design error
info
———————————
Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities
Class: Design Error && Input Validation Error
CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954
Remote: Yes
Local: No
Credit : Javier Bassi <javierbassi [at] gmail [dot] com>
Vulnerable : All versions prior to and including 0.8.0c are affected.
Vendor Hompeage : http://postrev.com.ar
Release mode: Forced Release
*Vulnerability Information*
Class: Design Error
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 25659
CVE Name: CVE-2007-4901
http://www.snort.org/
II. DESCRIPTION
Remote exploitation of a design error vulnerability in Snort, as
included in various vendors' operating system distributions, could
allow an attacker to bypass filter rules.
Due to a design error vulnerability, Snort does not properly reassemble
fragmented IP packets. When receiving incoming fragments, Snort checks
Release mode: Forced Release
*Vulnerability Information*
Class: Design Error
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 25659
CVE Name: CVE-2007-4901
* Date: March 11, 2008
* Site: http://www.astalavista.com
* Mail: glafkos@astalavista.com
* ishtus@astalavista.com
*
* Synopsis: DUC NO-IP is prone to an information disclosure vulnerability due to a design error.
* Attackers can exploit this issue to obtain sensitive information including tray password,
* web username, password and hostnames that may lead to further attacks.
*
* Note: Vendor has been notified long time ago confirming a design error.
* Vendor site: http://www.no-ip.com
http://www.debian.org/security/ Noah Meyerhans
February 06, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : net-snmp
Vulnerability : design error
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-5846
The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote
https://www.sdn.sap.com/irj/sdn/maxdb
II. DESCRIPTION
Local exploitation of a design error in the "sdbstarter" program, as
distributed with SAP AG's MaxDB, could allow attackers to elevate
privileges to root.
This vulnerability exists due to a design error in the handling of
certain environment variables. These variables are used to specify the
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect23/release/notes/anyconnect23rn.html
II. DESCRIPTION
Remote exploitation of a design error within Cisco Systems Inc's
AnyConnect VPN client allows attackers to execute arbitrary code with
the privileges of a user running Internet Explorer.
The vulnerability exists within the ActiveX control with the following
identifiers:
* CzechSec reported that specially crafted font files can lead to an
overflow in the imageloadfont() function in ext/gd/gd.c, which is
part of the GD extension (CVE-2008-3658).
* Maksymilian Arciemowicz of SecurityReason Research reported that a
design error in PHP's stream wrappers allows to circumvent safe_mode
checks in several filesystem-related PHP functions (CVE-2008-2665,
CVE-2008-2666).
* Laurent Gaffie discovered a buffer overflow in the internal
memnstr() function, which is used by the PHP function explode()
Vulnerability overview:
-----------------------
Local exploitation of a design error in SonicWALLs Global Security
Client could allow attackers to obtain increased privileges.
Vulnerability description:
--------------------------
http://www.akamai.com/html/solutions/electronic_software_delivery.html
II. DESCRIPTION
Remote exploitation of a design error in Akamai Technologies, Inc's
Download Manager allows attackers to execute arbitrary code in the
context of the current user.
The ActiveX control version has the following identifiers:
http://www.oracle.com/technology/products/database/application_express/index.html
II. DESCRIPTION
Local exploitation of a design error vulnerability in Oracle Corp.'s
Application Express web application development tool allows attackers
to gain elevated privileges.
The vulnerability exists in "run_ddl" function within the
"wwv_execute_immediate" package. This package is included in the
https://www.sdn.sap.com/irj/sdn/maxdb
II. DESCRIPTION
Local exploitation of a design error in the "sdbstarter" program, as
distributed with SAP AG's MaxDB, could allow attackers to elevate
privileges to root.
This vulnerability exists due to a design error in the handling of
certain environment variables. These variables are used to specify the
http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=is&pvid=nis2008
II. DESCRIPTION
Remote exploitation of a design error in an ActiveX control installed
with Symantec Norton Internet Security 2008 could allow for the
execution of arbitrary code.
Norton Internet Security 2008 installs the following ActiveX control
which is registered as safe for scripting:
component starts a service (Intel File Transfer) that listens on TCP
port 12174.
II. DESCRIPTION
Remote exploitation of a design error vulnerability in Symantec Corp.'s
Symantec System Center may allow an attacker to execute arbitrary code
with SYSTEM privileges.
The vulnerability exists within the 'Intel File Transfer' service, which
runs the xfr.exe application. When sent a properly formatted request,
http://www.sun.com/software/chilisoft/index.xml
II. DESCRIPTION
Remote exploitation of design error in Sun Microsystem's Java System
Active Server Pages allows attackers to bypass administration server
authentication mechanisms.
The vulnerability exists due to improper design of the ASP application
server. The administration application server exists as a stand-alone
Vulnerability Explaination
=======================================
Let's wait for the Cisco response, so, we'll have a better understanding on this
issue. Meanwhile...
I think this is a design error because ACE XML doesn't have in mind that the
client could probably be in the same network segment internally, so, it receives
the request, which cannot be processed, and throws an error message disclosing
an internal IP address.
According to the ACE XML Gateway User Guide, Log Messages chapter, the listed
_BUT_, in a browser announced with such a massive hoopla about how it's
been double-especially-extra-security-hardened from the outset, _that
something more obviously sensible_ was not the _shipping default
configuration_ is gob-stoppingly stupid; a fundamentally noob-ish design
error.
In short, something that does not bode well for the product living up to
the marketing hype.
Oh, and slapping the standard "we're Google so couldn't be arsed
Reference: http://office.microsoft.com/en-us/excel/default.aspx
2. Vulnerability Summary
A remotely exploitable vulnerability has been discovered in Microsoft Office Excel products. Specifically, the vulnerability is due to a design error encountered when parsing Excel files which contain malformed records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file.
3. Vulnerability Analysis
A remote attacker can exploit the vulnerability by sending a malicious Excel file to the target system and enticing the target user to open it. A successful code execution attempt will result in the execution of arbitrary code within the security privileges of the currently logged in user. An unsuccessful attack attempt will result in abnormal termination of the Microsoft Office Excel application.
http://www.microsoft.com/technet/sysinternals/utilities/debugview.mspx
II. DESCRIPTION
Local exploitation of a design error vulnerability in Microsoft's
DebugView could allow attackers to execute arbitrary kernel code.
As part of its design, DebugView loads a kernel module Dbgv.sys. This
module includes functionality that can be abused to copy user supplied
data into the kernel, to controlled addresses. This allows malicious
|
