Search:Vulnerability:28.03.2009 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

OpenJDK multiple security vulnerabilities
Published: 28.03.2009
Source: BUGTRAQ
SecurityVulns ID: 9777
Type: library
Level: 6/10
Description: Multiple DoS conditions, memory corruptions on different data formats parsing and LDAP requests.

Affected: OPENJDK : OpenJDK 6.0
CVE: CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation.")
CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak.")
CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.)
CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.)
CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation during display on the splash screen, aka CR 6804996, and (2) a crafted GIF image, aka CR 6804997.)
CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.)
CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.)
CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.)
CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).)
CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.)

Original document UBUNTU, [USN-748-1] OpenJDK vulnerabilities (28.03.2009)

Discuss: Read or add your comments to this news (1 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 28.03.2009
Source:
SecurityVulns ID: 9778
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Webglimpse: crossite scripting.

Affected: MOODLE : Moodle 1.6
MOODLE : Moodle 1.7
MOODLE : Moodle 1.8
MOODLE : Moodle 1.9
NOVELL : Netstorage 3.1

Original document MustLive, Cross-Site Scripting vulnerability in Webglimpse (28.03.2009)

Bugs NotHugs, Aurora Nutritive Analysis Module Multiple XSS (28.03.2009)

Christian Eibl, Moodle: Sensitive File Disclosure (28.03.2009)

Bugs NotHugs, Novell Netstorage Multiple Vulnerabilities (28.03.2009)

Discuss: Read or add your comments to this news (0 comments)

Multiple Sun Java (JRE / JWS) security vulnerabilities
Published: 28.03.2009
Source: BUGTRAQ
SecurityVulns ID: 9776
Type: library
Level: 7/10
Description: Multiple integer overflows and memory corruptions on different data formats parsing.

Affected: ORACLE : JDK 5.0
ORACLE : JDK 6.0

Original document IDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability (28.03.2009)

IDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) PNG Decoding Integer Overflow Vulnerability (28.03.2009)

document IDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) GIF Decoding Heap Corruption Vulnerability (28.03.2009)

IDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Web Start (JWS ) GIF Decoding Heap Corruption Vulnerability (28.03.2009)

IDEFENSE, iDefense Security Advisory 03.26.09: Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability (28.03.2009)

Discuss: Read or add your comments to this news (0 comments)

squid memory exhaustion
Published: 28.03.2009
Source: BUGTRAQ
SecurityVulns ID: 9779
Type: remote
Level: 5/10
Description: Memory exhaustion on data received with ICAP protocol.

Original document Martin Huter, ICAP adaptation: missing data flow control to client side (28.03.2009)

Discuss: Read or add your comments to this news (0 comments)

test server