Computer Security
[EN] securityvulns.ru no-pyccku


python multiple security vulnerabilities
updated since 09.07.2012
Published:29.07.2012
Source:
SecurityVulns ID:12454
Type:library
Threat Level:
5/10
Description:DoS, crissoite scripting, information leakage.
Affected:PYTHOH : python 2.7
CVE:CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.)
 CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.)
 CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.)
 CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.)
 CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:117 ] python-pycrypto (29.07.2012)
 documentMANDRIVA, [ MDVSA-2012:096-1 ] python (09.07.2012)

ISC bind DoS
Published:29.07.2012
Source:
SecurityVulns ID:12492
Type:remote
Threat Level:
6/10
Description:Crash because of incorrect failed requests cache implementation.
Affected:ISC : bind 9.9
CVE:CVE-2012-3817 (ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.)
Original documentdocumentUBUNTU, [USN-1518-1] Bind vulnerability (29.07.2012)

Apache mod_auth_openid weak permissions
Published:29.07.2012
Source:
SecurityVulns ID:12493
Type:local
Threat Level:
4/10
Description:/tmp/mod_auth_openid.db weak permissions
Affected:APACHE : mod_auth_openid 0.6
CVE:CVE-2012-2760 (mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:114 ] apache-mod_auth_openid (29.07.2012)

ISC dhcp multiple security vulnerabilities
updated since 29.07.2012
Published:18.09.2012
Source:
SecurityVulns ID:12491
Type:remote
Threat Level:
5/10
Description:Multiple DoS conditions.
Affected:ISC : dhcp 4.1
 DHCP : dhcp 4.2
CVE:CVE-2012-3955 (ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.)
 CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.)
 CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.)
 CVE-2012-3570 (Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:153 ] dhcp (18.09.2012)
 documentMANDRIVA, [ MDVSA-2012:115 ] dhcp (29.07.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod