Computer Security
[EN] securityvulns.ru no-pyccku


Cisco IOS XR BGP DoS
updated since 19.08.2009
Published:19.08.2009
Source:
SecurityVulns ID:10163
Type:remote
Threat Level:
6/10
Description:BGP session reset on malformed BGP update.
Affected:CISCO : Cisco IOS XR 3.4
 CISCO : Cisco IOS XR 3.5
 CISCO : Cisco IOS XR 3.6
 CISCO : Cisco IOS XR 3.7
 CISCO : Cisco IOS XR 3.8
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability (19.08.2009)

Cisco Firewall Services Module DoS
Published:19.08.2009
Source:
SecurityVulns ID:10164
Type:remote
Threat Level:
6/10
Description:Crash on malcrafted ICMP packets.
Affected:CISCO : Firewall Services Module
CVE:CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages.)
Original documentdocumentCISCO, Cisco Security Advisory: Firewall Services Module Crafted ICMP Message Vulnerability (19.08.2009)

CA Host-Based Intrusion Prevention System DoS
Published:19.08.2009
Source:
SecurityVulns ID:10166
Type:remote
Threat Level:
5/10
Description:Malformed network packet causes system crash because of error in kmxIds.sys driver.
Affected:CA : CA Host-Based Intrusion Prevention System 8.1
CVE:CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet.)
Original documentdocumentiViZ Security Advisories, [IVIZ-09-005] CA HIPS Remote Kernel Vulnerability (19.08.2009)
 documentCA, CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System (19.08.2009)

Libpurple / Pidgin memory corruption
Published:19.08.2009
Source:
SecurityVulns ID:10165
Type:library
Threat Level:
6/10
Description:Memory corruption on malformed MSN protocol message.
Affected:PIDGIN : Pidgin 2.5
 LIBPURPLE : libpurple 2.5
 ADIUM : Adium 1.3
CVE:CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.)
 CVE-2009-2694 (The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0727: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability (19.08.2009)

HP Network Node Manager remote console weak files permissions
updated since 07.02.2007
Published:19.08.2009
Source:
SecurityVulns ID:7194
Type:remote
Threat Level:
5/10
Description:Weak permissions for C:\Program Files\HP OpenView allows executable files and system service file spoofing.
Affected:HP : Network Node Manager 7.50
CVE:CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.)
Original documentdocumentHP, [security bulletin] HPSBMA02448 SSRT061231 rev.1 - HP Network Node Manager (NNM) Remote Console Running on Windows, Local Execution of Arbitrary Code, Denial of Service (DoS) (19.08.2009)
Files:Hewlett-Packard Network Node Manager 7.50 Remote Console weak files permissions

CA Internet Security Suite DoS
updated since 19.08.2009
Published:27.08.2009
Source:
SecurityVulns ID:10167
Type:local
Threat Level:
4/10
Description:Crash on IOCTL processing.
Affected:CA : CA Internet Security Suite 3
 CA : CA Internet Security Suite 4
 CA : CA Internet Security Suite 5
CVE:CVE-2009-0682 (vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call.)
Original documentdocumentValery Marchuk, [PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability (27.08.2009)
 documentCA, CA20090818-02: Security Notice for CA Internet Security Suite (19.08.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod