Computer Security
[EN] securityvulns.ru no-pyccku


OpenStack security vulnerabilities
updated since 04.02.2013
Published:24.03.2013
Source:
SecurityVulns ID:12863
Type:remote
Threat Level:
5/10
Description:Nova and Glances information leakages, Keystone resources exhaustion.
Affected:OPENSTACK : glance 2012.2
 OPENSTACK : Nova 2012.2
 OPENSTACK : KeyStone 2012.2
 OPENSTACK : Cinder 2012.2
CVE:CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.)
 CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.)
 CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.)
 CVE-2013-1665 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.)
 CVE-2013-1664 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.)
 CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.)
 CVE-2013-0282 (OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.)
 CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.)
 CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.)
 CVE-2013-0208 (The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.)
Original documentdocumentUBUNTU, [USN-1772-1] OpenStack Keystone vulnerability (24.03.2013)
 documentUBUNTU, [USN-1771-1] OpenStack Nova vulnerabilities (24.03.2013)
 documentUBUNTU, [USN-1764-1] OpenStack Glance vulnerability (19.03.2013)
 documentUBUNTU, [USN-1730-1] OpenStack Keystone vulnerabilities (24.02.2013)
 documentUBUNTU, [USN-1731-1] OpenStack Cinder vulnerability (24.02.2013)
 documentUBUNTU, [USN-1734-1] OpenStack Nova vulnerability (24.02.2013)
 documentUBUNTU, [USN-1715-1] OpenStack Keystone vulnerability (11.02.2013)
 documentUBUNTU, [USN-1710-1] OpenStack Glance vulnerability (04.02.2013)
 documentUBUNTU, [USN-1709-1] OpenStack Nova vulnerability (04.02.2013)

Photodex ProShow Producer multiple security vulnerabilities
updated since 18.02.2013
Published:24.03.2013
Source:
SecurityVulns ID:12891
Type:local
Threat Level:
5/10
Description:Buffer overflow on .pxs / .pxt files parsing. Privilege escalations via weak executable permissions and incorrect DLL paths.
Affected:PHOTODEX : ProShow Producer 5.0
Original documentdocumentInshell Security, [IA49] Photodex ProShow Producer v5.0.3310 ScsiAccess Local Privilege Escalation (24.03.2013)
 documentInshell Security, [IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability (02.03.2013)
 documentInshell Security, [IA47] Photodex ProShow Producer v5.0.3297 PXT File title Value Handling Buffer Overflow (24.02.2013)
 documentInshell Security, [IA46] Photodex ProShow Producer v5.0.3297 ColorPickerProc() Memory Corruption (18.02.2013)

Mozilla Firefox / Thunderbird / Seamonkey use-after-free vulnerability
updated since 10.03.2013
Published:24.03.2013
Source:
SecurityVulns ID:12925
Type:client
Threat Level:
5/10
Description:HTML editor use-after-free
Affected:MOZILLA : Thunderbird 17.0
 MOZILLA : Firefox ESR 17.0
 MOZILLA : Firefox 19.0
 MOZILLA : SeaMonkey 2.16
CVE:CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) (24.03.2013)
Files:Mozilla Foundation Security Advisory 2013-29

Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.03.2013
Published:24.03.2013
Source:
SecurityVulns ID:12947
Type:client
Threat Level:
7/10
Description:Multiple use-after-free vulnerabilities.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability.")
 CVE-2013-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability.")
 CVE-2013-0093 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability.")
 CVE-2013-0092 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability.")
 CVE-2013-0091 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability.")
 CVE-2013-0090 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability.")
 CVE-2013-0089 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability.")
 CVE-2013-0088 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability.")
 CVE-2013-0087 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnMove" Use-after-free (MS13-021 / CVE-2013-0087) (24.03.2013)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087) (24.03.2013)
Files:Microsoft Security Bulletin MS13-021 - Critical Cumulative Security Update for Internet Explorer (2809289)

Apple iOS multiple security vulnerabilities
Published:24.03.2013
Source:
SecurityVulns ID:12962
Type:library
Threat Level:
6/10
Description:Protection bypass, privilege escalation, code execution.
Affected:APPLE : Appple iOS 6.1
CVE:CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.)
 CVE-2013-0980 (The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.)
 CVE-2013-0979 (lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.)
 CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.)
 CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.)
 CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion.")
Original documentdocumentAPPLE, APPLE-SA-2013-03-19-1 iOS 6.1.3 (24.03.2013)

Apple TV multiple security vulnerabilities
Published:24.03.2013
Source:
SecurityVulns ID:12963
Type:library
Threat Level:
6/10
Description:Protection bypass, information leakage.
Affected:APPLE : Apple TV 5.2
CVE:CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.)
 CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.)
 CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.)
Original documentdocumentAPPLE, APPLE-SA-2013-03-19-2 Apple TV 5.2.1 (24.03.2013)

Safari / WebKit multiple security vulnerabilities
Published:24.03.2013
Source:
SecurityVulns ID:12964
Type:client
Threat Level:
7/10
Description:Crossite scripting.
Affected:APPLE : Safari 6.0
CVE:CVE-2013-0962 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.)
 CVE-2013-0961 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.)
 CVE-2013-0960 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.)
 CVE-2013-0959 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0958 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0956 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0955 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0954 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0953 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0952 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0951 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0950 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0949 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2013-0948 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.)
 CVE-2012-2889 (Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS).")
 CVE-2012-2857 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.)
 CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.)
Original documentdocumentAPPLE, APPLE-SA-2013-03-14-2 Safari 6.0.3 (24.03.2013)

Apple Mac OS X multiple security vulnerabilities
Published:24.03.2013
Source:
SecurityVulns ID:12965
Type:library
Threat Level:
7/10
Description:Crossite scripting, authentication bypass, buffer overflows and memory corruptions in graphics libraries, information leakage, protection bypass, PDF parsing memory corruptions, different packages security vulnerabilities.
Affected:APPLE : Mac OS X 10.8
CVE:CVE-2013-0976 (IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.)
 CVE-2013-0973 (Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.)
 CVE-2013-0971 (Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.)
 CVE-2013-0970 (Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL.)
 CVE-2013-0969 (Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard.)
 CVE-2013-0967 (CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.)
 CVE-2013-0966 (The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.)
 CVE-2013-0963 (Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.)
 CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.)
 CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.)
 CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.)
 CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.)
 CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.)
 CVE-2012-3756 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.)
 CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.)
 CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.)
 CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.)
 CVE-2012-3488 (The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.)
 CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.)
 CVE-2011-3058 (Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.)
Original documentdocumentAPPLE, APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 (24.03.2013)

Mozilla NSS library TLS timing attacks
Published:24.03.2013
Source:
SecurityVulns ID:12966
Type:library
Threat Level:
5/10
Description:"Lucky Thirteen" attacks are possible
Affected:MOZILLA : nss 3.14
CVE:CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.)
Original documentdocumentUBUNTU, [USN-1763-1] NSS vulnerability (24.03.2013)

sort, uniq, join utilities resources exhaustion
Published:24.03.2013
Source:
SecurityVulns ID:12967
Type:local
Threat Level:
4/10
Description:Resources exhaustion on oversized string.
Affected:GNU : coreutils 6.12
CVE:CVE-2013-0223 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.)
 CVE-2013-0222 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.)
 CVE-2013-0221 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:023 ] coreutils (24.03.2013)

OpenSSH security vulnerabilities
Published:24.03.2013
Source:
SecurityVulns ID:12968
Type:remote
Threat Level:
5/10
Description:DoS, information leakage.
Affected:OPENSSH : OpenSSH 5.6
 OPENSSH : OpenSSH 6.1
CVE:CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.)
 CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:022 ] openssh (24.03.2013)

Puppet multiple security vulnerabilities
Published:24.03.2013
Source:
SecurityVulns ID:12969
Type:remote
Threat Level:
5/10
Description:Code execution, privilege escalation, protection bypass, information spoofing.
Affected:PUPPET : Puppet 3.1
CVE:CVE-2013-2275 (The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.)
 CVE-2013-1655 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes.")
 CVE-2013-1654 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.)
 CVE-2013-1653 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.)
 CVE-2013-1652 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.)
 CVE-2013-1640 (The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.)
Original documentdocumentUBUNTU, [USN-1759-1] Puppet vulnerabilities (24.03.2013)

LibreOffice update spoofing
Published:24.03.2013
Source:
SecurityVulns ID:12970
Type:m-i-t-m
Threat Level:
6/10
Description:Updates are checked via insecure connection, digital signature is not validated.
Affected:LIBREOFFICE : LibreOffice 4.0
Original documentdocumentJanek Vind, [waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 (24.03.2013)

CA SiteMinder privilege escalation
Published:24.03.2013
Source:
SecurityVulns ID:12971
Type:remote
Threat Level:
5/10
Description:Invalid SAML signature verification.
Affected:CA : SiteMinder Federation 12.5
 CA : SiteMinder Federation 12.1
 CA : SiteMinder Federation 12.0
 CA : SiteMinder Agent for SharePoint 2010
 CA : SiteMinder for Secure Proxy Server 12.5
 CA : SiteMinder for Secure Proxy Server 12.0
CVE:CVE-2013-2279 (CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.)
Original documentdocumentCA, CA20130319-01: Security Notice for SiteMinder products using SAML (24.03.2013)

EverFocus EPARA264-16X1 directory traversal
Published:24.03.2013
Source:
SecurityVulns ID:12972
Type:remote
Threat Level:
4/10
Description:Directory traversal in embedded http server.
Affected:EVERFOCUS : EverFocus EPARA264-16X1
Original documentdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2013-50 EverFocus EPARA264-16X1 Directory Traversal (24.03.2013)

apt protection bypass
updated since 10.03.2012
Published:24.03.2013
Source:
SecurityVulns ID:12244
Type:m-i-t-m
Threat Level:
4/10
Description:Man-in-the middle attack is possible against repository if InRelease files are used.
Affected:APT : apt 0.8
CVE:CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.)
 CVE-2012-0214 (The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.)
Original documentdocumentUBUNTU, [USN-1762-1] APT vulnerability (24.03.2013)
 documentUBUNTU, [USN-1385-1] APT vulnerability (10.03.2012)

ClamAV multiple security vulnerabilities
updated since 24.03.2013
Published:04.05.2013
Source:
SecurityVulns ID:12961
Type:library
Threat Level:
6/10
Description:Buffer overflow on UPX decompression, array overflow on PDF parsing.
Affected:CLAMAV : ClamAV 0.97
CVE:CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.)
 CVE-2013-2020 (Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.)
Original documentdocumentUBUNTU, [USN-1816-1] ClamAV vulnerabilities (04.05.2013)
 documentUBUNTU, [USN-1773-1] ClamAV vulnerabilities (24.03.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod