Computer Security
[EN] securityvulns.ru no-pyccku


grsecurity privilege escalation
updated since 12.01.2007
Published:20.01.2007
Source:
SecurityVulns ID:7045
Type:local
Threat Level:
7/10
Description:Privilege escalation with expand_stack().
Affected:GRSECURITY : grsecurity 2.1
CVE:CVE-2007-0257 (** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.)
 CVE-2007-0253 (** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.)
Original documentdocumentinfo_(at)_digitalarmaments.com, Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability (20.01.2007)
 documentinfo_(at)_digitalarmaments.com, Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability (12.01.2007)

Microsoft Help Workshop buffer overflow
updated since 18.01.2007
Published:20.01.2007
Source:
SecurityVulns ID:7068
Type:local
Threat Level:
5/10
Description:Buffer overflow on .cnt / .hpj files parsing.
Affected:MICROSOFT : Microsoft Help Workshop 4.03
CVE:CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.)
 CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.)
Original documentdocumentporkythepig_(at)_anspi.pl, Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop (20.01.2007)
 documentporkythepig_(at)_anspi.pl, Microsoft Help Workshop .CNT contents files buffer overflow vulnerability (18.01.2007)
Files:PoC exploit for .cnt files buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002
 PoC exploit for (.HPJ) project files buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002

HP-UX ipfilter DoS
Published:20.01.2007
Source:
SecurityVulns ID:7070
Type:remote
Threat Level:
6/10
Description:System crash on malcrafted packet.
Affected:HP : HP-UX 11.23
CVE:CVE-2007-0818 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0396. Reason: This candidate is a duplicate of CVE-2007-0396. Notes: All CVE users should reference CVE-2007-0396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02181 SSRT061289 rev.1 - HP-UX Running IPFilter, Remote Unauthorized Denial of Service (DoS) (20.01.2007)

Cisco CS MARS and Cisco ADSM TLS, SSL, SSH certificates validation problem
Published:20.01.2007
Source:
SecurityVulns ID:7071
Type:remote
Threat Level:
6/10
Description:On connecting to managed device, device certificate is not validated.
Affected:CISCO : CS-MARS 4.2
 CISCO : ASDM 5.2
CVE:CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.)
Original documentdocumentCISCO, Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability (20.01.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.01.2007
Source:
SecurityVulns ID:7072
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SMF : Simple Machines Forum 1.1
 ARSDIGITA : Ars Digita Community System 4.2
 ARSDIGITA : ACS-Java 3.4
 ARSDIGITA : ACS-Java 4.0
 ARSDIGITA : ACS-Java 4.7
 SUBROSUS : sabros.us 1.7
 EASYEBAYRESOURCE : Login Manager 3.0
CVE:CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.)
 CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter.)
 CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter.)
 CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.)
 CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.)
 CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.)
 CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.)
 CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.)
 CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.)
Original documentdocumentAdvisory_(at)_Aria-Security.net, SMF "index.php?action=pm" Cross Site-Scripting (20.01.2007)
 documentHackers Center Security Group, Paypal Subscription Manager Multiple HTML Injections (20.01.2007)
 documentHackers Center Security Group, Login Manager Multiple HTML Injections (20.01.2007)
 documentsn0oPy_(at)_avenir-geopolitique.net, a-forum xss (20.01.2007)
 documentCorryL, [x0n3-h4ck] sabros.us 1.7 XSS Exploit (20.01.2007)
 documentHackers Center Security Group, MyShoutBox Multiple Cross-Site Scripting Vulnerability (20.01.2007)
 documentElliot Kendall, Directory Traversal in ArsDigita Community System (20.01.2007)

BitDefender client format string vulnerability
Published:20.01.2007
Source:
SecurityVulns ID:7073
Type:local
Threat Level:
5/10
Description:Format string vulnerability on scan settings logging.
Affected:BITDEFENDER : BitDefender Client Professional 8.02
CVE:CVE-2007-0391 (Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.)
Original documentdocumentDeral Heiland, Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability (20.01.2007)

Mac OS X syscall DoS
Published:20.01.2007
Source:
SecurityVulns ID:7074
Type:local
Threat Level:
5/10
Description:Arguments of shared_region_map_file_np() syscall are not checking, making it's possible to exhaust all available memory.
Affected:APPLE : Mac OS X 10.4
CVE:CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.)
Original documentdocumentRISE Security, [RISE-2007001] Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability (20.01.2007)
Files:Exploits Mac OS X 10.4.x kernel shared_region_map_file_np() memory exhaustion

AVM Fritz!Box VoIP router DoS
Published:20.01.2007
Source:
SecurityVulns ID:7075
Type:remote
Threat Level:
5/10
Description:Crash on empty UDP packet to UDP/5060 (SIP) port.
Affected:AVM : Fritz!Box 750
CVE:CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).)
Original documentdocumentCollin R. Mulliner, DoS against AVM Fritz!Box 7050 (and others) (20.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod