Computer Security
[EN] securityvulns.ru no-pyccku


cscope buffer overflow
Published:26.05.2009
Source:
SecurityVulns ID:9935
Type:local
Threat Level:
5/10
Description:Buffer overflow on oversized included file name.
Affected:CSCOPE : cscope 15.6
CVE:CVE-2009-1577 (Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.)
 CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution (26.05.2009)

Nortel Contact Center Manager Server multiple security vulnerabilities
Published:26.05.2009
Source:
SecurityVulns ID:9938
Type:remote
Threat Level:
6/10
Description:Authentication bypass, information leak.
Affected:NORTEL : Contact Center Manager Server 6.0
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20090525-1 :: Nortel Contact Center Manager Server Password Disclosure Vulnerability (26.05.2009)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20090525-0 :: Nortel Contact Center Manager Server Authentication Bypass Vulnerability (26.05.2009)

ntpd buffer overflow
Published:26.05.2009
Source:
SecurityVulns ID:9937
Type:remote
Threat Level:
6/10
Description:Buffer overflow if autokey option is enabled.
Affected:NTP : ntp 4.2
CVE:CVE-2009-1252 (Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.)
Original documentdocumentAlex Legler, [ GLSA 200905-08 ] NTP: Remote execution of arbitrary code (26.05.2009)

ATEN IP KVM Switches multiple cryptographic vulnerabilities
Published:26.05.2009
Source:
SecurityVulns ID:9939
Type:m-i-t-m
Threat Level:
5/10
Description:Same SSL certificate is used for all devices, static symmetric key is used for code signing, mouse events are not encrypted, predictable session key is used.
Affected:ATEN : ATEN KH1516i
 ATEN : ATEN KN9116
 ATEN : Aten PN9108
CVE:CVE-2009-1477 (The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer.)
 CVE-2009-1474 (The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.)
 CVE-2009-1473 (The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations.")
 CVE-2009-1472 (The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session.)
Original documentdocumentJakob Lell, Multiple vulnerabilities in several ATEN IP KVM Switches (26.05.2009)

COWON America jetCast buffer overflow
Published:26.05.2009
Source:
SecurityVulns ID:9941
Type:local
Threat Level:
4/10
Description:Buffer overflow on MP3 parsing.
Affected:COWONAMERICA : jetCast 2.0
Original documentdocumentrgod, COWON America jetCast 2.0.4.1109 (.mp3) local heap buffer overlow exploit (26.05.2009)
Files:COWON America jetCast 2.0.4.1109 (.mp3) local heap buffer overlow exploit (xp/sp3)

Pidgin memory corruption
updated since 26.06.2008
Published:26.05.2009
Source:
SecurityVulns ID:9114
Type:remote
Threat Level:
6/10
Description:Memory corruption on malcrafted filename in MSN protocol. Buffer overflow on Jabber file transfer. Buffer overflow in QQ protocol.
Affected:PIDGIN : Pidgin 2.4
CVE:CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.)
 CVE-2009-1375 (The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.)
 CVE-2009-1374 (Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.)
 CVE-2009-1373 (Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.)
Original documentdocumentGENTOO, [ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities (26.05.2009)
 documentDEBIAN, [SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities (25.05.2009)
 documentjplopezy_(at)_gmail.com, Pidgin 2.4.1 Vulnerability (26.06.2008)

Mozilla Firefox / Microsoft Internet Explorer / Opera /Google Chrome DoS
updated since 26.05.2009
Published:10.07.2009
Source:
SecurityVulns ID:9940
Type:client
Threat Level:
3/10
Description:Hang on circle with large radius value in SVG tags. Hang and memory leak on reload with keygen tag.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MOZILLA : Firefox 3.0
Original documentdocumentThierry Zoller, Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (10.07.2009)
 documentThierry Zoller, Update: [TZO-27-2009] Firefox Denial of Service (Keygen) (09.07.2009)
 documentMustLive, DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera (05.06.2009)
 documentThierry Zoller, [TZO-27-2009] Firefox Denial of Service (Keygen) (29.05.2009)
 documentThierry Zoller, [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) (26.05.2009)
Files:Exploits Mozilla SVG circle hang

acpid DoS
updated since 26.05.2009
Published:23.10.2011
Source:
SecurityVulns ID:9936
Type:remote
Threat Level:
5/10
Description:Large number of connections leads to endless loop.
Affected:ACPID : acpid 1.0
 ACPID : acpid 2.0
CVE:CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.)
 CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.)
Original documentdocumentGENTOO, [ GLSA 200905-06 ] acpid: Denial of Service (26.05.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod