsirn0n_(at)_yahoo.com, LFI On SMF 1.1.3 (19.07.2007)
 documentMatthew Cook, ExLibris Aleph and Metalib Cross Site Scripting Attack (19.07.2007)

curl TLS certificates spoofing
Published:19.07.2007
Source:
SecurityVulns ID:7945
Type:library
Threat Level:
5/10
Description:Certificate's activation adn expire dates are not checked if GnuTLS verification method is used.
Affected:CURL : curl 7.15
CVE:CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.)

Oracle multiple security vulnerabilities
updated since 19.07.2007
Published:24.07.2007
Source:
SecurityVulns ID:7942
Type:remote
Threat Level:
7/10
Description:DBMS_DRS.GET_PROPERTY and MDSYS.MD buffer overflow, crossite scripting, privilege escalation with views.
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle 8i
 ORACLE : Oracle 10g
CVE:CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment.)
 CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.)
 CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01.)
 CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.)
 CVE-2007-0272 (Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and attack vectors related to the Oracle Spatial component and mdsys.md privileges, aka DB05. NOTE: Oracle has not disputed a reliable researcher report that claims this is for multiple buffer overflows and other issues in unspecified public procedures.)
 CVE-2007-0270 (Unspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors related to the Data Guard and sys.dbms_drs privileges, aka DB03. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the GET_PROPERTY function in SYS.DBMS_DRS, which can be exploited for arbitrary code execution or a denial of service.)
Original documentdocumentIntegrigy Security Alerts, Oracle E-Business Suite - Multiple Vulnerabilities (24.07.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-200A -- Oracle Releases Patches for Multiple Vulnerabilities (21.07.2007)
 documentSHATTER, Oracle Database Buffer overflow vulnerabilities in procedure DBMS_DRS.GET_PROPERTY (DB03) (19.07.2007)
 documentSHATTER, Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12) (19.07.2007)
 documentKornbrust, Alexander, Oracle Security: SQL Injection in APEX CHECK_DB_PASSWORD (19.07.2007)
 documentKornbrust, Alexander, Oracle Security: SQL Injection in package DBMS_PRVTAQIS (19.07.2007)
 documentKornbrust, Alexander, Oracle Security: Insert / Update / Delete Data via Views (19.07.2007)
Files:Oracle 9i/10g - evil view exploit (CVE-2007-3855)

IPSwitch IMAIL IMAP server buffer overflow
updated since 19.07.2007
Published:25.07.2007
Source:
SecurityVulns ID:7950
Type:remote
Threat Level:
6/10
Description:Buffer overflow in SEARCH and SUBSCRIBE commands and also during authentication procedure.
Affected:IPSWITCH : IMail 2006.2
CVE:CVE-2007-2795
Original documentdocumentZDI, ZDI-07-042: Ipswitch IMail Server GetIMailHostEntry Memory Corruption Vulnerability (25.07.2007)
 document3COM, ZDI-07-043: Ipswitch IMail IMAP Daemon SUBSCRIBE Stack Overflow Vulnerability (25.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.18.07: Ipswitch IMail Server 2006 IMAP Search Command Buffer Overflow Vulnerability (19.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod