Next Page >>
condition
TCP Connection Exhaustion Denial of Service Vulnerability
+--------------------------------------------------------
Cisco ASA 5500 Series Adaptive Security Appliances may experience a TCP
connection exhaustion condition (no new TCP connections are accepted)
that can be triggered through the receipt of specific TCP segments
during the TCP connection termination phase. Appliances that are running
versions 7.1.x, 7.2.x, 8.0.x, 8.1.x, and 8.2.x are affected when they
are configured for any of the following features:
software.
Whenever vulnerable software open or process a malformed FLAC file, they
use the size fields for reference points to allocate memory (malloc) and
write the contents of these files into those memory buffers. Setting
these values to an overly large value, such as 0xFFFFFFFF, could cause
an exploitable condition. Passing a size of 0xFFFFFFFF would cause a
malloc(0) immediately followed by a buffer overflow on the read. This
results in an exploitable heap overflow. Exploitation is dependent on
the data allocation location, heap structure and error handlers of the
affected software. After overwriting a large amount of memory and
pointers with arbitrary data, code execution could then be redirected to
The Certificate Trust List (CTL) Provider service of Cisco Unified
Communications Manager version 5.x contains a memory consumption
vulnerability that occurs when a series of malformed TCP packets are
received by a vulnerable Cisco Unified Communications Manager system
and may result in a DoS condition. The CTL Provider service listens
by default on TCP port 2444 and is user configurable. The CTL
Provider service is enabled by default. There is a workaround for
this vulnerability. The vulnerability is fixed in Cisco Unified
Communications Manager version 5.1(3). The vulnerability is
documented in Cisco Bug ID CSCsj80609 and has been assigned the
The Certificate Trust List (CTL) Provider service of Cisco Unified
Communications Manager version 5.x contains a memory consumption
vulnerability that occurs when a series of malformed TCP packets are
received by a vulnerable Cisco Unified Communications Manager system
and may result in a DoS condition. The CTL Provider service listens
by default on TCP port 2444 and is user configurable. The CTL
Provider service is enabled by default. There is a workaround for
this vulnerability. The vulnerability is fixed in Cisco Unified
Communications Manager version 5.1(3). The vulnerability is
documented in Cisco Bug ID CSCsj80609 and has been assigned the
Security Advisory
===============/========================================================
Advisory ID: CAU-2008-0001
Release Date: 04/01/2008
Title: Slowly Closing Door Race Condition
Application/OS: Physical Structures
Topic: Physical structures employing exit doors with locks
are vulnerable to a race condition.
Vendor Status: Not Notified
Attributes: Physical, Race Condition
-------------------
PROOF OF CONCEPT:
-------------------
<<<<---------++++++++++++++ Condition: magic quotes=OFF +++++++++++++++++--------->>>>
<<<<---------++++++++++++++ Condition: {db_prefix} by default: cms +++++++++++++++++--------->>>>
[++] GET var --> 'username'
CVE-2009-1155.
Crafted HTTP Packet DoS Vulnerability
+------------------------------------
A crafted SSL or HTTP packet may cause a DoS condition on a Cisco
ASA device that is configured to terminate SSL VPN connections. This
vulnerability can also be triggered to any interface where ASDM access
is enabled. A successful attack may result in a reload of the device. A
TCP three-way handshake is not needed to exploit this vulnerability.
Overview:
This issue was originally discovered by Douglas Nascimento of
Datacom and published in Microsoft security bulletin MS06-007 on
Feburary 14th 2006 and subsequently updated March 17th 2006. A
condition exists with the Microsoft IP stack wherein a specially
crafted IGMP packet causes a denial of service condition. In
Microsoft's original advisory, Windows CE was omitted as a
vulnerable platform; however, In Symantec's testing it was
discovered that Windows CE 5.01 (shipped as part of the Windows
Mobile 5 PocketPC and SmartPhone editions) is vulnerable. Symantec
collision
Description:
A variety of programming languages suffer from a denial-of-service (DoS)
condition against storage functions of key/value pairs in hash data
structures, the condition can be leveraged by exploiting predictable
collisions in the underlying hashing algorithms.
The issue finds particular exposure in web server applications and/or
frameworks. In particular, the lack of sufficient limits for the number of
* Affected versions: 0.92
* Overwiew:
1) ClamAV uses own functions to create temporary files. One such routine is
vulnerable to a race condition attack.
2) ClamAV fails to properly check for base64-UUEncoded files, allowing
bypassing of the scanner through the use of such files.
3) The sigtool utility included in the ClamAV distribution fails to handle
the **** with a desired query). For exp. "aa' OR 1=1 OR '1'='1" will
show everything
in the search response page.
This vulenarability can be used for extracting admin password by
Blind SQL Injection.
Using "aa' OR @Condition OR 'a'='1" as the injection vector, the
result page for the search
will be empty if @Condition be false and will show all links if
@Condition be true.
So we can replace @Condition with a query like
EXISTS (SELECT * FROM blazedb.dbo.aspnet_Membership WHERE
Hash: SHA1
Aruba Networks Security Advisory
Title: Malformed 802.11 Association Request frame causes Denial of
Service condition on an Access Point.
Aruba Advisory ID: AID-102609
Revision: 1.0
For Public Release on 10/26/2009
------------------------------------------------------------------------
PulseAudio local race condition privilege escalation vulnerability
------------------------------------------------------------------------
Yorick Koster, June 2009
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
The PulseAudio binary is affected by a local race condition. If the
#2009-014 Android denial-of-service issues
Description:
Android, an open source mobile phone platform, is affected by two bugs
that lead to denial-of-service (DoS) conditions.
Two separate DoS issues have been independently reported to oCERT.
The most recent report concerns Android handling of SMS messages: a
specific malformed SMS message can be crafted to trigger a condition that
: 2. Vulnerability Summary
:
: A remotely exploitable vulnerability has been discovered in the Apache
: Connector component of Oracle BEA WebLogic Server. Specifically, the
: vulnerability is due to a boundary error when processing incoming HTTP
: requests and can lead to a buffer overflow condition. This boundary
: error can lead to a Denial of Service (DoS) condition for the Apache
: HTTP server.
:
: 3. Vulnerability Analysis
:
Description
------------
PHP version 5.3.1 was just released. This release contains a patch for a
denial of service condition we've reported on 27 October 2009. The
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).
When you send a POST request to a PHP script with the content-type of
"multipart/form-data" and include a list of files in that request, PHP
will create a temporary file for each file from the request. PHP will
attack (up to 1.8.2). No authentication required.
IV. DESCRIPTION
-------------------------
Zabbix API uses a function called DBcondition() (definded in
include/db.inc.php) to format conditions in WHERE clause of an SQL query
The function expects sanitized data and does not perform any additional
checks:
function DBcondition($fieldname, &$array, $notin=false, $string=false){
Summary
=======
The Cisco Content Switching Modules (CSM) and Cisco Content Switching
Module with SSL (CSM-S) contain two vulnerabilities that can lead to
a denial of service (DoS) condition. The first vulnerability exists
when processing TCP packets, and the second vulnerability affects
devices with service termination enabled.
Cisco has made free software available to address these
vulnerabilities for affected customers.
0000000013rxrLogin~~administrator
The single argument ("administrator") is copied into a buffer size of
0x1AC on the stack using wsprintfW, however no string length checks are
performed. By sending an overly long username as part of the first
authentication request, an exploitable condition is reached.
Vulnerability 2: Authentication Password Overflow
Another stack-based buffer overflow exists within the authentication
portion of rxRPC.dll which is accessible via TCP/1900. A sample
IBM DB2 Universal Database Multiple Race Condition Vulnerabilities
iDefense Security Advisory 08.16.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 16, 2007
I. BACKGROUND
IBM Corp.'s DB2 Universal Database product is a large database server
product commonly used for high end databases. For more information,
(DoS) vulnerability in the BlueCat Networks Adonis DNS/DHCP
Appliance. When XHA is configured to place two Adonis
servers in an active-passive pair to provide high
availability, a remote attacker can transmit a single UDP
datagram to crash the heartbeat control process. This can
be used for example to create an active/active condition in
the cluster pair.
Software Version
----------------
Public disclosure date: 12/10/2010
Type of vulnerability: Denial of Service, Buffer Overflow
Exploit Vectors: Local and Remote
Vulnerability Description: The application is vulnerable to a Denial of Service (DoS) condition due to a buffer overflow encountered when an attacker sends a specially crafted UDP packet to either port 514/UDP or port 513/UDP of the Syslog server. The DoS condition is experienced as a result of sending a large amount of data in the Syslog PRI message header field. The length of data sent to the field causes the application to stop responding and terminates the “SysEvttCol.exe” process on the affected target.
Tested on: Windows XP, SP1, with EventLog Analyzer version 6.1 default installation.
Affected software versions: ManageEngine EventLog Analyzer version 6.1 (previous versions may also be vulnerable)
Impact: Successful exploitation of the described vulnerability will cause a DoS to legitimate users and applications. The DoS condition will result in the loss of centralized Syslog message collection, and may reduce the detection capability of the affected organization for identifying follow-on attacks and monitoring critical system messages. Additionally, a skilled attacker may be able to leverage the buffer overflow condition to execute arbitrary commands in the context of the account the application is running as.
Advisory # 1:
TITLE
Malformed 802.11 Probe Request frame causes Denial of Service condition
on an Access Point.
SUMMARY
A Denial of Service (DoS) vulnerability was discovered during standard
+---------------------------------------------
A remote code execution vulnerability exists within Cisco
TelePresence Recording Server devices. This vulnerability could allow
an unauthenticated, adjacent attacker to trigger a buffer overflow
condition. To exploit this vulnerability, the attacker must submit a
malicious Cisco Discovery Protocol packet to the affected system.
Because Cisco Discovery Protocol works at the data-link layer (Layer
2), an attacker must have a way to submit an Ethernet frame directly
to an affected device. This may be possible in situations where the
lead to a denial of service. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2007-6712
Johannes Bauer discovered an integer overflow condition in the hrtimer
subsystem on 64-bit systems. This can be exploited by local users to
trigger a denial of service (DoS) by causing the kernel to execute an
infinite loop.
CVE-2008-1615
II. DESCRIPTION
Remote exploitation of a buffer overflow vulnerability in the web server
component of IBM Corp.'s Tivoli Provisioning Manager for OS Deployment
allows attackers to cause a denial of service condition or potentially
execute arbitrary code with SYSTEM privileges.
This vulnerability specifically exists within the logging functionality
of the web server component. By making requests with a large HTTP
request method, an attacker can cause a static-sized buffer to be
Successful exploitation of the ACE Device Manager and ANM invalid
directory permission vulnerabilities may allow unauthorized access to
view or modify the ACE Device Manager or ANM file system, including host
operating system files. Modification of some system files could result
in a denial of service condition.
Exploitation of the ANM default user credential and ANM MySQL database
default credential vulnerabilities may allow an attacker to gain
unauthorized system access. Modification of ANM settings with the
default user credentials could result in a denial of service condition.
vulnerable function, an integer value is read from the file. This value
is later used in an arithmetic integer calculation. Since no validation
is performed, an integer overflow can occur. This results in the
allocation of a buffer that is too small to hold the data that is
subsequently read from the file. A heap buffer overflow occurs, leading
to an exploitable condition.
III. ANALYSIS
Exploitation of this vulnerability allows attackers to execute arbitrary
code. In order to exploit this vulnerability, the attacker must somehow
* Instant Messenger Inspection Vulnerability
* Vulnerability Scan Denial of Service
* Control-plane Access Control List Vulnerability
The first four vulnerabilities may lead to a denial of service (DoS)
condition and the fifth vulnerability may allow an attacker to bypass
control-plane access control lists (ACL).
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
////////////////////////
#########################
<<<<---------++++++++++++++ Condition: Nothing +++++++++++++++++--------->>>>
-------
INTRO:
-------
Next Page>>
|
