Computer Security
[EN] securityvulns.ru no-pyccku


X.Org multiple security vulnerabilities
Published:20.10.2011
Source:
SecurityVulns ID:11984
Type:local
Threat Level:
6/10
Description:Memory corruprions, insecure lock file creation.
Affected:XORG : X11 7.6
CVE:CVE-2011-4029 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.)
 CVE-2011-4028 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.)
 CVE-2010-4819 (The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw.")
 CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c.)
Original documentdocumentUBUNTU, [USN-1232-1] X.Org X server vulnerabilities (20.10.2011)

Multiple HTTP servers DoS
updated since 27.08.2011
Published:20.10.2011
Source:
SecurityVulns ID:11880
Type:remote
Threat Level:
8/10
Description:Range: header processing can lead to memory exhaustion.
Affected:APACHE : Apache 1.3
 APACHE : Apache 2.0
 APACHE : Apache 2.2
CVE:CVE-2011-3348 (The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.)
 CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.)
Original documentdocumentCISCO, Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability (30.08.2011)
 documentXianuro GL, HTTPKiller - (Global HTTP DoS) (27.08.2011)
 document , Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192) (27.08.2011)
Files:HTTPKiller - FHTTP Kit by Xianur0
 Apache httpd Remote Denial of Service (memory exhaustion)

SystemTap DoS
Published:20.10.2011
Source:
SecurityVulns ID:11985
Type:local
Threat Level:
4/10
Description:Crash on ELF parsing.
Affected:SYSTEMTAP : SystemTap 1.4
CVE:CVE-2011-1781 (SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing).)
 CVE-2011-1769 (SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:155 ] systemtap (20.10.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod