Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Outlook Express / Windows Mail multiple security vulnerabilities
updated since 12.06.2007
Published:22.06.2007
Source:
SecurityVulns ID:7808
Type:client
Threat Level:
8/10
Description:Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.")
 CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability.")
 CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).)
 CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability.")
Original documentdocumentHASEGAWA Yosuke, [Full-disclosure] MS07-034: Executing arbitrary script with mhtml: protocol handler (22.06.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-034 - Critical Cumulative Security Update for Outlook Express and Windows Mail (929123) (12.06.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.06.2007
Source:
SecurityVulns ID:7837
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPRIDER : phpRaider 1.0
 BITEGO : bosDataGrid 2.50
 ACCESS2ASP : access2asp 4.5
 CLICKTECH : ClickGallery Server 5.1
Original documentdocumentr0t, ClickGallery Server vuln. (22.06.2007)
 documentr0t, access2asp XSS vuln. (22.06.2007)
 documentr0t, bosDataGrid XSS vuln. (22.06.2007)
 documentlaurent gaffie, NetClassifieds [multiple vulnerabilities] (22.06.2007)
 documentr0t, phpRaider sql vuln. (22.06.2007)

GNU emacs DoS
Published:22.06.2007
Source:
SecurityVulns ID:7838
Type:local
Threat Level:
3/10
Description:Crash on images processing.
Affected:EMACS : emacs 21.4
CVE:CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1316-1] New emacs21 packages fix denial of service (22.06.2007)

VLC media player multiple security vulnerabilities
Published:22.06.2007
Source:
SecurityVulns ID:7839
Type:client
Threat Level:
5/10
Description:Format string vulnerabilities in Ogg Vorbis and Ogg Theora comments parsing, CDDA data, SAP/SDP discovery service. Integer overflow and uninitialized variables on WAV parsing.
Affected:VLC : VLC 0.8
CVE:CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.)
 CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.)
Original documentdocumentDavid Thiel, VLC 0.8.6b format string vulnerability & integer overflow (22.06.2007)

MadWifi multiple security vulnerabilities
Published:22.06.2007
Source:
SecurityVulns ID:7840
Type:remote
Threat Level:
6/10
Description:DoS on different frames parsing, local array index overflow.
Affected:MADWIFI : Madwifi 0.9
CVE:CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.)
 CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.)
 CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.)
Original documentdocumentMANDRIVA, [ MDKSA-2007:132 ] - Updated madwifi-source, wpa_supplicant packages fix vulnerabilities (22.06.2007)

xfsdump symbolic links vulnerability
Published:22.06.2007
Source:
SecurityVulns ID:7842
Type:local
Threat Level:
5/10
Description:xfs_fsr utility insecurely creates .fsr temporary directory.
Affected:XFSDUMP : xfsdump 2.2
CVE:CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.)
Original documentdocumentMANDRIVA, [Full-disclosure] [ MDKSA-2007:134 ] - Updated xfsdump packages fix unsafe temporary directory creation issue (22.06.2007)

Evolution Data Server integer overflow
Published:22.06.2007
Source:
SecurityVulns ID:7843
Type:client
Threat Level:
5/10
Description:Integer overflow in Camel mailer component on negative value of IMAP server SEQUENCE command reply.
Affected:EVOLUTION : Evolution Data Server 1.11
CVE:CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.)
Original documentdocumentUBUNTU, [Full-disclosure] [USN-475-1] evolution-data-server vulnerability (22.06.2007)

Ingres database / CA security products multiple security vulnerabilities
updated since 22.06.2007
Published:24.12.2007
Source:
SecurityVulns ID:7841
Type:remote
Threat Level:
6/10
Description:Multiple heap buffers overflows on TCP/10916 and TCP/10923 requests parsing. Local unauthorized files access with 'wakeup'. Buffer overflow in uuid_from_char() SQL function, privilege escalation.
Affected:INGRES : Ingres Database 3.0
 INGRES : Ingres 2006
 INGRES : Ingres 2.6
 INGRES : Ingres 2.5
CVE:CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.)
 CVE-2007-3338 (Multiple buffer stack-based overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows attackers allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.)
 CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.)
 CVE-2007-3336 (Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.)
 CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.)
Original documentdocumentCA, [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability (24.12.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres Unauthenticated Pointer Overwrite 1 (26.06.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres wakeup setuid(ingres) file truncation (26.06.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres stack overflow in uuid_from_char function (26.06.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres verifydb local stack overflow (26.06.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres Unauthenticated Pointer Overwrite 2 (26.06.2007)
 documentCA, [Full-disclosure] [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities (22.06.2007)
 documentIDEFENSE, iDefense Security Advisory 06.21.07: Ingres Database Multiple Heap Corruption Vulnerabilities (22.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod