Computer Security
[EN] securityvulns.ru no-pyccku


Firebird SQL DoS
Published:29.07.2009
Source:
SecurityVulns ID:10107
Type:remote
Threat Level:
5/10
Description:op_connect_request request with invalid paramters causes server to shutdown listening socket end enter infinite loop.
Affected:FIREBIRD : Firebird SQL 2.0
 FIREBIRD : Firebird SQL 2.1
 FIREBIRD : Firebird SQL 2.5
CVE:CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0707: Firebird SQL op_connect_request main listener shutdown vulnerability (29.07.2009)

Linux eCryptfs buffer overflow
Published:29.07.2009
Source:
SecurityVulns ID:10108
Type:local
Threat Level:
6/10
Description:Buffer overflows on parse_tag_11_packet and parse_tag_3_packet functions.
Affected:LINUX : kernel 2.6
CVE:CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.)
 CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.)
Original documentdocumentRISE Security, [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability (29.07.2009)
 documentRISE Security, [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability (29.07.2009)

Linux kernel DoS
Published:29.07.2009
Source:
SecurityVulns ID:10110
Type:local
Threat Level:
5/10
Description:NULL pointer dereference on /dev/kvm call handling.
Affected:LINUX : kernel 2.6
CVE:CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.)

HP servers with LO100i (HP Lights Out 100) DoS
Published:29.07.2009
Source:
SecurityVulns ID:10111
Type:remote
Threat Level:
5/10
CVE:CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, and G6 servers with ProLiant Onboard Administrator Powered by LO100i (formerly Lights Out 100) 3.07 and earlier allows remote attackers to cause a denial of service via unknown vectors.)

Cisco IOS BGP DoS
Published:29.07.2009
Source:
SecurityVulns ID:10112
Type:remote
Threat Level:
6/10
Description:Few denial of service conditions on BGP updates with 4-bytes AS numbers.
Affected:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 CISCO : IOS XE 2.1
 CISCO : IOS XE 2.2
 CISCO : IOS XE 2.3
 CISCO : IOS XE 2.4
CVE:CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973.)
 CVE-2009-1168 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities (29.07.2009)

ISC bind named DNS server DoS
updated since 29.07.2009
Published:30.07.2009
Source:
SecurityVulns ID:10109
Type:remote
Threat Level:
8/10
Description:Crash on dynamic update message with ANY type (disablind dynamic updates doesn't eliminate problem).
Affected:BIND : bind 9.4
 BIND : bind 9.5
 ISC : bind 9.6
CVE:CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.)
Original documentdocumentISC, BIND Dynamic Update DoS (29.07.2009)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:12.bind (29.07.2009)
Files:ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC

Microsoft Internet Explorer multiple security vulnerabilities
updated since 29.07.2009
Published:07.08.2009
Source:
SecurityVulns ID:10105
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions, workaround for ATL vulnerability added.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2009-1917 (Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability.")
Original documentdocumentZDI, ZDI-09-047: Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability (07.08.2009)
 documentZDI, ZDI-09-048: Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability (07.08.2009)
 documentMICROSOFT, iDefense Security Advisory 08.06.09: Microsoft Internet Explorer HTML TIME 'ondatasetcomplete' Use After Free Vulnerability (07.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer (972260) (29.07.2009)
Files:Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer (972260)

Microsoft Active Template Library (ATL) multiple security vulnerabilities
updated since 29.07.2009
Published:13.10.2009
Source:
SecurityVulns ID:10106
Type:library
Threat Level:
9/10
Description:Memory corruptions, information leak, initialization problem, leading to killbit protection bypass.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability.")
 CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability.")
 CVE-2009-0901 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525) (13.10.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525) (13.10.2009)
 documentIDEFENSE, iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability (20.08.2009)
 documentIDEFENSE, iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Information Disclosure Vulnerability (20.08.2009)
 documentIDEFENSE, iDefense Security Advisory 08.11.09: Multiple Vendor Microsoft ATL/MFC ActiveX Type Confusion Vulnerability (20.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-037 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) (11.08.2009)
 documentCISCO, Cisco Security Advisory: Active Template Library (ATL) Vulnerability (29.07.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-209A -- Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities (29.07.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) (29.07.2009)
Files:Microsoft Security Bulletin MS09-035 - Moderate Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
 Microsoft Security Bulletin MS09-037 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
 Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525)
 Microsoft Security Bulletin MS09-060 - Critical Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod