Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla NSS library RSA siagnature forgery
Published:29.09.2014
Source:
SecurityVulns ID:13978
Type:library
Threat Level:
6/10
Description:Signature validation bypass due to invalid length check in ASN.1 record.
Affected:MOZILLA : Firefox 32.0
 MOZILLA : Firefox ESR 31.1
 MOZILLA : Thunderbird 31.1
 MOZILLA : SeaMonkey 2.29
 MOZILLA : nss 3.17
Files:Mozilla Foundation Security Advisory 2014-73

libvncserver multiple security vulnerabilities
Published:29.09.2014
Source:
SecurityVulns ID:13979
Type:library
Threat Level:
6/10
Description:Buffer overflows, memory corruptions, DoS.
Affected:LIBVNCSERVER : LibVNCServer 0.9
CVE:CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.)
 CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.)
 CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.)
 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.)
 CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.)
Original documentdocumentAndrea Barisani, [oCERT-2014-007] libvncserver multiple issues (29.09.2014)

Perl stack overflow
Published:29.09.2014
Source:
SecurityVulns ID:13980
Type:library
Threat Level:
5/10
Description:Buffer overflow on recursion.
Affected:PERL : perl 5.20
CVE:CVE-2014-4330 (The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.)
Original documentdocumentLSE Leading Security Experts GmbH (Security Advisories), LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow (29.09.2014)

wireshark multiple security vulnerabilities
Published:29.09.2014
Source:
SecurityVulns ID:13981
Type:remote
Threat Level:
6/10
Description:Multiple memory corruptions and DoS conditions on dufferent formats.
Affected:WIRESHARK : Wireshark 1.10
CVE:CVE-2014-6432 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.)
 CVE-2014-6431 (Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.)
 CVE-2014-6430 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.)
 CVE-2014-6429 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.)
 CVE-2014-6428 (The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2014-6427 (Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.)
 CVE-2014-6424 (The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.)
 CVE-2014-6423 (The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.)
 CVE-2014-6422 (The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.)
 CVE-2014-6421 (Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:188 ] wireshark (29.09.2014)

libgadu certificate check bypass
Published:29.09.2014
Source:
SecurityVulns ID:13982
Type:library
Threat Level:
5/10
Description:Server certificate is not checked.
Affected:LIBGADU : libgadu 1.12
CVE:CVE-2013-4488 (libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:185 ] libgadu (29.09.2014)

net-snmp DoS
Published:29.09.2014
Source:
SecurityVulns ID:13983
Type:remote
Threat Level:
5/10
Description:snmptrapd NULL pointer dereference.
Affected:NETSNMP : net-snmp 5.7
Original documentdocumentMANDRIVA, [ MDVSA-2014:184 ] net-snmp (29.09.2014)

Linux kernel multiple security vulnerabilities
updated since 03.09.2014
Published:29.09.2014
Source:
SecurityVulns ID:13951
Type:remote
Threat Level:
7/10
Description:SCTP DoS, ALSA multiple DoS and information leakage, autofs DoS.
Affected:LINUX : kernel 3.15
CVE:CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.)
 CVE-2014-5471 (Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.)
 CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.)
 CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.)
 CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.)
 CVE-2014-4655 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.)
 CVE-2014-4654 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.)
 CVE-2014-4653 (sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.)
 CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.)
 CVE-2014-4508 (arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.)
 CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.)
 CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.)
Original documentdocumentUBUNTU, [USN-2359-1] Linux kernel vulnerabilities (29.09.2014)
 documentUBUNTU, [USN-2332-1] Linux kernel vulnerabilities (03.09.2014)

Glype filtering bypass
Published:29.09.2014
Source:
SecurityVulns ID:13985
Type:remote
Threat Level:
5/10
Description:Access by decimal addresses is possible. Directory traversal.
Affected:GLYPE : glype 1.4
Original documentdocumentSecurify B.V., Glype proxy cookie jar path traversal allows code execution (29.09.2014)
 documentSecurify B.V., Glype proxy privacy settings can be disabled via CSRF (29.09.2014)
 documentSecurify B.V., Glype proxy local address filter bypass (29.09.2014)

nginx information leakage
Published:29.09.2014
Source:
SecurityVulns ID:13986
Type:remote
Threat Level:
5/10
Description:Invalid cached session reusage.
Affected:NGINX : nginx 1.4
CVE:CVE-2014-3616 (nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.)
Original documentdocumentUBUNTU, [USN-2351-1] nginx vulnerability (29.09.2014)

Cisco IOS multiple security vulnerabilities
Published:29.09.2014
Source:
SecurityVulns ID:13984
Type:remote
Threat Level:
7/10
Description:Multiple DoS conditions.
CVE:CVE-2014-3361 (The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.)
 CVE-2014-3360 (Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586.)
 CVE-2014-3359 (Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets, aka Bug ID CSCum90081.)
 CVE-2014-3358 (Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950.)
 CVE-2014-3357 (Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866.)
 CVE-2014-3356 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753.)
 CVE-2014-3355 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942.)
 CVE-2014-3354 (Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCui11547.)
Files: Cisco Security Advisory Cisco IOS Software Metadata Vulnerabilities
  Cisco Security Advisory Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System
  Cisco Security Advisory Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability
  Cisco Security Advisory Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
  Cisco Security Advisory Cisco IOS Software Network Address Translation Denial of Service Vulnerability
  Cisco Security Advisory Cisco IOS Software RSVP Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod