Computer Security
[EN] securityvulns.ru no-pyccku


CUPS / poppler / xpdf / Adobe Reader multipls security vulnerabilities
updated since 20.10.2009
Published:28.10.2009
Source:
SecurityVulns ID:10333
Type:library
Threat Level:
7/10
Description:Integer overflows, race condiotions.
Affected:CUPS : cups 1.1
 CUPS : cups 1.3
 XPDF : xpdf 3.02
 POPPLER : poppler 0.10
CVE:CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.)
 CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.)
 CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.)
 CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.)
 CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.)
Original documentdocumentadam_(at)_hispasec.com, Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow. (28.10.2009)
 documentWill Drewry, [oCERT-2009-016] Poppler, xpdf integer overflow during heap allocation (22.10.2009)
 documentUBUNTU, [USN-850-1] poppler vulnerabilities (22.10.2009)
 documentMANDRIVA, [ MDVSA-2009:283 ] cups (20.10.2009)

KDE multiple security vulnerabilities
Published:28.10.2009
Source:
SecurityVulns ID:10351
Type:client
Threat Level:
5/10
Description:Crossaplication scripting in Ark, protocol URI handlers, KMail.
Affected:KDE : KDE 4.3
Original documentdocumentAndrea Barisani, [oCERT-2009-015] KDE multiple issues (28.10.2009)

Aruba wireless access points DoS
Published:28.10.2009
Source:
SecurityVulns ID:10352
Type:remote
Threat Level:
5/10
Description:Crash on malformed 802.11 association request frame.
Affected:ARUBANETWORKS : ArubaOS 3.1
 ARUBANETWORKS : ArubaOS 3.3
 ARUBANETWORKS : ArubaOS 3.4
Original documentdocumentARUBANETWORKS, Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point (28.10.2009)

Rising Antivirus / Firewall weak security permissions
Published:28.10.2009
Source:
SecurityVulns ID:10353
Type:local
Threat Level:
5/10
Description:Weak permissions for program executables and services.
Affected:RISING : Rising AntiVirus 2009
 RISING : Rising Internet Security 2009
 RISING : Rising Personal Firewall 2009
Original documentdocumentProtek Research Lab, {PRL} Rising Antivirus 2009 Privilege Escalation (28.10.2009)
 documentProtek Research Lab, {PRL} Rising Firewall 2009 Privilege Escalation (28.10.2009)
 documentShineShadow, Rising Multiple Products Local Privilege Escalation Vulnerability (28.10.2009)

Asterisk protection bypass
Published:28.10.2009
Source:
SecurityVulns ID:10354
Type:remote
Threat Level:
5/10
Description:ACL restrictions were not applied to SIP INVITE messages.
Affected:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
Original documentdocumentASTERISK, AST-2009-007: ACL not respected on SIP INVITE (28.10.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.10.2009
Source:
SecurityVulns ID:10355
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHP168 : PHP168 6.0
Original documentdocumentinfo_(at)_securitylab.ir, PHP168 v6.0 rc (28.10.2009)

Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 28.10.2009
Published:05.11.2009
Source:
SecurityVulns ID:10356
Type:remote
Threat Level:
8/10
Description:Buffer ovefflows, privilege escalation, information leak, crossite scripting.
Affected:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.0
 MOZILLA : Firefox 3.5
CVE:CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.)
 CVE-2009-3378 (The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.)
 CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.)
 CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.)
 CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects.")
 CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.)
 CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.)
 CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.)
 CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, possibly related to the Archive Manager component. NOTE: some of these details are obtained from third party information.)
 CVE-2009-1563 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.)
Original documentdocumentdisclosure_(at)_contextis.co.uk, Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox (05.11.2009)
 documentIDEFENSE, iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability (29.10.2009)
 documentSECUNIA, Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability (28.10.2009)
 documentJeremy Brown, Mozilla Firefox 3.5.3 Local Download Manager Exploit (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-64 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-63 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-62 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-61 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-59 (28.10.2009)
 documentMOZILLA, You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-57 Mozilla Foundation Security Advisory 2009-57 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-56 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-55 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-54 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-53 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-52 (28.10.2009)
Files:Mozilla Firefox 3.5.3 Local Download Manager Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod