<< Previous Next >>
attackers
Multiple security vulnerabilities has been discovered and corrected
in poppler:
An out-of-bounds reading flaw in the JBIG2 decoder allows remote
attackers to cause a denial of service (crash) via a crafted PDF file
(CVE-2009-0799).
Multiple input validation flaws in the JBIG2 decoder allows
remote attackers to execute arbitrary code via a crafted PDF file
(CVE-2009-0800).
SUMMARY
This advisory addresses the renegotiation related vulnerability
disclosed recently in Transport Layer Security protocol [1][2]. This
vulnerability may allow a Man-in-the-Middle (MITM) attacker to inject
arbitrary data into the beginning of the application protocol stream
protected by TLS.
The only ArubaOS component that seems affected by this issue is the
HTTPS WebUI administration interface. If a client browser (victim) is
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
and accept the database update to clear any invalid cached data.
Details follow:
Thor Larholm discovered that PHPMailer, as used by Moodle, did not
correctly escape email addresses. A local attacker with direct access
to the Moodle database could exploit this to execute arbitrary commands
as the web server user. (CVE-2007-3215)
Nigel McNie discovered that fetching https URLs did not correctly escape
shell meta-characters. An authenticated remote attacker could execute
1. Insecure file upload in blog personal gallery
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security risk: critical
Preconditions:
1. attacker must be registered user
2. attacker must have blog editing privileges
Registered users with blog keeping privileges can access personal gallery
functionality, example URL:
the package.xml file, related to the (1) download_dir, (2) cache_dir,
(3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,
CVE-2011-1144)
Ben Schmidt discovered that a use-after-free vulnerability in the PHP
Zend engine could allow an attacker to cause a denial of service (heap
memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)
Martin Barbella discovered a buffer overflow in the PHP GD extension
that allows an attacker to cause a denial of service (application crash)
via a large number of anti- aliasing steps in an argument to the
the package.xml file, related to the (1) download_dir, (2) cache_dir,
(3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,
CVE-2011-1144)
Ben Schmidt discovered that a use-after-free vulnerability in the PHP
Zend engine could allow an attacker to cause a denial of service (heap
memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)
Martin Barbella discovered a buffer overflow in the PHP GD extension
that allows an attacker to cause a denial of service (application crash)
via a large number of anti- aliasing steps in an argument to the
7) Known vulnerabilities:
CVE ID Disclosed Title
CVE-2000-1038 12/11/2000 The web administration interface for IBM AS/400
Firewall allows remote attackers to cause a denial of service via an
empty GET request.
CVE-2002-1731 12/31/2002 The System Request menu in IBM AS/400 allows
local users to list valid user accounts by viewing the object names that
are type USRPRF.
CVE-2005-0868 05/02/2005 AS/400 Telnet 5250 terminal emulation clients,
Mail: nso-research at sotiriu.de
URL: http://sotiriu.de/adv/NSOADV-2010-004.txt
Vendor: McAfee (http://www.mcafee.com/)
Affected Products: McAfee LinuxShield <= 1.5.1
Not Affected Products: McAfee LinuxShield 1.5.1 with HF550192
Remote Exploitable: Yes (attacker must be authenticated)
Local Exploitable: Yes
Patch Status: Vendor released a patch (See Solution)
Discovered by: Nikolas Sotiriu
Thanks to: Thierry Zoller: For the permission to use his
Policy
Mail: nso-research at sotiriu.de
URL: http://sotiriu.de/adv/NSOADV-2010-004.txt
Vendor: McAfee (http://www.mcafee.com/)
Affected Products: McAfee LinuxShield <= 1.5.1
Not Affected Products: McAfee LinuxShield 1.5.1 with HF550192
Remote Exploitable: Yes (attacker must be authenticated)
Local Exploitable: Yes
Patch Status: Vendor released a patch (See Solution)
Discovered by: Nikolas Sotiriu
Thanks to: Thierry Zoller: For the permission to use his
Policy
> Mail: nso-research at sotiriu.de
> URL: http://sotiriu.de/adv/NSOADV-2010-004.txt
> Vendor: McAfee (http://www.mcafee.com/)
> Affected Products: McAfee LinuxShield <= 1.5.1
> Not Affected Products: McAfee LinuxShield 1.5.1 with HF550192
> Remote Exploitable: Yes (attacker must be authenticated)
> Local Exploitable: Yes
> Patch Status: Vendor released a patch (See Solution)
> Discovered by: Nikolas Sotiriu
> Thanks to: Thierry Zoller: For the permission to use his
> Policy
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
vMA 4.0 RHEL5 Patch 2 *
* vMA JRE is updated to version JRE 1.5.0_21
Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
___________________________________________________________________________
Overview:
Hash tables are a commonly used data structure in most programming
languages. Web application servers or platforms commonly parse
attacker-controlled POST form data into hash tables automatically, so
that they can be accessed by application developers.
If the language does not provide a randomized hash function or the
application server does not recognize attacks using multi-collisions, an
attacker can degenerate the hash table by sending lots of colliding
+-------------------------------------
The IronPort PXE Encryption solution is affected by two
vulnerabilities that could allow unauthorized individuals to view the
contents of secure e-mail messages. To exploit the vulnerabilities,
attackers must first intercept secure e-mail messages on the network
or via a compromised e-mail account.
IronPort Encryption Appliance Administration Interface Vulnerabilities
+---------------------------------------------------------------------
Details follow:
USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert
discovered that the fix for CVE-2010-1214 introduced a regression which did
not properly initialize a plugin pointer. If a user were tricked into
viewing a malicious site, a remote attacker could use this to crash the
browser or run arbitrary code as the user invoking the program.
(CVE-2010-2755)
This update fixes the problem.
SOAP Authentication Bypass
+-------------------------
An authentication bypass vulnerability exists that could allow a
remote, unauthenticated attacker to invoke arbitrary methods that are
available via the SOAP interface on the Cisco TelePresence Manager.
The attacker would need the ability to submit a malformed SOAP
request that is designed to trigger the vulnerability to the affected
device on TCP port 8080 or 8443.
Problem Description:
Vulnerabilities have been discovered and corrected in xine-lib:
Failure on Ogg files manipulation can lead remote attackers to cause
a denial of service by using crafted files (CVE-2008-3231).
Failure on manipulation of either MNG or Real or MOD files can lead
remote attackers to cause a denial of service by using crafted files
(CVE: CVE-2008-5233).
Problem Description:
Security vulnerabilities has been identified and fixed in pidgin:
The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick
a user into accepting an invalid server certificate for a spoofed
service. (CVE-2008-3532)
Pidgin 2.4.1 allows remote attackers to cause a denial of service
(crash) via a long filename that contains certain characters, as
A vulnerability in the way VMware libraries are referenced allows
for arbitrary code execution in the context of the logged on user.
This vulnerability is present only on Windows Guest Operating
Systems.
In order for an attacker to exploit the vulnerability, the attacker
would need to lure the user that is logged on a Windows Guest
Operating System to click on the attacker's file on a network
share. This file could be in any file format. The attacker will
need to have the ability to host their malicious files on a
network share.
A vulnerability in the way VMware libraries are referenced allows
for arbitrary code execution in the context of the logged on user.
This vulnerability is present only on Windows Guest Operating
Systems.
In order for an attacker to exploit the vulnerability, the attacker
would need to lure the user that is logged on a Windows Guest
Operating System to click on the attacker's file on a network
share. This file could be in any file format. The attacker will
need to have the ability to host their malicious files on a
network share.
Status: Published
============
Introduction
============
This paper discusses how an unprivileged local attacker can elevate their
privileges during an initial installation or update of iTunes for Windows. This
vulnerability was responsibly disclosed to Apple Inc. and this advisory was not
released until a fixed build of iTunes was released.
==========
* No Cross-Site-Request-Forgery (XSRF) protection (CVE-2009-3580)
The forms in SQL-Ledger are not protected against XSRF. They include the username
in the hidden field »login«, though, which has to be specified correctly. An
attacker is thus required to know the login name – it can be guessed, brute-forced
or retrieved using a Cross-Site-Scripting attack, though.
An example attack would be to send the following link to the user which unknowningly
changes his password to the application. Given network access to SQL-Ledger, the
attacker could then use the application with the user's account and the newly set
realize the automatic process of password cracking.
As you comment, using this feature exist a lock (for 2 hours) for
authentication attempts, and beyond this limit (100 requests) the
message returned by the application does not allow to known if the
analyzed password is correct or not. However, every 2 hours an attacker
could make 100 authentication attempts.
To overcome this limit (100 authentication attempts), it is sufficient
that the attacker has other Gmail accounts. Each account allows the
malicious user to make 100 new auhtentication attempts within 2 hours of
Problem Description:
Multiple security vulnerabilities has been identified and fixed in
Little cms library embedded in OpenJDK:
A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
Problem Description:
Multiple security vulnerabilities has been identified and fixed in
Little cms library embedded in OpenJDK:
A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
edi 0x4a4a4a4a 1246382666
eip 0x804fdca 0x804fdca <main+2362>
[...]
Because the ECX register can be controlled (0x47 is the ASCII code for
the letter "G"), the attacker can control the ESP register through the
"lea 0xfffffffc(%ecx),%esp" instruction at 0x0804fdc7. The attacker can
execute code in mapserv's process space by setting the ESP register to
an address that holds a reference to code and letting the "ret"
instruction execute at 0x0804fdca; this will assign the EIP register an
attacker-supplied value.
Numerous vulnerabilities were discovered in the PHP scripting language
that are corrected with this update.
An integer overflow in the substr_compare() function allows
context-dependent attackers to read sensitive memory via a large
value in the length argument. This only affects PHP5 (CVE-2007-1375).
A stack-based buffer overflow in the zip:// URI wrapper in PECL
ZIP 1.8.3 and earlier allowes remote attackers to execute arbitrary
code via a long zip:// URL. This only affects Corporate Server 4.0
necessary changes.
Details follow:
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)
An integer overflow was discovered in how Firefox processed plugin
<<Previous Next>>
|
