Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel multiple security vulnerabilities
updated since 11.09.2010
Published:20.09.2010
Source:
SecurityVulns ID:11129
Type:local
Threat Level:
6/10
Description:DoS conditions, CIFS client privilege escalation, do_anonymous_page privilege escalation, information leak in XFS, privilege escalation in compat_alloc_user_space().
Affected:LINUX : kernel 2.6
CVE:CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.)
 CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.)
 CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.)
 CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.)
 CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.)
 CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.)
 CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.)
 CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.)
 CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues (20.09.2010)
 documentMANDRIVA, [ MDVSA-2010:172 ] kernel (11.09.2010)

bzip2 integer overflow
Published:20.09.2010
Source:
SecurityVulns ID:11156
Type:library
Threat Level:
6/10
Description:Integer overflow on bz2 archive decompressing.
Affected:BZIP : bzip2 1.0
 BZIP2 : libbz2 1.0
CVE:CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.)
Original documentdocumentUBUNTU, [USN-986-1] bzip2 vulnerability (20.09.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.09.2010
Source:
SecurityVulns ID:11157
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:E107 : e107 0.7
 DRUPAL : Drupal 6.6
 FREESIMPLESOFT : Free Simple CMS 1.0
CVE:CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.)
 CVE-2010-3093 (The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.)
 CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name.)
 CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2113-1] New drupal6 packages fix several vulnerabilities (20.09.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in e107 (20.09.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in e107 (20.09.2010)
 documentAndrea Barisani, [oCERT-2010-003] Free Simple CMS path sanitization errors (20.09.2010)

Squid proxy server DoS
Published:20.09.2010
Source:
SecurityVulns ID:11158
Type:remote
Threat Level:
6/10
Description:Crash on request with empty header strings.
Affected:SQUID : squid 3.1
CVE:CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2111-1] New squid3 packages fix denial of service (20.09.2010)

Alcatel CCAgent unauthorized access
Published:20.09.2010
Source:
SecurityVulns ID:11159
Type:remote
Threat Level:
5/10
Description:Server does not provide any authenticaiton, password is stored on the client site in reversible encryption.
Affected:ALCATEL : CCAgent 0.9
CVE:CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application.)
 CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe.)
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server (20.09.2010)

Alcatel OmniVista 4760 buffer overflow
Published:20.09.2010
Source:
SecurityVulns ID:11160
Type:remote
Threat Level:
5/10
Description:Buffer overflow in built-in HTTP proxy.
CVE:CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request.)
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760 (20.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod