<< Previous Next >>
memory
3. *Vulnerability Description*
Apple Safari is the default web browser included on Apple iPhone. A
vulnerability has been found on the 'WebKit' library used by Safari
inside iPhone. By inserting a special string on the 'alert()' JavaScript
method, it's possible to crash Safari via an outbound memory read
triggering an access violation.
4. *Vulnerable packages*
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
The do_anonymous_page function in mm/memory.c in the Linux kernel
does not properly separate the stack and the heap, which allows
context-dependent attackers to execute arbitrary code by writing
to the bottom page of a shared memory segment, as demonstrated by a
memory-exhaustion attack against the X.Org X server. (CVE-2010-2240)
http://www.debian.org/security/ dann frazier
October 22, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-2695 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909
CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3286
CVE-2009-3290 CVE-2009-3613
for free.
II. Description
~~~~~~~~~~~~~~~
This bug is a simple design bug that results in an endless loop (and interesting
memory leaks).
Once upon a time Netscape thought it would be a great idea to add the keygen tag
(<keygen>) as a feature to their Browser. The keygen tag offers a simple way
of automatically generating key material using various algorithms. For instance
it is possible to generate RSA, DSA and EC key material.
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
VLC media player XSPF Memory Corruption
1. *Advisory Information*
Title: VLC media player XSPF Memory Corruption
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Content Switching Module Memory Leak
Vulnerability
Advisory ID: cisco-sa-20080514-csm
http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Content Switching Module Memory Leak
Vulnerability
Advisory ID: cisco-sa-20080514-csm
http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml
Summary
=======
Cisco IOS Software contains a vulnerability when the Cisco IOS SSL
VPN feature is configured with an HTTP redirect. Exploitation could
allow a remote, unauthenticated user to cause a memory leak on the
affected devices, that could result in a memory exhaustion condition
that may cause device reloads, the inability to service new TCP
connections, and other denial of service (DoS) conditions.
Cisco has released free software updates that address this
command failures.
CVE-2010-4158
Dan Rosenberg discovered an issue in the socket filters subsystem, allowing
local unprivileged users to obtain the contents of sensitive kernel memory.
CVE-2010-4162
Dan Rosenberg discovered an overflow issue in the block I/O subsystem that
allows local users to map large numbers of pages, resulting in a denial of
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2010-3873)
Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)
Vasiliy Kulikov discovered that the Linux kernel sockets implementation
did not properly initialize certain structures. A local attacker could
exploit this to read kernel stack memory, leading to a loss of privacy.
ESX 4.0 without patches ESX400-201105201-UG, ESX400-201205401-SG
ESX 3.5 without patch ESX350-201205401-SG
3. Problem Description
a. VMware host memory overwrite vulnerability (data pointers)
Due to a flaw in the handler function for RPC commands, it is
possible to manipulate data pointers within the VMX process.
This vulnerability may allow a guest user to crash the VMX
process or potentially execute code on the host.
http://www.debian.org/security/ Dann Frazier
November 5, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-1883 CVE-2009-2909 CVE-2009-3001 CVE-2009-3002
CVE-2009-3228 CVE-2009-3238 CVE-2009-3286 CVE-2009-3547
CVE-2009-3612 CVE-2009-3621
users to cause a denial of service or potentially gain elevated
privileges.
CVE-2009-0031
Vegard Nossum discovered a memory leak in the keyctl subsystem
that allows local users to cause a denial of service by consuming
all available kernel memory.
CVE-2009-0065
exploited without authentication to cause a denial of service
condition. Both vulnerabilities affect both Cisco IOS WebVPN and
Cisco IOS SSLVPN features:
1. Crafted HTTPS packet will crash device.
2. SSLVPN sessions cause a memory leak in the device.
Cisco has released free software updates that address these
vulnerabilities.
There are no workarounds that mitigate these vulnerabilities.
Siim:
While I agree with your comments, I cannot help but suggest that maybe the method of choice could be 'security through obscurity' whereby they take a hash of the password, with a non-std. hashing mechanism. The idea being that in today's world where there are so many scr1pt-kiddi3 toolz out there allowing the avg. Joe Schmoe the capability of analyzing one's memory processes i.e. Tsearch, memhack etc... It only makes it non-trivial for them to extract the info needed. This way you are making it a tad more annoying and adding another buffer they need to bypass :)
Just a thought,
Aras 'Russ' Memisyazici
Systems Administrator
Virginia Tech
-----Original Message-----
release (Sophos)
*Vulnerability Information*
Class: Invalid memory reference
Remotely Exploitable: No
Locally Exploitable: Yes
Bugtraq ID: 28741 28742 28743 28744
CVE Name: CVE-2008-1735 CVE-2008-1736 CVE-2008-1737 CVE-2008-1738
Doug Chapman discovered a potential local DoS (deadlock) in the mincore
function caused by improper lock handling.
CVE-2006-5753
Eric Sandeen provided a fix for a local memory corruption vulnerability
resulting from a misinterpretation of return values when operating on
inodes which have been marked bad.
CVE-2006-5823
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Panda Internet Security/Antivirus+Firewall 2008
cpoint.sys Kernel Driver Memory Corruption Vulnerability
Advisory ID: TKADV2008-001
Revision: 1.0
Release Date: 2008/03/08
Last Modified: 2008/03/08
Date Reported: 2008/01/08
include: gflags, hookssl, and hookndr.
The API has been reinforced with new functionality which allows you to
gather more information from the remote process, such as Threads,
findRetValue. This release also includes some important fixes such as
correct Memory Page protection flags, which are also available via the
Python API.
Check the Changelog below for the details of this exciting release.
As usual, you can discuss your scripts, request new features or just hang
include: gflags, hookssl, and hookndr.
The API has been reinforced with new functionality which allows you to
gather more information from the remote process, such as Threads,
findRetValue. This release also includes some important fixes such as
correct Memory Page protection flags, which are also available via the
Python API.
Check the Changelog below for the details of this exciting release.
As usual, you can discuss your scripts, request new features or just hang
Doug Chapman discovered a potential local DoS (deadlock) in the mincore
function caused by improper lock handling.
CVE-2006-5753
Eric Sandeen provided a fix for a local memory corruption vulnerability
resulting from a misinterpretation of return values when operating on
inodes which have been marked bad.
CVE-2006-5823
Release mode: Coordinated release
*Vulnerability Information*
Class: Arbitrary memory corruption
Remotely Exploitable: Yes (client-side)
Locally Exploitable: No
Bugtraq ID: 28007
CVE Name: CVE-2008-0984
* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
* Fixed a possible resource destruction issues in shm_put_var().
* Fixed a possible information leak because of interruption of
XOR operator.
* Fixed a possible memory corruption because of unexpected call-time
pass by refernce and following memory clobbering through callbacks.
* Fixed a possible memory corruption in ArrayObject::uasort().
* Fixed a possible memory corruption in parse_str().
* Fixed a possible memory corruption in pack().
* Fixed a possible memory corruption in substr_replace().
VSR Security Advisory
http://www.vsecurity.com/
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: OpenOffice.org Multiple Memory Corruption Vulnerabilities
Release Date: 2011-01-26
Application: Oracle OpenOffice.org
Versions: 3.2 and earlier
Severity: High
Author: Dan Rosenberg <drosenberg (at) vsecurity.com>
Application: Microsoft WINS service
http://www.microsoft.com
Versions: <= 5.2.3790.4520
Platforms: Windows
Bug: arbitrary memory corruption
Exploitation: remote, versus server
Date: found 21 Oct 2010
patched 10 May 2011
advisory 13 Sep 2011
Author: Luigi Auriemma
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series switches and Cisco 7600 Series routers is affected by the
following vulnerabilities:
* Syslog Message Memory Corruption Denial of Service Vulnerability
* Authentication Proxy Denial of Service Vulnerability
* TACACS+ Authentication Bypass Vulnerability
* Sun Remote Procedure Call (SunRPC) Inspection Denial of Service
Vulnerabilities
* Internet Locator Server (ILS) Inspection Denial of Service
vendor's site found at the following link:<BR> <BR>
http://get.adobe.com/shockwave
II. DESCRIPTION
Remote exploitation of a heap memory indexing vulnerability in Adobe
Systems Inc.'s Shockwave Player could allow an attacker to execute
arbitrary code with the privileges of the current user. <BR> <BR> The
vulnerability takes place during the processing of a certain malformed
file. A function calculates an offset to be used within a memory mapped
file and returns the offset value. The return value is not checked. This
http://www.debian.org/security/ Dann Frazier
February 27, 2010 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726
CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021
CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538
Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structure containing a negative index in the SVGTransformList, SVGStringList,
SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,
which triggers memory corruption.
CVE-2009-1687
The JavaScript garbage collector in WebKit does not properly handle allocation
II. DESCRIPTION
Remote exploitation of an invalid free vulnerability in Microsoft
Corp.'s Active Directory Server allows attackers to exhaust all virtual
memory.
According to section 2.4 of the IETF Request For Comments (rfc) 4514,
LDAP requests can contain strings that have been encoded using
hexadecimal encoding. When Active Directory on Windows 2000 encounters
such a request, it fails to release the memory associated with the
<<Previous Next>>
|
