Computer Security
[EN] securityvulns.ru no-pyccku


bind DNS server DoS
Published:20.11.2011
Source:
SecurityVulns ID:12039
Type:remote
Threat Level:
8/10
Description:Crash on packet parsing.
Affected:ISC : bind 9.7
 BIND : bind 9.8
CVE:CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.)
Original documentdocumentUBUNTU, [USN-1264-1] Bind vulnerability (20.11.2011)

system-config-printer content spoofing
Published:20.11.2011
Source:
SecurityVulns ID:12040
Type:m-i-t-m
Threat Level:
4/10
Description:Unsafe conneciton is used to download drivers.
Affected:SYSTEMCONFIGPRIN : system-config-printer 1.3
CVE:CVE-2011-4405 (The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.)
Original documentdocumentUBUNTU, [USN-1265-1] system-config-printer vulnerability (20.11.2011)

OpenLDAP buffer overflow
Published:20.11.2011
Source:
SecurityVulns ID:12041
Type:remote
Threat Level:
5/10
Description:Off-by-one overflow on LDIF parsing.
Affected:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.)
Original documentdocumentUBUNTU, [USN-1266-1] OpenLDAP vulnerability (20.11.2011)

Jetty Web server / VMware vCenter directory traversal
Published:20.11.2011
Source:
SecurityVulns ID:12042
Type:remote
Threat Level:
5/10
Affected:VMWARE : vCenter Update Manager 4.0
CVE:CVE-2011-4404 (The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.)
Original documentdocumentVMWARE, VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability (20.11.2011)

SAP Crystal Report Server crossite scripting
Published:20.11.2011
Source:
SecurityVulns ID:12043
Type:remote
Threat Level:
5/10
Description:Crossite scripting in pubDBLogon/
Affected:SAP : Crystal Report Server 2008
Original documentdocumentAlexandr Polyakov, [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability (20.11.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod