Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Kerberos tickets spoofing
Published:19.08.2010
Source:
SecurityVulns ID:11083
Type:m-i-t-m
Threat Level:
6/10
Description:It's possible to logon with any account by manipulating network traffic.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
Original documentdocumentTommaso Malgherini, Windows Kerberos Authentication Bypass (19.08.2010)
Files:Attacking and fixing the Microsoft Windows Kerberos Login Service

FreeBSD / NetBSD Coda file system information leak
Published:19.08.2010
Source:
SecurityVulns ID:11084
Type:local
Threat Level:
5/10
Description:Kernel memory information leak via IOCTL.
CVE:CVE-2010-3014 (The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when Coda is loaded and Venus is running with /coda mounted, allows local users to read sensitive heap memory via a large out_size value in a ViceIoctl struct to a Coda ioctl, which triggers a buffer over-read.)
Original documentdocumentVSR Advisories, CVE-2010-3014: Coda Filesystem Kernel Memory Disclosure (19.08.2010)

Rekonq crossite scripting
Published:19.08.2010
Source:
SecurityVulns ID:11085
Type:client
Threat Level:
5/10
Description:Crossite scriptin via error messages.
Affected:REKONG : Rekonq 0.4
Original documentdocumentTim Brown, Medium security hole in Rekonq web browser (19.08.2010)

Apple iTunes multiple security uvlnerabilities
Published:19.08.2010
Source:
SecurityVulns ID:11086
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions on different media formats parsing, privilege escalations, code exeecution from network shares.
Affected:APPLE : iTunes 9.0
CVE:CVE-2010-1795 (Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.)
 CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.)
 CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.)
 CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.)
 CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.)
 CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.)
 CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.)
 CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.)
 CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.)
Original documentdocumentMitja Kolsek, ACROS Security: Remote Binary Planting in Apple iTunes for Windows (ASPR #2010-08-18-1) (19.08.2010)
 documentAPPLE, About the security content of iTunes 9.1 (19.08.2010)

Triologic Media Player buffer overflow
Published:19.08.2010
Source:
SecurityVulns ID:11087
Type:remote
Threat Level:
5/10
Description:Buffer overflow on .m3u playlists parsing.
Affected:TRILOGIC : Triologic Media Player 8
Original documentdocumentglafkos_(at)_astalavista.com, Triologic Media Player 8 (.m3u) Local Universal Unicode Buffer Overflow [SEH] (19.08.2010)
Files:Triologic Media Player 8 (.m3u) Local Universal Unicode Buffer Overflow [SEH]

Apache mod_proxy_http information leak
updated since 14.06.2010
Published:19.08.2010
Source:
SecurityVulns ID:10925
Type:remote
Threat Level:
4/10
Description:Under some conditions, server reply may be sent to wrong client.
Affected:APACHE : Apache 2.2
CVE:CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.)
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:153 ] apache (19.08.2010)
 documentAPACHE, [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068 (14.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod