Computer Security
[EN] securityvulns.ru no-pyccku


libxml library DoS
Published:25.08.2008
Source:
SecurityVulns ID:9241
Type:library
Threat Level:
5/10
Description:DoS through CPU and memory exhaustion.
Affected:LIBXML : libxml 2.6
CVE:CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.)
 CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service (25.08.2008)

Xine multiple security vulnerabilities
Published:25.08.2008
Source:
SecurityVulns ID:9242
Type:library
Threat Level:
7/10
Description:5 buffer overflows in real Audio parsing, vulnerabilities in mng, mod, qt, matroska formats handling.
Affected:XINE : xine-lib 1.1
 XINE : xine 1.1
Original documentdocumentWill Drewry, [oCERT-2008-008] multiple heap overflows in xine-lib (25.08.2008)

vim multiple security vulnerabilities
updated since 14.06.2008
Published:25.08.2008
Source:
SecurityVulns ID:9086
Type:local
Threat Level:
5/10
Description:Code execution on file open.
Affected:VIM : vim 6.4
 VIM : vim 7.1
CVE:CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.)
 CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.)
Original documentdocumentJan Minar, Vim: Arbitrary Code Execution in Commands: K, Control-], g] (25.08.2008)
 documentJan Minar, Vim 7.2c.002 Fixes Arbitrary Command Execution when Handling Tar Archives (13.08.2008)
 documentJan Minar, Vim: Netrw: FTP User Name and Password Disclosure (13.08.2008)
 documentJan Minar, Vim: Unfixed Vulnerabilities in Tar Plugin Version 20 (08.08.2008)
 documentJan Minar, Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim (24.07.2008)
 documentJan Minar, Vim: Improper Implementation of shellescape()/Arbitrary Code Execution (22.07.2008)
 documentJan Minar, Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution (22.07.2008)
 documentJan Minar, Collection of Vulnerabilities in Fully Patched Vim 7.1 (14.06.2008)

Microsoft .Net framework multiple security vulnerabilities
updated since 10.07.2007
Published:25.08.2008
Source:
SecurityVulns ID:7911
Type:client
Threat Level:
7/10
Description:Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework 2.0 through 2.0 SP2 for Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".)
 CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003; and 2.0 and earlier for Windows Vista allows remote attackers to access configuration files and obtain sensitive information via "invalid URLs," probably containing a terminating NULL byte.)
 CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.)
Original documentdocumentProCheckUp Research, PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks (25.08.2008)
 documentPaul Craig, Multiple .NET Null Byte Injection Vulnerabilities (11.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-040 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (10.07.2007)
Files:Bypassing ASP .NET “ValidateRequest” for Script Injection Attacks

Trend Micro multiple application authentication bypass
Published:25.08.2008
Source:
SecurityVulns ID:9243
Type:remote
Threat Level:
6/10
Description:Weak PRNG generator is used to generate session cookie.
Affected:TM : OfficeScan 7.3
 TM : OfficeScan 7.0
 TM : OfficeScan 8.0
 TM : Worry-Free Business Security 5.0
 TM : Trend Micro Messaging Suite 3.5
 TM : Trend Micro Messaging Suite 3.6
CVE:CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration.")
Original documentdocumentSECUNIA, Secunia Research: Trend Micro Products Web Management Authentication Bypass (25.08.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod