Next Page >>
attacker
USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. This
update provides the corresponding updates for Ubuntu 10.04.
Original advisory details:
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
check file permissions. A local attacker could overwrite append-only files,
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly
check file permissions. A local attacker could overwrite append-only files,
PHP filesystem attack vectors
Name PHP filesystem attack vectors
Systems Affected PHP and PHP+Suhosin
Vendor http://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (giovanni.pellerano AT
evilaliv3 DOT org)
Date 20090207
perform this as well.
Details follow:
Joel Becker discovered that OCFS2 did not correctly validate on-disk
symlink structures. If an attacker were able to trick a user or automated
system into mounting a specially crafted filesystem, it could crash the
system or exposde kernel memory, leading to a loss of privacy.
Ben Hutchings discovered that the ethtool interface did not correctly
check certain sizes. A local attacker could perform malicious ioctl calls
1.Vulnerability information
---------------------------
Impact: An unauthenticated remote attacker without any kind of
credentials can access the SMB service under the credentials of an
authorized user. Depending on the privileges of the authorized user, and
the configuration of the remote system, an attacker can gain read/write
access to the remote file system and execute arbitrary code by using
DCE/RPC over SMB.
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
Details follow:
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
(CVE-2009-4895)
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
___________________________________________________________________________
Overview:
Hash tables are a commonly used data structure in most programming
languages. Web application servers or platforms commonly parse
attacker-controlled POST form data into hash tables automatically, so
that they can be accessed by application developers.
If the language does not provide a randomized hash function or the
application server does not recognize attacks using multi-collisions, an
attacker can degenerate the hash table by sending lots of colliding
Unauthenticated Java Servlet Access
+----------------------------------
A number of sensitive Java Servlets delivered via a Java Servlet
framework within the Cisco TelePresence Recording Server could allow
a remote, unauthenticated attacker to perform actions that should be
restricted to administrative users. To successfully exploit this
vulnerability, the attacker would need the ability to submit a
crafted request to an affected device on TCP port 80, TCP port 443,
or TCP port 8080.
Microsoft DNS server generates predictable DNS transaction IDs. If the
server is configured to allow recursive queries it is possible to insert
fake records in the DNS cache (DNS cache poisoning) by guessing the next
transaction ID that the server will use and sending a spoofed DNS reply
to the server. To observe the transaction IDs an attacker needs to
control a DNS server that is authoritative for some domain and to be
able to send a recursive queries to the caching Microsoft DNS server.
When an attacker sends a recursive query to a caching name server, the
caching server will find the server authoritative for the zone and send
form of a "light IM client".
A vulnerability was discovered in these three popular versions of AOL
Instant Messaging software, AIM 6.1 (and 6.2 beta), AIM Pro and AIM Lite,
which expose workstations running the IM clients and their users to
several immediate high-risk attack vectors. To support rendering of HTML
content, the vulnerable IM clients use an embedded Internet Explorer
server control. Unfortunately they do not properly sanitize the
potentially malicious input content to be rendered and, as a result, an
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
form of a "light IM client".
A vulnerability was discovered in these three popular versions of AOL
Instant Messaging software, AIM 6.1 (and 6.2 beta), AIM Pro and AIM Lite,
which expose workstations running the IM clients and their users to
several immediate high-risk attack vectors. To support rendering of HTML
content, the vulnerable IM clients use an embedded Internet Explorer
server control. Unfortunately they do not properly sanitize the
potentially malicious input content to be rendered and, as a result, an
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
Unauthenticated Java Servlet Access
+----------------------------------
A number of sensitive Java Servlets delivered via a Java Servlet
framework in the Cisco Telepresence Multipoint Switch could allow a
remote, unauthenticated attacker to perform actions that should be
restricted to administrative users only. The attacker would need the
ability to submit a crafted request to an affected device on TCP port
80, 443, or 8080.
An attacker must perform a three-way TCP handshake and establish a
will communicate with the TNS Listener sending update packets
(TNS_TYPE_DATA packets) to specify the load of the database, the number
of currently connected users, etc... Every one minute or, as most, every
10 minutes (Higher database load, lower update period).
This way, an attacker is able to register any instance in the remote TNS
listener and connections to the registered instance will be routed to
the attackers machine but, is this interesting? Well, not very
“exciting”. But, what occurs if an attacker tries to register one
already registered instance's name or service name? The TNS listener
will consider this newer registered instance name a cluster instance
Unauthenticated CGI Access
Multiple CGI command injection vulnerabilities exist in Cisco
TelePresence endpoint devices that could allow a remote,
authenticated attacker to execute arbitrary commands with elevated
privileges. To exploit these vulnerabilities, an attacker must submit
a malformed request to an affected device via TCP port 8082.
An attacker must perform a three-way TCP handshake and establish a
valid session to exploit this vulnerability.
- linux-ti-omap4: Linux kernel for OMAP4 devices
Details:
Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
39| $ip = "UNKNOWN";
40| }
41| return( $ip );
42| }
So, an attacker can spoof his IP, he just have to create
an HTTP packet, add a special header, and send it. The
HTTP packet will look's like this:
GET /index.php HTTP/1.1\r\n
Host: localhost\r\n
###############################################################################
1. Arbitrary File Upload Vulnerability in "documenthandler.php"
###############################################################################
Reasons: Missing security checks in file upload functionality
Attack vectors: Uploaded file
Preconditions: Logged in as admin with FoxyPress product editing privileges
Php script "documenthandler.php" line 14:
------------------------[ source code start ]----------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reasons:
1. unsanitized user submitted parameter "origmsg" is used in sql query
Preconditions:
1. attacker must be logged in as valid user
Test:
http://localhost/torrenttrader109/account-inbox.php?msg=1&receiver=waraxe&origmsg=foobar&delete=yes
###############################################################################
1. Local File Inclusion in "maincore.php"
###############################################################################
Reason: insufficient sanitization of user-supplied data
Attack vector: user-supplied POST parameter "user_theme"
Preconditions:
1. Logged in as valid user
2. "Allow users to change theme" option must be activated (it is by default)
3. PHP must be < 5.3.4 for null-byte attacks to work
checksum with DES session keys for version 2 (RFC 4121) of the GSS-API
krb5 mechanism.
MIT krb5 (releases krb5-1.7 and newer) incorrectly accepts an unkeyed
checksum for PAC signatures. Running exclusively krb5-1.8 or newer
KDCs blocks the attack.
MIT krb5 KDC (releases krb5-1.7 and newer) incorrectly accepts RFC
3961 key-derivation checksums using RC4 keys when verifying the
req-checksum in a KrbFastArmoredReq.
all the necessary changes.
Details follow:
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dan Jacobson discovered that ThinkPad video output was not correctly access
controlled. A local attacker could exploit this to hang the system, leading
USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update
provides the corresponding updates for Ubuntu 9.04 and 9.10, along with
additional updates affecting Firefox 3.6.6.
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)
An integer overflow was discovered in how Firefox processed plugin
Xulrunner 1.9.2.
Original advisory details:
If was discovered that Firefox could be made to access freed memory. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS. (CVE-2010-1121)
Several flaws were discovered in the browser engine of Firefox. If a
all the necessary changes.
Details follow:
Gleb Napatov discovered that KVM did not correctly check certain privileged
operations. A local attacker with access to a guest kernel could exploit
this to crash the host system, leading to a denial of service.
(CVE-2010-0435)
Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
| are sold and purchased the accounts are automatically updated.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Overview:
Several issues have been found in SQL-Ledger which might lead to attacks
on the confidentiality and availability of business-critical data stored
within SQL-Ledger.
Fraunhofer SIT advises to use SQL-Ledger only in non-critical application
scenarios with low security requirements. Furthermore, risk mitigation in
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
While doing a quick sweep over the code base of FreeWebshop.org (FWS)
several vulnerabilities have been found in FWS. These vulnerabilities
allow attackers to obtain arbitrary information from the webserver and
database. It is even possible to execute arbitrary code with the
privileges of FWS. In some cases it may even be possible to fully
compromise the system on which FWS is installed. Most of these issues
are related to the fact that FWS fully trusts the content of the cookies
that it receives. These issues were discovered within a very small
the Web Hacking Incidents Database Project we have collected numerous new
incidents, listed below. It is very evident that both the rate of incidents
as well the amount of information about each one is on the rise.
We have also started adding more classifications to each incident. In
addition to the attack method we now track for each incident its geography,
the outcome of the attack and the industry sector it occured at. We are
going to use this information in the our first annual Web Incidents summary
report to be issued in early January.
So if you know of a web hacking incident that you feel should be in the
the Web Hacking Incidents Database Project we have collected numerous new
incidents, listed below. It is very evident that both the rate of incidents
as well the amount of information about each one is on the rise.
We have also started adding more classifications to each incident. In
addition to the attack method we now track for each incident its geography,
the outcome of the attack and the industry sector it occured at. We are
going to use this information in the our first annual Web Incidents summary
report to be issued in early January.
So if you know of a web hacking incident that you feel should be in the
> the Web Hacking Incidents Database Project we have collected numerous new
> incidents, listed below. It is very evident that both the rate of incidents
> as well the amount of information about each one is on the rise.
>
> We have also started adding more classifications to each incident. In
> addition to the attack method we now track for each incident its geography,
> the outcome of the attack and the industry sector it occured at. We are
> going to use this information in the our first annual Web Incidents summary
> report to be issued in early January.
>
> So if you know of a web hacking incident that you feel should be in the
the Web Hacking Incidents Database Project we have collected numerous new
incidents, listed below. It is very evident that both the rate of incidents
as well the amount of information about each one is on the rise.
We have also started adding more classifications to each incident. In
addition to the attack method we now track for each incident its geography,
the outcome of the attack and the industry sector it occured at. We are
going to use this information in the our first annual Web Incidents summary
report to be issued in early January.
So if you know of a web hacking incident that you feel should be in the
Next Page>>
|
