Next Page >>
implemented
Local users could cause arbitrary CIFS shares to be mounted by introducing
malicious redirects.
CVE-2010-3875
Vasiliy Kulikov discovered an issue in the Linux implementation of the
Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to
sensitive kernel memory.
CVE-2010-4075
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2010-3875
Vasiliy Kulikov discovered an issue in the Linux implementation of the
Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to
sensitive kernel memory.
CVE-2011-0695
to compress the ipcomp payload, which is expanded and then routed as requested.
Although the CPI field is 16 bits wide, in reality only 1 algorithm is widely
implemented, RFC1951 DEFLATE (cpi=2).
It's well documented that ipcomp can be used to traverse perimeter filtering,
however this document discusses potential implementation flaws observed in
popular stacks.
The IPComp implementation originating from NetBSD/KAME implements injection of
unpacked payloads like so:
Release Notes -- Apache Jackrabbit -- Version 1.5.2
Introduction
------------
Apache Jackrabbit is a fully conforming implementation of the Content
Repository for Java Technology API (JCR). A content repository is a
hierarchical content store with support for structured and unstructured
content, full text search, versioning, transactions, observation, and
more. See the Jackrabbit web site at http://jackrabbit.apache.org/ for
more information.
Last update: 2009-04-07
Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder
[CVE-2009-0844]
SPNEGO implementation can read beyond buffer end
CVSSv2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 8.5
Exposures project identifies the following problems:
CVE-2007-1306
"Mu Security" discovered that a NULL pointer deference in the SIP
implementation could lead to denial of service.
CVE-2007-1561
Inria Lorraine discovered that a programming error in the SIP
implementation could lead to denial of service.
used by the SMB protocol [2].
Windows systems commonly use the SMB protocol with NTLM authentication
for network file/printer sharing and remote administration via DCE/RPC.
Flaws in Microsoft's implementation of the NTLM challenge-response
authentication protocol causing the server to generate duplicate
challenges/nonces and an information leak allow an unauthenticated
remote attacker without any kind of credentials to access the SMB
service of the target system under the credentials of an authorized
user. Depending on the privileges of the user, the attacker will be able
Though Internet technology has evolved, the building blocks are basically
the same core protocols adopted by the ARPANET more than two decades ago.
During the last twenty years many vulnerabilities have been identified in
the TCP/IP stacks of a number of systems. Some were flaws in protocol
implementations which affect only a reduced number of systems. Others were
flaws in the protocols themselves affecting virtually every existing
implementation. Even in the last couple of years researchers were still
working on security problems in the core protocols.
The discovery of vulnerabilities in the TCP/IP protocols led to reports
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Thomas Pollet discovered that the RDS network protocol did not
check certain iovec buffers. A local attacker could exploit this
Tavis Ormandy discovered that the Linux kernel did not properly implement
exception fixup. A local attacker could exploit this to crash the kernel,
leading to a denial of service. (CVE-2010-3086)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
Affected Products
=================
Products that cache DNS responses and process DNS messages with the
recursion desired (RD) flag set may be vulnerable to a DNS cache
poisoning attack depending on implementation of the DNS protocol.
Products that process DNS messages with the RD flag set will attempt to
answer the question asked on behalf of the client. A product is only
affected if using a vulnerable implementation of the DNS protocol, the
DNS server functionality for the product is enabled, and the DNS feature
for the product is configured to process recursive DNS query messages.
- ---------------------------------------------------------------------
Summary
=======
A vulnerability exists in the Cisco IOS software implementation of
Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS
software releases.
Several features enable the L2TP mgmt daemon process within Cisco IOS
software, including but not limited to Layer 2 virtual private
this vulnerability to cause a denial of service (oops).
CVE-2009-2903
Mark Smith discovered a memory leak in the appletalk
implementation. When the appletalk and ipddp modules are loaded,
but no ipddp"N" device is found, remote attackers can cause a
denial of service by consuming large amounts of system memory.
CVE-2009-2908
Nokia N70/N73 Bluetooth Stack OBEX Implementation Denial of Service
------------------------------------------------------------------
I. Summary
Nokia N70 and N73 are two popular models from Nokia's N-series lineup of smart phones. A flaw has been found in the OBEX implementation in these two models, which is related to illegal characters in the Name header of a PUT request in an OBEX session. These characters can't be handled properly by the OBEX implementation and will cause denial of service (phone lockup) if exploited successfully.
------------------------------------------------------------------
II. Description
controls through classes like CHtmlEditView or CHtmlEditDoc.
Some of the advantages of using MSHTML are that it provides a particular,
feature-rich and somewhat complete support for DHTML and also that it is
easier to host Microsoft ActiveX Controls. However, in the context of this
advisory, such advantages may end up becoming security problems due to
design flaws and implementation bugs.
There are two particular characteristics in the implementation of the
described functionality that turn AIM‟s highly flexible message-content
features into high-risk attack vectors for its users.
First, the vulnerable IM clients do most of the sanitizing/filtering and
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Kees Cook discovered that the ethtool interface did not correctly clear
kernel memory. A local attacker could read kernel heap memory, leading to a
Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation.
Synopsis
Enomaly ECP up to and including v3.0.4 is believed to contain an insecure
silent update mechanism that could allow a remote attacker to execute
arbitrary code as root, and to inject or modify VM workloads for execution
within user environment or to replay older, insecure workloads.
Both the Enomaly ECP implementation and the VMcasting protocol itself are
controls through classes like CHtmlEditView or CHtmlEditDoc.
Some of the advantages of using MSHTML are that it provides a particular,
feature-rich and somewhat complete support for DHTML and also that it is
easier to host Microsoft ActiveX Controls. However, in the context of this
advisory, such advantages may end up becoming security problems due to
design flaws and implementation bugs.
There are two particular characteristics in the implementation of the
described functionality that turn AIM‟s highly flexible message-content
features into high-risk attack vectors for its users.
First, the vulnerable IM clients do most of the sanitizing/filtering and
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4108 CVE-2011-4109 CVE-2011-4354
CVE-2011-4576 CVE-2011-4619
Several vulnerabilities were discovered in OpenSSL, an implementation
of TLS and related protocols. The Common Vulnerabilities and
Exposures project identifies the following vulnerabilities:
CVE-2011-4108
The DTLS implementation performs a MAC check only if certain
Cisco ASA Syslog Message 305006 Denial of Service Vulnerability
+--------------------------------------------------------------
A denial of service (DoS) vulnerability exists in the implementation
of one specific system log (syslog) message (message ID 305006), that
could cause a reload of the Cisco ASA if this syslog message needs to
be generated.
Syslog message ID 305006 is generated when the Cisco ASA is unable to
Internet?s building blocks are basically the same core protocols adopted
by the ARPANET more than two decades ago.
During the last twenty years, many vulnerabilities have been identified
in the TCP/IP stacks of a number of systems. Some of them were based on
flaws in some protocol implementations, affecting only a reduced number
of systems, while others were based in flaws in the protocols
themselves, affecting virtually every existing implementation. Even in
the last couple of years, researchers were still working on security
problems in the core protocols.
dereference vulnerabilities.
CVE-2009-2903
Mark Smith discovered a memory leak in the appletalk
implementation. When the appletalk and ipddp modules are loaded,
but no ipddp"N" device is found, remote attackers can cause a
denial of service by consuming large amounts of system memory.
CVE-2009-2908
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101
Several vulnerabilities have been identified in OpenJDK, an
implementation of the Java SE platform.
Creation of large, temporary fonts could use up available disk space,
leading to a denial of service condition (CVE-2006-2426).
Several vulnerabilities existed in the embedded LittleCMS library,
Replay attack on CAPTCHA Libraries
Summary
A CAPTCHA implementation that we tested were found to be vulnerable to
replay attacks. The attack is explained in detail for Formshield � A
popular DOT NET CAPTCHA implementation.
NOTE: We discovered this during a Black Box engagement with one of our
clients. The version which is vulnerable is an older version of
a local user to gain elevated privileges.
CVE-2009-2909
Arjan van de Ven discovered an issue in the AX.25 protocol
implementation. A specially crafted call to setsockopt() can
result in a denial of service (kernel oops).
CVE-2009-3001
Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE
Replay attack on CAPTCHA Libraries
Summary
A CAPTCHA implementation that we tested were found to be vulnerable to
replay attacks. The attack is explained in detail for Formshield – A
popular DOT NET CAPTCHA implementation.
NOTE: We discovered this during a Black Box engagement with one of our
clients. The version which is vulnerable is an older version of
corruption, or, under extraordinarily unlikely conditions, arbitrary
code execution. Only releases krb5-1.3 and later are vulnerable, as
earlier releases did not contain the functionality implemented by the
vulnerable code.
This is an implementation vulnerability in MIT krb5, and is not a
vulnerability in the Kerberos protocol.
IMPACT
======
6.0.18.[7] and added this vulnerability to the Apache Tomcat security
pages[8]. Releases for 5.5.x and 4.1.x will follow shortly. The Tomcat
vulnerability had been announced by Ryeo [9] but the full implications
remained undisclosed.
During the course of research, the Glassfish implementation was determined
not to be vulnerable to the specific exploit identified and reported by
OuTian/Ryeo. However, all implementations which accept overlong paths,
including Glassfish, remain vulnerable insofar as any access control is
implemented at the proxy or gateway layer of an http service. Apache Tomcat
release 6.0.18 is no longer vulnerable with respect to its URI path, as
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
The X.25 implementation does not properly parse facilities, which
allows remote attackers to cause a denial of service (heap memory
corruption and panic) or possibly have
unspecified other impact via malformed data, a different vulnerability
than CVE-2010-4164. (CVE-2010-3873)
Next Page>>
|
