Computer Security
[EN] securityvulns.ru no-pyccku


sudo protection bypass
Published:24.05.2012
Source:
SecurityVulns ID:12386
Type:local
Threat Level:
4/10
Description:It's possible to bypass IP limitations.
Affected:SUDO : sudo 1.8
CVE:CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.)

Pidgin otr plugin format string vulnerability
Published:24.05.2012
Source:
SecurityVulns ID:12387
Type:client
Threat Level:
5/10
Affected:PIDGIN : pidgin-otr 3.2
CVE:CVE-2012-2369 (Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2476-1] pidgin-otr security update (24.05.2012)

PHP multiple security vulnerabilities
updated since 01.05.2012
Published:24.05.2012
Source:
SecurityVulns ID:12353
Type:library
Threat Level:
7/10
Description:DoS conditions, code execution, SQL injections.
Affected:PHP : PHP 5.3
CVE:CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.)
 CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.)
 CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.)
 CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.)
 CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.)
 CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.)
 CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.)
 CVE-2012-0788 (The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.)
Original documentdocumentadmin_(at)_bugreport.ir, PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version (24.05.2012)
 documentMANDRIVA, [ MDVSA-2012:071 ] php (14.05.2012)
 documentMANDRIVA, [ MDVSA-2012:065 ] php (01.05.2012)
Files:PHP CVE-2012-1823 exploit

HP OpenVMS ACMELOGIN privilege escalation
Published:24.05.2012
Source:
SecurityVulns ID:12388
Type:local
Threat Level:
5/10
Affected:HP : OpenVMS 8.3
 HP : OpenVMS 8.4
CVE:CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGIN, Local Unauthorized (24.05.2012)

Linux kernel multiple security vulnerabilities
updated since 14.05.2012
Published:24.05.2012
Source:
SecurityVulns ID:12376
Type:local
Threat Level:
6/10
Description:DoS conditions, protection bypass, buffer overflow
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.3
CVE:CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020.)
 CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data.)
 CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.)
 CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.)
Original documentdocumentpi3_(at)_pi3.com.pl, The story of the Linux kernel 3.x... (24.05.2012)
 documentTimo Warns, [PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem (24.05.2012)
 documentDEBIAN, [SECURITY] [DSA 2469-1] linux-2.6 security update (14.05.2012)

FlashPeak SlimBrowser buffer overflow
Published:24.05.2012
Source:
SecurityVulns ID:12389
Type:client
Threat Level:
5/10
Description:Buffer overflow via TITLE tag.
Original documentdocumentdemonalex_(at)_163.com, FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability (24.05.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod