Computer Security
[EN] securityvulns.ru no-pyccku


zFTP FTP server buffer overflow
Published:26.10.2011
Source:
SecurityVulns ID:11996
Type:remote
Threat Level:
5/10
Description:Buffer overflow on STAT and CWD commands processing.
Affected:ZFTPSERVER : zFTP Server 2011-04-13
Original documentdocumentYGN Ethical Hacker Group, zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability (26.10.2011)
Files:zFTP Server "cwd" Remote Denial-of-Service

cyrus-imapd DoS
Published:26.10.2011
Source:
SecurityVulns ID:11997
Type:remote
Threat Level:
5/10
Description:Crash on parsing message References: header.
Affected:CYRUS : cyrus-imapd 2.4
CVE:CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.)

D-Bus symbolic links vulnerability
Published:26.10.2011
Source:
SecurityVulns ID:11998
Type:local
Threat Level:
3/10
Description:configure script insecure file creation
Affected:DBUS : D-Bus 1.2
CVE:CVE-2011-2533 (The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.)
Original documentdocumentGENTOO, [ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities (26.10.2011)

ClamAV antivirus DoS
Published:26.10.2011
Source:
SecurityVulns ID:11999
Type:remote
Threat Level:
5/10
Description:Crash on high recurson level.
Affected:CLAMAV : ClamAV 0.97
CVE:CVE-2011-3627 (The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.)

pam buffer overflow
Published:26.10.2011
Source:
SecurityVulns ID:12000
Type:local
Threat Level:
6/10
Description:pam_env module buffer overflow
Affected:PAM : pam 1.1
CVE:CVE-2011-3149 (The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).)
 CVE-2011-3148 (Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2326-1] pam security update (26.10.2011)

Alcatel Lucent OmniTouch Instant Communication Suite multiple security vulnerabilities
Published:26.10.2011
Source:
SecurityVulns ID:12001
Type:remote
Threat Level:
5/10
Description:Crossite scripting, request forgery.
Affected:ALCATEL : OmniTouch 8400
Original documentdocumentTobias Glemser, TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite (26.10.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod