Computer Security
[EN] securityvulns.ru no-pyccku


libpurple / Pidgin DoS
updated since 27.11.2011
Published:19.12.2011
Source:
SecurityVulns ID:12062
Type:remote
Threat Level:
5/10
Description:Crash on SILC protocol parsing, crash on OSCAR parsing (AIM, ICQ).
Affected:LIBPURPLE : libpurple 2.10
CVE:CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.)
 CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:183 ] pidgin (19.12.2011)
 documentUBUNTU, [USN-1273-1] Pidgin vulnerabilities (27.11.2011)

Adobe Acrobat / Reader multiple security vulnerabilities
Published:19.12.2011
Source:
SecurityVulns ID:12095
Type:client
Threat Level:
8/10
Description:Vulnerabilities are used in-the-wild for unauthorized access
CVE:CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
 CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
 CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
Files:Security Advisory for Adobe Reader and Acrobat
 Security updates available for Adobe Reader and Acrobat 9.x for Windows

bzip2 bzexe symbolic links vulnerability
Published:19.12.2011
Source:
SecurityVulns ID:12096
Type:local
Threat Level:
5/10
Description:Insecure temporary files creation.
Affected:BZIP : bzip2 1.0
CVE:CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.)
Original documentdocumentUBUNTU, [USN-1308-1] bzip2 vulnerability (19.12.2011)

Nova unauthroized access
Published:19.12.2011
Source:
SecurityVulns ID:12099
Type:remote
Threat Level:
5/10
Description:It's possible to overwrite files.
Affected:NOVA : Nova 2011.3
CVE:CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.)

JasPer library security vulnerabilities
Published:19.12.2011
Source:
SecurityVulns ID:12100
Type:library
Threat Level:
5/10
Description:Buffer overflow and memory corruption on JPEG2000 parsing.
Affected:JASPER : JasPer 1.900
CVE:CVE-2011-4517 (The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a malformed JPEG2000 file.)
 CVE-2011-4516 (Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a JPEG2000 file.)

libxml library security vulnerabilities
Published:19.12.2011
Source:
SecurityVulns ID:12101
Type:library
Threat Level:
6/10
Description:Buffer overflow, unallocated memory reference.
Affected:LIBXML : libxml 2.7
CVE:CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-3905 (libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.)

Restorepoint security vulnerabilities
Published:19.12.2011
Source:
SecurityVulns ID:12103
Type:remote
Threat Level:
6/10
Description:Code execution, privileg escalation.
Affected:RESTOREPOINT : Restorepoint 3.2
CVE:CVE-2011-4202 (The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file.)
 CVE-2011-4201 (remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action.)
Original documentdocumentTavaris Desamito, [MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202 (19.12.2011)

libcap protection bypass
Published:19.12.2011
Source:
SecurityVulns ID:12104
Type:library
Threat Level:
4/10
Description:chdir() is not called after chroot().
Affected:LIBCAP : libcap 2.19
CVE:CVE-2011-4099 (The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:185 ] libcap (19.12.2011)

zFTPServer irectory traversal
Published:19.12.2011
Source:
SecurityVulns ID:12105
Type:remote
Threat Level:
5/10
Description:Directory traversal in rmdir command.
Affected:ZFTPSERVER : zFTPServer 6.0
CVE:CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows remote authenticated users to delete arbitrary directories via a crafted RMD (aka rmdir) command.)
Original documentdocumentsecurity_(at)_infoserve.de, zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal (19.12.2011)

EMC RSA Adaptive Authentication (On-Premise) security vulnerabilities
Published:19.12.2011
Source:
SecurityVulns ID:12106
Type:remote
Threat Level:
5/10
Description:Protection bypass is possible.
Affected:EMC : RSA Adaptive Authentication On-Premise 6.0
CVE:CVE-2011-2742 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device.)
 CVE-2011-2741 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements.")
Original documentdocumentEMC, ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise) (19.12.2011)

Microsoft Windows multiple applications DLL hijacking
updated since 26.08.2010
Published:19.12.2011
Source:
SecurityVulns ID:11096
Type:client
Threat Level:
6/10
Description:If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 PLOTSOFT : PDFill PDF Editor 8.0
 EMC : RSASecurID Software Token 4.1
CVE:CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file.)
 CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability.")
 CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability.")
 CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.)
Original documentdocumentEMC, ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r) (19.12.2011)
 documentrobkraus_(at)_soutionary.com, Foxit Reader Insecure Library Loading (22.07.2011)
 documentrobkraus_(at)_solutionary.com, PDFill Insecure Library Loading (10.06.2011)
 documentMitja Kolsek, Silently Pwning Protected-Mode IE9 and Innocent Windows Applications (08.05.2011)
 documentNSO Research, NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability (24.01.2011)
 documentACROS Security, ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products (13.01.2011)
 documentapa-iutcert_(at)_nsec.ir, Google Desktop Insecure Library Loading Vulnerability (30.11.2010)
 documentapa-iutcert_(at)_nsec.ir, AOL Instant Messenger Insecure Library Loading Vulnerability (30.11.2010)
 documentSalvatore "drosophila" Fresta, Audacity <= 1.3 Beta Multiple Local Vulnerabilities (02.11.2010)
 documentapa-iutcert_(at)_nsec.ir, ACDSee Photo Manager Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, FlipAlbum Vista Pro Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Internet Download Manager Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Nessus Client Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Orbit Downloader Insecure Library Loading Vulnerability (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, WinMerge Insecure Library Loading Vulnerability (28.10.2010)
 documentACROS Security, Breaking The SetDllDirectory Protection Against Binary Planting (28.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Secunia PSI Insecure Library Loading Vulnerability (28.10.2010)
 documentACROS Security, How Visual Studio Makes Your Applications Vulnerable to Binary Planting (26.10.2010)
 documentindoushka salah el ddine, Microsft COFEE v1.1.2 DLL Hijacking Exploit (19.10.2010)
 documentindoushka salah el ddine, Vuris win32 mabezat DLL Hijacking Exploit (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Accounting Pro 2003 Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Rafe 7 Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Brilliant Accounting System (59) Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Sahar Money Manager Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Holoo Insecure Library Loading Vulnerability (19.10.2010)
 documentapa-iutcert_(at)_nsec.ir, Xilisoft Video Converter Ultimate Insecure Library Loading Vulnerability (19.10.2010)
 documentYGN Ethical Hacker Group, Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll) (02.09.2010)
 documentYGN Ethical Hacker Group, KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll) (02.09.2010)
 documentnikhil_uitrgpv_(at)_yahoo.co.in, Tortoise SVN DLL Hijacking Vulnerability (02.09.2010)
 documentinfo_(at)_securitylab.ir, Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll) (31.08.2010)
 documentYGN Ethical Hacker Group, QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll) (30.08.2010)
 documentYGN Ethical Hacker Group, Maxthon Browser version 2.5.15.1000 Insecure DLL Hijacking Vulnerability (dwmapi.dll) (30.08.2010)
 documentYGN Ethical Hacker Group, Notepad++ version 5.7 Insecure DLL Hijacking Vulnerability (30.08.2010)
 documentglafkos_(at)_astalavista.com, Flash Player 9 DLL Hijacking Exploit (schannel.dll) (30.08.2010)
 documentglafkos_(at)_astalavista.com, Skype <= 4.2.0.169 DLL Hijacking Exploit (wab32.dll) (30.08.2010)
 documentMICROSOFT, Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution (29.08.2010)
 documentCERT, US-CERT Technical Cyber Security Alert TA10-238A -- Microsoft Windows Insecurely Loads Dynamic Libraries (29.08.2010)
 documentglafkos_(at)_astalavista.com, TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll] (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe Premier Pro CS4 DLL Hijacking Exploit (ibfs32.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll) (26.08.2010)
 documentglafkos_(at)_astalavista.com, Adobe On Location CS4 DLL Hijacking Exploit (ibfs32.dll) (26.08.2010)
Files:Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution
 A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm
 Microsoft Security Bulletin MS11-059 - Important Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
 Microsoft Security Bulletin MS11-071 - Important Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) Published: Tuesday, September 13, 2011

Sterling Trader integer overflow
updated since 02.10.2011
Published:19.12.2011
Source:
SecurityVulns ID:11944
Type:remote
Threat Level:
5/10
Description:Interger overflow on network request parsing.
Affected:STERLINGTRADER : Sterling Trader 7.0
CVE:CVE-2011-3842
Original documentdocumentSECUNIA, Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability (19.12.2011)
 documentLuigi Auriemma, Integer overflow in Sterling Trader 7.0.2 (02.10.2011)

PHP security vulnerabilities
updated since 19.12.2011
Published:08.02.2012
Source:
SecurityVulns ID:12097
Type:library
Threat Level:
6/10
Description:Reading outside allocated memory on JPEG exif headers parsing. CPU exhaustion because of predictable hash collisions for form data.
Affected:PHP : PHP 5.3
 PHP : PHP 5.4
CVE:CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.)
 CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.)
 CVE-2011-4566 (Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.)
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (02.01.2012)
 documentAndrea Barisani, [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision (02.01.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod