Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel multiple security vulnerabilities
Published:21.01.2012
Source:
SecurityVulns ID:12151
Type:remote
Threat Level:
6/10
Description:DoS conditions, information leaks, privilege escalation.
Affected:LINUX : kernel 2.6
CVE:CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.)
 CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.)
 CVE-2011-4611 (Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events.)
 CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.)
 CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key.")
 CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.)
 CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem.)
 CVE-2011-2898 (net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.)
 CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2389-1] linux-2.6 security update (21.01.2012)

Microsoft Windows multiple security vulnerabilities
updated since 11.01.2012
Published:21.01.2012
Source:
SecurityVulns ID:12137
Type:client
Threat Level:
7/10
Description:SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-0013 (Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability.")
 CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability.")
 CVE-2012-0005 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability.")
 CVE-2012-0004 (Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability.")
 CVE-2012-0003 (Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability.")
 CVE-2012-0001 (The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability.")
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Original documentdocumentAkita Software Security, Office arbitrary ClickOnce application execution vulnerability (21.01.2012)
Files:Microsoft Security Bulletin MS12-001 - Important Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
 Microsoft Security Bulletin MS12-002 - Important Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
 Microsoft Security Bulletin MS12-003 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
 Microsoft Security Bulletin MS12-004 - Critical Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
 Microsoft Security Bulletin MS12-005 - Important Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
 Microsoft Security Bulletin MS12-006 - Important Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

GreenBrowser double free
Published:21.01.2012
Source:
SecurityVulns ID:12152
Type:client
Threat Level:
5/10
Description:Double free on iframe tag
Affected:GREENBROWSER : GreenBrowser 6.0
Original documentdocumentvuln_(at)_nipc.org.cn, GreenBrowser iframe content Double Free Vulnerability (21.01.2012)

NTR ActiveX security vulnerabilities
Published:21.01.2012
Source:
SecurityVulns ID:12153
Type:client
Threat Level:
5/10
Description:Buffer overflow, unsafe method.
Affected:NTR : NTR ActiveX control 2.0
CVE:CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.)
 CVE-2012-0266 (Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.)
Original documentdocumentSECUNIA, Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability (21.01.2012)
 documentSECUNIA, Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities (21.01.2012)

Business Availability Center / Business Service Management information leakage
Published:21.01.2012
Source:
SecurityVulns ID:12155
Type:remote
Threat Level:
5/10
CVE:CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.)
 CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.)
 CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.)
Original documentdocumentHP, [security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information (21.01.2012)

Suhoshin buffer overflow
Published:21.01.2012
Source:
SecurityVulns ID:12157
Type:library
Threat Level:
5/10
Description:Buffer overflow in the transparent cookis encryption code.
Affected:SUHOSHIN : Suhoshin 0.9
Original documentdocumentStefan Esser, Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow (21.01.2012)

EMC SourceOne information leakage
Published:21.01.2012
Source:
SecurityVulns ID:12158
Type:local
Threat Level:
4/10
Description:Information leakage via log files.
Affected:EMC : SourceOne 6.5
 EMC : SourceOne 6.6
 EMC : SourceOne 6.7
CVE:CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.)
Original documentdocumentEMC, ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability. (21.01.2012)

PHP DoS
Published:21.01.2012
Source:
SecurityVulns ID:12159
Type:library
Threat Level:
5/10
Description:NULL pointer dereference because on unchecked zend_strndup return value.
Affected:PHP : PHP 5.3
CVE:CVE-2011-4153 (PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.)
Original documentdocumentcxib_(at)_cxsecurity.com, PHP 5.3.8 Multiple vulnerabilities (21.01.2012)

HP StorageWorks P2000 security vulnerabilities
updated since 16.01.2012
Published:21.01.2012
Source:
SecurityVulns ID:12144
Type:remote
Threat Level:
5/10
Description:Default account, directory traversal.
Affected:HP : StorageWorks P2000
CVE:CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.)
Original documentdocumentHP, [security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code (21.01.2012)
 documentZDI, ZDI-12-015 : (0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities (16.01.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.01.2012
Published:21.01.2012
Source:
SecurityVulns ID:12156
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WEBCALENDAR : Webcalendar 1.2
 KNOWLEDGETREE : KnowledgeTree 3.7
 APPRAIN : appRain CMF 0.1
 DRUPAL : CKEditor 3.6
 ONEORZERO : OneOrZero AIMS 2.8
 FAMCONNECTIONS : Family Connections 2.7
 PHPVIDEOPRO : phpVideoPro 0.9
 BEEHIVEFORUM : Beehive Forum 101
 BOLTWIRE : BoltWire 3.4
 ATUTOR : ATutor 2.0
 OPENTTD : OpenTTD 1.0
 KAYAKO : Kayako Support Suite 3.70
 X3CMS : x3cms 0.4
CVE:CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.)
 CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.)
 CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.)
Original documentdocumentsecurity_(at)_infoserve.de, Multiple Cross-Site-Scripting vulnerabilities in x3cms (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-01] Cross-Site Scripting in Kayako Support Suite (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-02] PHP code Injection in Kayako Support Suite (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-03] Information disclosure in Kayako Support Suite (21.01.2012)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-04] Cross-Site Scripting in Kayako Support Suite (21.01.2012)
 documentDEBIAN, [SECURITY] [DSA 2386-1] openttd security update (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, ATutor 2.0.3 Multiple XSS vulnerabilities (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, BoltWire 3.4.16 Multiple XSS vulnerabilities (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, phpVideoPro Multiple XSS vulnerabilities (21.01.2012)
 documentsschurtz_(at)_darksecurity.de, Beehive Forum 101 Multiple XSS vulnerabilities (21.01.2012)
 documenttom, Family Connections 2.7.2 Multiple XSS (21.01.2012)
 documentHigh-Tech Bridge Security Research, XSS in OneOrZero AIMS (21.01.2012)
 documentadvisories_(at)_intern0t.net, Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS (21.01.2012)
 documentn0b0d13s_(at)_gmail.com, appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability (21.01.2012)
 documenttom, Webcalendar 1.2.4 'location' XSS (21.01.2012)

Adobe Acrobat / Reader multiple security vulnerabilities
updated since 21.01.2012
Published:13.02.2012
Source:
SecurityVulns ID:12154
Type:client
Threat Level:
8/10
Description:Code execution, multiple memory corruptions.
Affected:ADOBE : Reader 10.1
 ADOBE : Acrobat 10.1
CVE:CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.)
 CVE-2011-4372 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.)
 CVE-2011-4371 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2011-4370 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.)
 CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
 CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.)
Original documentdocumentZDI, ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability (13.02.2012)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01) (21.01.2012)
 documentADOBE, Security updates available for Adobe Reader and Acrobat (21.01.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod