Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel multiple security vulnerabilities
updated since 09.12.2008
Published:29.12.2008
Source:
SecurityVulns ID:9488
Type:local
Threat Level:
6/10
Description:Double listen() on the same socket causes creation of unassigned vcc table entry, which causes infinite loop in kernel on attempt to cat vc table. inotify subsystem race conditions allow privilege escalation, socket-related memory exhaustion. chip_command() NULL pointer dereference. HFS file sytem mounting buffer overflow.
Affected:LINUX : kernel 2.6
CVE:CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.)
 CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.)
 CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.)
 CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors.)
 CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:246 ] kernel (29.12.2008)
 documentHugo Dias, CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table (09.12.2008)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 10.12.2008
Published:29.12.2008
Source:
SecurityVulns ID:9496
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability.")
 CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability.")
Original documentdocumentBrett Moore, [Full-disclosure] Insomnia : ISVA-081209.1 - IE Webdav Request Parsing Heap Corruption Vulnerability (10.12.2008)
 documentZDI, ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability (10.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.09.08: Microsoft Internet Explorer 5.01 EMBED tag Long File Name Extension Stack Buffer Overflow Vulnerability (iDefense Exclusive) (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-073 - Critical Cumulative Security Update for Internet Explorer (958215) (10.12.2008)
Files: Microsoft Internet Explorer XML Buffer Overflow Exploit
  Microsoft Security Bulletin MS08-073 - Critical Cumulative Security Update for Internet Explorer (958215)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.12.2008
Published:29.12.2008
Source:
SecurityVulns ID:9550
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. bbPress: crossite scripting, protection bypass
Affected:PHPPGADMIN : phpPgAdmin 4.1
 BBPRESS : bbPress 0.9
 PSYCHOSTATS : PsychoStats 3.1
 PHPPGADMIN : phpPgAdmin 4.2
 JOOMLA : mdigg 2.2
 VIART : ViArt Shopping Cart 3.5
CVE:CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/.)
 CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.)
 CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.)
Original documentdocumentr3d.w0rm_(at)_yahoo.com, Mavi Emlak Sql Injection (29.12.2008)
 documentadmin_(at)_elites0ft.com, MagpieRSS XSS 0day (29.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, Madrese-Portal Sql Injection (29.12.2008)
 documentXiaShing_(at)_gmail.com, ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities (29.12.2008)
 documentBUGTRAQ, Joomla Component mdigg 2.2.8 Blind SQL Injection Exploit (29.12.2008)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1693-1] New phppgadmin packages fix several vulnerabilities (28.12.2008)
 documentmatrix_killer ma3x, PsychoStats v3.1 XSS (28.12.2008)
 documentMustLive, Vulnerabilities in bbPress (28.12.2008)
Files:Joomla Component mdigg 2.2.8 Blind SQL Injection Exploit

Microsoft Windows Media Player buffer overflow
Published:29.12.2008
Source:
SecurityVulns ID:9552
Type:client
Threat Level:
9/10
Description:Buffer overflow on WAV parsing
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
Original documentdocumentanonymous_(at)_anonym.an, hm? new vulnerabilities? wav windows media (29.12.2008)
Files:wav windows media exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod