Computer Security
[EN] securityvulns.ru no-pyccku


Sun Java JRE / JDK multiple security vulnerabilities
updated since 29.10.2007
Published:30.10.2007
Source:
SecurityVulns ID:8300
Type:library
Threat Level:
6/10
Description:Multiple sandbox restriction bypass vulnerabilities.
Affected:SUN : JDK 1.4
 ORACLE : JRE 1.4
 SUN : JRE 5.0
 ORACLE : JDK 5.0
CVE:CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.)
 CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.)
 CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.)
 CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.)
 CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities.")
 CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.)
Original documentdocumentNGSSoftware Insight Security Research Advisory (NISR), Memory overwrites in JVM via malformed TrueType font (30.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Untrusted Java applet can connect to localhost (30.10.2007)

Opera browser multiple security vulnerabilities
Published:30.10.2007
Source:
SecurityVulns ID:8302
Type:remote
Threat Level:
6/10
Description:Code execution, crossite access
Affected:OPERA : Opera 9.23
CVE:CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.)
 CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.)
Original documentdocumentGENTOO, [ GLSA 200710-31 ] Opera: Multiple vulnerabilities (30.10.2007)

zlib compression library DoS
updated since 06.07.2005
Published:30.10.2007
Source:
SecurityVulns ID:4963
Type:library
Threat Level:
6/10
Description:DoS on invalid data stream (including ones of PNG files).
Affected:CVS : CVS 1.12
 QT : qt 3.3
 ZLIB : zlib 1.2
 ZSYNC : zsync 0.3
 SUN : Network Security Services 3.10
 sash : sash 3.7
 CURL : curl 7.17
 GSVIEW : GSview 4.8
CVE:CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.)
Original documentdocumentStefan Kanthak, Windows binary of "Virtual Floppy Drive 2.1" contains vulnerable zlib (CAN-2005-2096) (30.10.2007)
 documentStefan Kanthak, Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096) (19.10.2007)
 documentStefan Kanthak, Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096) (19.10.2007)
 documentSECUNIA, zsync Multiple zlib Vulnerabilities (03.09.2005)
 documentSUSE, SUSE Security Announcement: zlib denial of service attack (SUSE-SA:2005:039) (06.07.2005)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod