Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel multiple security vulnerabilities
Published:21.08.2008
Source:
SecurityVulns ID:9235
Type:remote
Threat Level:
6/10
Description:IPSec ESP pacjet parsing DoS, multiple local DoS conditions, kernel memory data leak, privilege escalation.
Affected:LINUX : kernel 2.6
CVE:CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.)
 CVE-2008-3272 (The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.)
 CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.)
 CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure.)
 CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.)
 CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.)
 CVE-2008-0598
 CVE-2007-6282
Original documentdocumentDEBIAN, [SECURITY] [DSA 1630-1] New Linux 2.6.18 packages fix several vulnerabilities (21.08.2008)

yelp format string vulnerability
Published:21.08.2008
Source:
SecurityVulns ID:9236
Type:remote
Threat Level:
5/10
Description:Format string vulnerability via URI.
Affected:YELP : yelp 2.23
CVE:CVE-2008-3533 (Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:175 ] yelp (21.08.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.08.2008
Source:
SecurityVulns ID:9237
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : vBulletin 3.6
 VBULLETIN : vBulletin 3.7
 FARPHP : FAR-PHP 1.0
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability (21.08.2008)
 documentbeenudel1986_(at)_gmail.com, Null Byte Local file Inclusion in FAR - PHP Project version:1.0 (21.08.2008)

Anzio Web Print Object ActiveX buffer overflow
Published:21.08.2008
Source:
SecurityVulns ID:9238
Type:client
Threat Level:
5/10
Description:Buffer overflow with mainurl parameter.
Affected:ANZIO : Web Print Object 3.2
 ANZIO : Anzio Print Wizard 3.2
CVE:CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0624: Anzio Web Print Object Buffer Overflow (21.08.2008)

Cisco IOS embedded FTP server multiple security vulneraiblities
updated since 12.05.2007
Published:21.08.2008
Source:
SecurityVulns ID:7700
Type:remote
Threat Level:
6/10
Description:DoS, unauthorized access, directory traversal.
Affected:CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
Original documentdocumentAndy Davis, Version-independent IOS shellcode (21.08.2008)
 documentAndy Davis, Step-by-step instructions for debugging Cisco IOS using gdb (15.08.2008)
 documentAndy Davis, Cisco IOS shellcode explanation - additional (31.07.2008)
 documentAndy Davis, Remote Cisco IOS FTP exploit (30.07.2008)
 documentAndy Davis, Cisco IOS shellcode explanation (30.07.2008)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in the IOS FTP Server (12.05.2007)
Files:Cisco IOS FTP server remote exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod