Computer Security
[EN] securityvulns.ru no-pyccku


OpenSSL DoS confitions
Published:22.04.2010
Source:
SecurityVulns ID:10780
Type:library
Threat Level:
6/10
Description:DoS conditions in ssl3_get_record and kssl_keytab_is_available functions.
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.)
 CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.)
Original documentdocumentUBUNTU, [ MDVSA-2010:076-1 ] openssl (22.04.2010)

Adobe Download Manager ActiveX buffer overflow
Published:22.04.2010
Source:
SecurityVulns ID:10781
Type:remote
Threat Level:
6/10
Description:Buffer overflow via parameters.
CVE:CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters.)
Original documentdocumentZDI, ZDI-10-077: Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability (22.04.2010)

sudo protection bypass
updated since 01.03.2010
Published:22.04.2010
Source:
SecurityVulns ID:10655
Type:local
Threat Level:
6/10
Description:when a pseudocommand is enabled, it's possible to created an executable file with the same name, it will be executed by relative name with escalated privileges.
CVE:CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.)
 CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.)
Original documentdocumentAgazzini Maurizio, sudoedit local privilege escalation through PATH manipulation (22.04.2010)
 documentUBUNTU, [USN-928-1] Sudo vulnerability (19.04.2010)
 documentKingcope Kingcope, Todd Miller Sudo local root exploit discovered by Slouching (02.03.2010)
 documentMANDRIVA, [ MDVSA-2010:049 ] sudo (01.03.2010)
Files:Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod