Computer Security
[EN] securityvulns.ru no-pyccku


Cisco IOS XR DoS
Published:31.05.2012
Source:
SecurityVulns ID:12390
Type:remote
Threat Level:
6/10
Description:DoS on malcrafted packets.
Affected:CISCO : Cisco 9000
Original documentdocumentCISCO, Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability (31.05.2012)

FreeBSD crypt() implementation vulnerability
Published:31.05.2012
Source:
SecurityVulns ID:12391
Type:library
Threat Level:
5/10
Description:8-bit characters are ignored during DES hash calculation.
Affected:FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 9.0
 FREEBSD : FreeBSD 8.3
CVE:CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-12:02.crypt (31.05.2012)

Sony VAIO Wireless Manager ActiveX security vulnerabilities
Published:31.05.2012
Source:
SecurityVulns ID:12392
Type:client
Threat Level:
5/10
Description:Few different buffer overflows.
Affected:SONY : Wireless Manager Sony VAIO 4.0
CVE:CVE-2012-0985 (Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.)
Original documentdocumentHigh-Tech Bridge Security Research, 2 Buffer Overflows in Wireless Manager Sony VAIO (31.05.2012)

Asterisk security vulnerabilities
Published:31.05.2012
Source:
SecurityVulns ID:12393
Type:remote
Threat Level:
5/10
Description:DoS conditions on Skinny and IAX2 parsing.
Affected:ASTERISK : Asterisk 1.8
 ASTERISK : Asterisk 10.4
CVE:CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.)
 CVE-2012-2947 (chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.)
Original documentdocumentASTERISK, AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability (31.05.2012)
 documentASTERISK, AST-2012-007: Remote crash vulnerability in IAX2 channel driver. (31.05.2012)

tftpd32 buffer overflow
Published:31.05.2012
Source:
SecurityVulns ID:12394
Type:remote
Threat Level:
5/10
Description:Buffer overflow in embedded DNS server.
Affected:TFTPD32 : tftpd32 4.0
Original documentdocumentdemonalex_(at)_163.com, Tftpd32 DNS Server Denial Of Service Vulnerability (31.05.2012)

WinRADIUS buffer overflow
Published:31.05.2012
Source:
SecurityVulns ID:12395
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized password option.
Affected:WINRADIUS : WinRADIUS 2009
Original documentdocumentdemonalex_(at)_163.com, WinRadius Server Denial Of Service Vulnerability (31.05.2012)

EMC Autostart buffer overflow
updated since 31.05.2012
Published:26.08.2012
Source:
SecurityVulns ID:12396
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows
Affected:EMC : Autostart 5.4
CVE:CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets.)
Original documentdocumentZDI, ZDI-12-159 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7e7 Parsing Remote Code Execution Vulnerability (26.08.2012)
 documentZDI, ZDI-12-160 : EMC AutoStart ftAgent Opcode 0x14 Subcode 0x7F8 Parsing Remote Code Execution Vulnerability (26.08.2012)
 documentZDI, ZDI-12-161 : EMC AutoStart ftAgent Opcode 0x2d Subcode 0x1194 Parsing Remote Code Execution Vulnerability (26.08.2012)
 documentZDI, ZDI-12-144 : EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability (20.08.2012)
 documentZDI, ZDI-12-124: EMC AutoStart ftAgent Opcode 50 Subcode 42 Parsing Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-123: EMC AutoStart ftAgent Opcode 50 Subcode 60 Parsing Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-122: EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-121: EMC AutoStart ftAgent Opcode 85 Subcode 01 Parsing Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-120: EMC AutoStart ftAgent Opcode 85 Subcode 22 Parsing Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-119: EMC AutoStart ftAgent Opcode 0x41 Subcode 0x00 Parsing Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-118: EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-117 : EMC AutoStart ftAgent Opcode 50 Parsing Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-116 : EMC AutoStart ftAgent Opcode 50 Subcode 04 Parsing Remote Code Execution Vulnerability (16.07.2012)
 documentEMC, ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities (31.05.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod