Next Page >>
denial of service attack
=======
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
* Unauthenticated Java Servlet Access
* Unauthenticated Arbitrary File Upload
* Cisco Discovery Protocol Remote Code Execution
* Unauthorized Servlet Access
* Java RMI Denial of Service
* Real-Time Transport Control Protocol Denial of Service
* XML-Remote Procedure Call (RPC) Denial of Service
Duplicate Issue Identification in Other Cisco TelePresence Advisories
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series switches and Cisco 7600 Series routers is affected by the
following vulnerabilities:
* Syslog Message Memory Corruption Denial of Service Vulnerability
* Authentication Proxy Denial of Service Vulnerability
* TACACS+ Authentication Bypass Vulnerability
* Sun Remote Procedure Call (SunRPC) Inspection Denial of Service
Vulnerabilities
* Internet Locator Server (ILS) Inspection Denial of Service
=======
Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities as follows:
* Three SunRPC Inspection Denial of Service Vulnerabilities
* Three Transport Layer Security (TLS) Denial of Service
Vulnerabilities
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* Transparent Firewall Packet Buffer Exhaustion Vulnerability
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* Routing Information Protocol (RIP) Denial of Service
Vulnerability
* Unauthorized File System Access Vulnerability
These vulnerabilities are independent; a release that is affected by
members, which might allow local users to obtain sensitive information
from kernel memory via unspecified vectors. (CVE-2009-3228)
The do_pages_move function in mm/migrate.c in the Linux kernel before
2.6.33-rc7 does not validate node values, which allows local users
to read arbitrary kernel memory locations, cause a denial of service
(OOPS), and possibly have unspecified other impact by specifying a
node that is not part of the kernel node set. (CVE-2010-0415)
The ATI Rage 128 (aka r128) driver in the Linux kernel before
2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)
members, which might allow local users to obtain sensitive information
from kernel memory via unspecified vectors. (CVE-2009-3228)
The do_pages_move function in mm/migrate.c in the Linux kernel before
2.6.33-rc7 does not validate node values, which allows local users
to read arbitrary kernel memory locations, cause a denial of service
(OOPS), and possibly have unspecified other impact by specifying a
node that is not part of the kernel node set. (CVE-2010-0415)
The ATI Rage 128 (aka r128) driver in the Linux kernel before
2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)
http://www.debian.org/security/ dann frazier
June 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655
CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726
CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078
* XML-Remote Procedure Call (RPC) Arbitrary File Overwrite
* Cisco Discovery Protocol Remote Code Execution
* Ad Hoc Recording Denial of Service
* Java Remote method Invocation (RMI) Denial of Service
* Unauthenticated XML-RPC Interface
Details follow:
It was discovered that MySQL incorrectly handled certain requests with the
UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit
this to make MySQL crash, causing a denial of service. This issue only
affected Ubuntu 9.10 and 10.04 LTS. (CVE-2010-2008)
It was discovered that MySQL incorrectly handled joins involving a table
with a unique SET column. An authenticated user could exploit this to make
MySQL crash, causing a denial of service. This issue only affected Ubuntu
Problem Description:
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
The X.25 implementation does not properly parse facilities, which
allows remote attackers to cause a denial of service (heap memory
corruption and panic) or possibly have
unspecified other impact via malformed data, a different vulnerability
than CVE-2010-4164. (CVE-2010-3873)
The bcm_connect function Broadcast Manager in the Controller Area
http://www.debian.org/security/ dann frazier
May 24, 2011 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726
CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080
CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170
Multiple vulnerabilities exist in the Cisco Wireless LAN Controller
(WLC) platforms. This security advisory outlines the details of the
following vulnerabilities:
* Malformed HTTP or HTTPS authentication response denial of service
vulnerability
* SSH connections denial of service vulnerability
* Crafted HTTP or HTTPS request denial of service vulnerability
* Crafted HTTP or HTTPS request unauthorized configuration
modification vulnerability
the package.xml file, related to the (1) download_dir, (2) cache_dir,
(3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,
CVE-2011-1144)
Ben Schmidt discovered that a use-after-free vulnerability in the PHP
Zend engine could allow an attacker to cause a denial of service (heap
memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)
Martin Barbella discovered a buffer overflow in the PHP GD extension
that allows an attacker to cause a denial of service (application crash)
via a large number of anti- aliasing steps in an argument to the
the package.xml file, related to the (1) download_dir, (2) cache_dir,
(3) tmp_dir, and (4) pear-build-download directories. (CVE-2011-1072,
CVE-2011-1144)
Ben Schmidt discovered that a use-after-free vulnerability in the PHP
Zend engine could allow an attacker to cause a denial of service (heap
memory corruption) or possibly execute arbitrary code. (CVE-2010-4697)
Martin Barbella discovered a buffer overflow in the PHP GD extension
that allows an attacker to cause a denial of service (application crash)
via a large number of anti- aliasing steps in an argument to the
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst
6500 Series ASA Services Module are affected by multiple
vulnerabilities as follows:
* MSN Instant Messenger (IM) Inspection Denial of Service
vulnerability
* TACACS+ Authentication Bypass vulnerability
* Four SunRPC Inspection Denial of Service vulnerabilities
* Internet Locator Service (ILS) Inspection Denial of Service
vulnerability
Synopsis
========
Multiple vulnerabilities have been discovered in Ruby that allow for
attacks including arbitrary code execution and Denial of Service.
Background
==========
Ruby is an interpreted object-oriented programming language. The
http://www.debian.org/security/ dann frazier
November 26, 2010 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-2963 CVE-2010-3067 CVE-2010-3296 CVE-2010-3297
CVE-2010-3310 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442
CVE-2010-3448 CVE-2010-3477 CVE-2010-3705 CVE-2010-3848
The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick
a user into accepting an invalid server certificate for a spoofed
service. (CVE-2008-3532)
Pidgin 2.4.1 allows remote attackers to cause a denial of service
(crash) via a long filename that contains certain characters, as
demonstrated using an MSN message that triggers the crash in the
msn_slplink_process_msg function. (CVE-2008-2955)
The UPnP functionality in Pidgin 2.0.0, and possibly other versions,
http://www.debian.org/security/ dann frazier
January 30, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-0435 CVE-2010-3699 CVE-2010-4158 CVE-2010-4162
CVE-2010-4163 CVE-2010-4242 CVE-2010-4243 CVE-2010-4248
CVE-2010-4249 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346
to the bottom page of a shared memory segment, as demonstrated by a
memory-exhaustion attack against the X.Org X server. (CVE-2010-2240)
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel
does not properly restrict TCP_MAXSEG (aka MSS) values, which allows
local users to cause a denial of service (OOPS) via a setsockopt call
that specifies a small value, leading to a divide-by-zero error or
incorrect use of a signed integer. (CVE-2010-4165)
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel
does not initialize a certain structure, which allows local users to
Multiple vulnerabilities has been identified and fixed in php:
The _zip_name_locate function in zip_name_locate.c in the Zip extension
in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause
a denial of service (application crash) via an empty ZIP archive
that is processed with a (1) locateName or (2) statName operation
(CVE-2011-0421).
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms
performs an incorrect cast, which allows remote attackers to cause a
http://www.debian.org/security/ Dann Frazier
May 2, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : denial of service/privilege escalation/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700
CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029
CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322
advisory outlines details of these vulnerabilities:
* Crafted TCP ACK Packet Vulnerability
* Crafted TLS Packet Vulnerability
* Instant Messenger Inspection Vulnerability
* Vulnerability Scan Denial of Service
* Control-plane Access Control List Vulnerability
The first four vulnerabilities may lead to a denial of service (DoS)
condition and the fifth vulnerability may allow an attacker to bypass
control-plane access control lists (ACL).
Multiple vulnerabilities has been identified and fixed in php:
The _zip_name_locate function in zip_name_locate.c in the Zip extension
in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause
a denial of service (application crash) via an empty ZIP archive
that is processed with a (1) locateName or (2) statName operation
(CVE-2011-0421).
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms
performs an incorrect cast, which allows remote attackers to cause a
-----Original Message-----
From: Jan van Niekerk [mailto:jvnkrk@gmail.com]
Sent: Monday, September 29, 2008 10:37 PM
To: UniquE@unique-key.org
Cc: bugtraq@securityfocus.com
Subject: Re: MS Internet Explorer 7 Denial Of Service Exploit
This DOS works quite nicely on Konqueror / KDE 3.5.9 too.
jv.
Problem Description:
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
Multiple vulnerabilities has been discovered and corrected in libtiff:
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in
ImageMagick, does not properly handle invalid ReferenceBlackWhite
values, which allows remote attackers to cause a denial of service
(application crash) via a crafted TIFF image that triggers an array
index error, related to downsampled OJPEG input. (CVE-2010-2595)
Multiple integer overflows in the Fax3SetupState function in tif_fax3.c
in the FAX3 decoder in LibTIFF before 3.9.3 allow remote attackers to
Multiple vulnerabilities has been identified and fixed in ffmpeg:
oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
pointer arithmetic, which might allow remote attackers to obtain
sensitive memory contents and cause a denial of service via a crafted
file that triggers an out-of-bounds read. (CVE-2009-4632)
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
comparison operator was intended, which might allow remote attackers
to cause a denial of service and possibly execute arbitrary code via
Next Page>>
|
