<< Previous Next >>
arbitrary code execution
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02153865
Version: 1
HPSBMA02528 SSRT100106 rev.1 - HP Performance Center Agent on Windows, Remote Unauthenticated Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-05-10
Last Updated: 2010-05-10
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
Description:
Previous versions of the samba package are vulnerable to a remote
Arbitrary Code Execution attack when nmbd is configured as a WINS
server.
http://wiki.rpath.com/Advisories:rPSA-2007-0241
Copyright 2007 rPath, Inc.
(although using rmt for accessing remote files is deprecated).
II. DESCRIPTION
The rmt client implementation of GNU Tar/Cpio contains a heap-based
buffer overflow which possibly allows arbitrary code execution.
The vulnerability is in the function rmt_read__ in lib/rtapelib.c:
/* Read up to LENGTH bytes into BUFFER from remote tape connection HANDLE.
Return the number of bytes read on success, SAFE_READ_ERROR on error. */
SketchUp bundles an old version of 'lib3ds', a library used to process
3DS files. This library is being compiled in a way that leads to
improper validation of data when importing 3DS files; this condition can
be exploited by remote attackers to trigger a memory corruption
vulnerability by enticing an unsuspecting user to open a specially
crafted 3DS file, possibly leading to arbitrary code execution.
4. *Vulnerable packages*
. Google SketchUp 7.0.10247
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ Opera 10.01 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 20.11.2009
Product Name : Core Image Fun House
Product Version : <= 2.0 OS X
Vendor Name : http://www.apple.com
Type of Vulnerability : Buffer Overflow
Effort (1-10 where 1 == easy) : 5
Impact : Arbitrary Code Execution
Vendor Notified : Yes
Patch Released : N/A
Discovery Date : 07/10/2007
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1374
Description:
Previous versions of the cups package are vulnerable to an
Arbitrary Code Execution attack in which an attacker may use
a maliciously crafted PDF file to trigger an integer overflow
on 64-bit platforms.
http://wiki.rpath.com/Advisories:rPSA-2008-0245
3. Problem Description
a. Windows-based VMware Tools Unsafe Library Loading vulnerability
A vulnerability in the way VMware libraries are referenced allows
for arbitrary code execution in the context of the logged on user.
This vulnerability is present only on Windows Guest Operating
Systems.
In order for an attacker to exploit the vulnerability, the attacker
would need to lure the user that is logged on a Windows Guest
3. Problem Description
a. Windows-based VMware Tools Unsafe Library Loading vulnerability
A vulnerability in the way VMware libraries are referenced allows
for arbitrary code execution in the context of the logged on user.
This vulnerability is present only on Windows Guest Operating
Systems.
In order for an attacker to exploit the vulnerability, the attacker
would need to lure the user that is logged on a Windows Guest
3.1.4. SQL injection
There are several places in the software where authenticated ESS users
can perform SQL injection attacks.
Successful exploitation of this vulnerability can lead to unauthorized
access
to sensitive data, or arbitrary code execution.
3.1.5. CSRF and PHP code injection
There are no security measures implemented in the software against CSRF
attacks. If a remote attacker can trick an administrator to visit a
malicious
=======
Integer underflow bugs in the AES and RC4 decryption operations of the
crypto library of the MIT Kerberos software can cause crashes, heap
corruption, or, under extraordinarily unlikely conditions, arbitrary
code execution. Only releases krb5-1.3 and later are vulnerable, as
earlier releases did not contain the functionality implemented by the
vulnerable code.
This is an implementation vulnerability in MIT krb5, and is not a
vulnerability in the Kerberos protocol.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
Description:
Previous versions of the samba package are vulnerable to a remote
Arbitrary Code Execution attack when the "domain logons" configuration
option is enabled.
In its default configuration, rPath Linux 1 is not vulnerable to this
attack.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 20.11.2009
Affected Platforms:
Mac OS X v10.4.11
Mac OS X Server v10.4.11
Mac OS X v10.5.4
Mac OS X Server v10.5.4
Vulnerability: Arbitrary Code Execution (remote)
Risk: CRITICAL
________________________________________________________________________
Vendor communication:
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674
Description:
Previous versions of the pcre package are vulnerable to a possible
Arbitrary Code Execution attack in which an attacker may use a
maliciously crafted regular expression to trigger a buffer overflow.
The pcre library and utilities are not known to be exposed via any
privileged or remote interfaces within rPath Linux by default, but many
applications linked to the pcre library are routinely exposed to remote
registers global emulation code is only called when register globals is
already on, so it is kind of pointless.
Arbitrary Code Execution:
A different bit of code is set to run when register globals are off. The
code in question is located in /includes/globalsoff.php and attempts to
emulate register gloabls by recursively creating variables based on the
GPC super globals. The problem is that all of the variable creation is
done using eval() and thus allows for remote code execution.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
Description:
Previous versions of the gd package are vulnerable to a possible
Arbitrary Code Execution attack in which an attacker may use a
maliciously crafted GIF file to trigger a buffer overflow. The libgd
library is not exposed via any privileged or remote interfaces within
rPath Linux per se, but it may be exposed by some web applications.
http://wiki.rpath.com/Advisories:rPSA-2008-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727
https://issues.rpath.com/browse/RPL-1715
Description:
Previous versions of the lighttpd package are vulnerable to a remote
Arbitrary Code Execution attack due to a header overflow in the
mod_fastcgi extension.
Note that the Foresight System Manager (aka rAPA or rAA), the only user of
lighttpd on a default Foresight install, does not enable the mod_fastcgi
extension, and so is not vulnerable to this attack.
resources
CVE-2009-1836: Firefox SSL tampering via non-200 responses to proxy
CONNECT requests
CVE-2009-1837: Firefox Race condition while accessing the private
data of a NPObject JS wrapper class object
CVE-2009-1838: Firefox arbitrary code execution flaw
CVE-2009-1839: Firefox information disclosure flaw
CVE-2009-1840: Firefox XUL scripts skip some security checks
CVE-2009-1841: Firefox JavaScript arbitrary code execution
CVE-2009-2043: firefox - remote TinyMCE denial of service
CVE-2009-2044: firefox - remote GIF denial of service
KN9116. It is possible that other devices are affected as well. If you
have access to other similar devices and want to test whether they are
vulnerable as well, please contact me at jakob@cs.tu-berlin.de.
Impact: Arbitrary code execution on client system, Information
disclosure and man in the middle attacks.
Background:
Aten produces several IP KVM Switches. This devices can be used like a
normal kvm switch with an attached keyboard, mouse and monitor.
CVE-2008-3074
Jan Minar discovered that the tar plugin of vim did not properly
sanitise the filenames in the tar archive or the name of the
archive file itself, making it prone to arbitrary code execution.
CVE-2008-3075
Jan Minar discovered that the zip plugin of vim did not properly
sanitise the filenames in the zip archive or the name of the
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: BlueZ: Arbitrary code execution
Date: March 16, 2009
Bugs: #230591
ID: 200903-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CVE-2008-4070
It was discovered that a buffer overflow could be triggered via a
long header in a news article, which could lead to arbitrary code
execution. (MFSA 2008-46)
CVE-2008-5012
Georgi Guninski, Michal Zalewski and Chris Evan discovered that
the canvas element could be used to bypass same-origin
restrictions.
CVE-2008-5013
It was discovered that insufficient checks in the Flash plugin glue
code could lead to arbitrary code execution.
CVE-2008-5014
Jesse Ruderman discovered that a programming error in the
window.__proto__.__proto__ object could lead to arbitrary code
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0017
Justin Schuh discovered that a buffer overflow in the http-index-format
parser could lead to arbitrary code execution.
CVE-2008-4582
Liu Die Yu discovered an information leak through local shortcut
files.
project requesting an audit of the WordNet code base. These
vulnerabilities
were the findings of the requested audit.
Stack overflows fed via the command line, environment variables or
WordNet library calls can result in arbitrary code execution.
Stack and heap overflows via modified WordNet dictionaries may allow
arbitrary
code execution.
1. SUMMARY
Product : Vim -- Vi IMproved
Version : Vim >= 7.0 (possibly older), fixed in 7.2c.002
autoload/tar.vim version >= 9 (possibly older)
Impact : Arbitrary code execution
Wherefrom: Local, remote
Original : http://www.rdancer.org/vulnerablevim-tarplugin.v3.html
Vim update fixes a vulnerability that can lead to potential arbitrary
code execution when handling tar archives. The fnameescape() function
>
>> 1. Summary
>>
>> Product : Vim -- Vi IMproved
>> Version : Tested with 7.1.314 and 6.4
>> Impact : Arbitrary code execution
>> Wherefrom: Local and remote
>> Original : http://www.rdancer.org/vulnerablevim.html
>>
>> Improper quoting in some parts of Vim written in the Vim Script can lead to
>> arbitrary code execution upon opening a crafted file.
1. Summary
Product : Vim -- Vi IMproved
Versions : 5.0--current, possibly older; 4.6 and 3.0 not vulnerable
Impact : Arbitrary code execution
Wherefrom: Local
Original : http://www.rdancer.org/vulnerablevim-configure.in.html
http://www.rdancer.org/vulnerablevim-configure.in.patch
Insecure temporary file creation during the build process is vulnerable
1. Summary
Product : Vim -- Vi IMproved
Version : >= 7.2a.013; tested with 7.2b
Impact : Arbitrary code execution
Wherefrom: Local, possibly remote
Original : http://www.rdancer.org/vulnerablevim-shellescape.html
http://www.rdancer.org/vulnerablevim-latest.tar.bz2
Improper implementation of the shellescape() function and lack of
<<Previous Next>>
|
