Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel privilege escalation
updated since 20.07.2009
Published:27.07.2009
Source:
SecurityVulns ID:10084
Type:local
Threat Level:
7/10
Description:Error in NULL pointer dereference error handling.
Affected:LINUX : kernel 2.6
CVE:CVE-2009-1897 (The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.)
 CVE-2009-1895 (The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).)
Original documentdocumentRPATH, rPSA-2009-0111-1 kernel (27.07.2009)
 documentBrad Spengler, Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable (20.07.2009)
Files:2.6.30+/RHEL5 2.6.18 local kernel exploit in /dev/net/tun

Mozilla Firefox URL spoofing
Published:27.07.2009
Source:
SecurityVulns ID:10096
Type:remote
Threat Level:
4/10
Description:It's possible to spoof error text on invalid URL.
Affected:MOZILLA : Firefox 3.0
Original documentdocumentjplopezy_(at)_gmail.com, URL spoofing bug involving Firefox's error pages and document.write (27.07.2009)

Cisco Wireless LAN Controllers multiple security vulnerabilities
Published:27.07.2009
Source:
SecurityVulns ID:10097
Type:remote
Threat Level:
6/10
Description:Buffer overflow on authentication in embedded Web-server, multiple DoS conditions, unauthorized access to some ocnfiguration commands.
Affected:CISCO : Cisco 2100
 CISCO : Cisco 4100
 CISCO : Cisco 4400
 CISCO : Cisco 1500
 CISCO : Cisco 2000
 CISCO : Cisco 4200
CVE:CVE-2009-1167 (Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672.)
 CVE-2009-1166 (The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy27708.)
 CVE-2009-1165 (Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789.)
 CVE-2009-1164 (The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a malformed response to a (1) HTTP or (2) HTTPS authentication request, aka Bug ID CSCsx03715.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers (27.07.2009)
 documentSySS security advisories -- Christoph Bott, Cisco WLC 4402 Denial-of-Service vulnerability (27.07.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.07.2009
Source:
SecurityVulns ID:10098
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:XAMPP : XAMPP 1.6
 AIOCP : Aiocp 1.4
 IXXOCART : IXXO Cart! 3.9
 DOMPDF : DOMPDF 0.5
 GMAILLITE : GMAIL-LITE 0.10
Original documentdocumentYGN Ethical Hacker Group, CodeIgniter Global XSS Filtering Bypass Vulnerability (27.07.2009)
 documentYGN Ethical Hacker Group, GMAIL-LITE Arbitrary File Upload 0.10 <= (27.07.2009)
 documentYGN Ethical Hacker Group, DOMPDF Arbitrary File Read <= 0.5.1 (27.07.2009)
 documentSmOk3, IXXO Cart! Standalone and Joomla Component SQL Injection (27.07.2009)
 documenthadikiamarsi_(at)_hotmail.com, Remote File Inclusion in aiocp (27.07.2009)
 documentMustLive, Vulnerabilities in XAMPP (27.07.2009)

MySQL format string vulnerabilities
Published:27.07.2009
Source:
SecurityVulns ID:10099
Type:local
Threat Level:
5/10
Description:COM_CREATE_DB, COM_DROP_DB format string vulnerabilities
Affected:ORACLE : MySQL 5.0
CVE:CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.)

NcFTPd privilege escalation
Published:27.07.2009
Source:
SecurityVulns ID:10100
Type:local
Threat Level:
5/10
Description:By symlinking .message file it's possible to obtain content of the file behind FTP root.
Affected:NCFTPD : NcFTPd 2.8
Original documentdocumentKingcope Kingcope, NcFTPd <= 2.8.5 remote jail breakout (27.07.2009)

The Movie Player / VLC Media Player integer overflow
Published:27.07.2009
Source:
SecurityVulns ID:10101
Type:client
Threat Level:
5/10
Description:Integer overflow on Real stream parsing.
Affected:VLC : VLC Media Player 1.0
Original documentdocumenttixxDZ, [Full-disclosure] [DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow. (27.07.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod