Next Page >>
leaked
A vulnerability found in the Virtual PC hypervisor invalidates this
assumption and undermines the effectiveness of anti-exploitation
mechanisms such as DEP, SafeSEH and ASLR. Incorrect memory management by
the VMM of Virtual PC makes portions of the VMM worker memory available
for read or read/write access to user-space processes running in a Guest
OS. Leaked memory pages are mapped on the Guest OS at virtual addresses
above the 2GB limit which shouldn't be accessible for user-space programs.
The 'vpdumper' tool can be used to demonstrate the problem.
/-----
Security Appliances and Cisco PIX Security Appliances. This security
advisory outlines details of these vulnerabilities:
* Windows NT Domain Authentication Bypass Vulnerability
* IPv6 Denial of Service Vulnerability
* Crypto Accelerator Memory Leak Vulnerability
Note: These vulnerabilities are independent of each other. A device may
be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these
This security advisory outlines details of the following
vulnerabilities:
* Erroneous SIP Processing Vulnerabilities
* IPSec Client Authentication Processing Vulnerability
* SSL VPN Memory Leak Vulnerability
* URI Processing Error Vulnerability in SSL VPNs
* Potential Information Disclosure in Clientless VPNs
Note: These vulnerabilities are independent of each other. A device
may be affected by one vulnerability and not affected by another.
* Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor
32, Supervisor 720, or Route Switch Processor 720
http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
* Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Affected Products
================
PHP Vulnerabilities
-------------------
MOPS-2010-040: PHP strtr() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/
MOPS-2010-039: PHP strpbrk() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/
by MITRE in your advisories. Below is what I have been able to collect.
> Vulnerabilities in PHP
> ----------------------
>
> MOPS-2010-017: PHP preg_quote() Interruption Information Leak
> Vulnerability - http://bit.ly/cUYsbj
> MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak
> Vulnerability - http://bit.ly/bwT28V
> MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak
> Vulnerability - http://bit.ly/a3BonY
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Content Switching Module Memory Leak
Vulnerability
Advisory ID: cisco-sa-20080514-csm
http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml
(VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used
in certain Cisco IOS releases prior to 12.3. PPTP is only one of the
supported tunneling protocols used to tunnel PPP frames within the
VPDN solution.
The first vulnerability is a memory leak that occurs as a result of
PPTP session termination. The second vulnerability may consume all
interface descriptor blocks on the affected device because those
devices will not reuse virtual access interfaces. If these
vulnerabilities are repeatedly exploited, the memory and/or interface
resources of the attacked device may be depleted.
Vulnerability - http://bit.ly/d4v9ft
Vulnerabilities in PHP
----------------------
MOPS-2010-017: PHP preg_quote() Interruption Information Leak
Vulnerability - http://bit.ly/cUYsbj
MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak
Vulnerability - http://bit.ly/bwT28V
MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak
Vulnerability - http://bit.ly/a3BonY
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Content Switching Module Memory Leak
Vulnerability
Advisory ID: cisco-sa-20080514-csm
http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml
III. ANALYSIS
Summary:
A) "Dump Servlet" information leak
(Affected versions: Any)
B) "FORM Authentication demo" information leak
(Affected versions: Any)
exploited without authentication to cause a denial of service
condition. Both vulnerabilities affect both Cisco IOS WebVPN and
Cisco IOS SSLVPN features:
1. Crafted HTTPS packet will crash device.
2. SSLVPN sessions cause a memory leak in the device.
Cisco has released free software updates that address these
vulnerabilities.
There are no workarounds that mitigate these vulnerabilities.
http://www.debian.org/security/ Dann Frazier
September 10, 2011 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491
CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723
http://www.debian.org/security/ Moritz Muehlenhoff, Dann Frazier
September 8, 2011 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491
CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723
Summary
=======
Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS that can be exploited remotely to
trigger a memory leak or to cause a reload of the IOS device.
Cisco has released free software updates that address these
vulnerabilities. Fixed Cisco IOS software listed in the Software
Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
http://www.debian.org/security/ Dann Frazier
November 5, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-2846 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849
CVE-2009-2903 CVE-2009-2908 CVE-2009-2909 CVE-2009-2910
CVE-2009-3001 CVE-2009-3002 CVE-2009-3228 CVE-2009-3238
http://www.debian.org/security/ dann frazier
October 22, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-2695 CVE-2009-2903 CVE-2009-2908 CVE-2009-2909
CVE-2009-2910 CVE-2009-3001 CVE-2009-3002 CVE-2009-3286
CVE-2009-3290 CVE-2009-3613
http://www.debian.org/security/ dann frazier
May 6, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service/privilege escalation/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-4307 CVE-2008-5395 CVE-2008-5701 CVE-2008-5702
CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031
CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676
http://www.debian.org/security/ dann frazier
September 22, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209
CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491
CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
Thierry Zoller <Thierry@Zoller.lu> wrote:
> According to a Bugzilla entry memory is also leaked during the process.
>
> So let's recap, we have a function that generates key material and looping
> causes memory to leak. One might think this should be important enough to
> investigate, especially if you know that for DSA for instance, only a few
> bits of k can reveal an entire private key. [3]
>
> Note: I am not saying the memory leaks include key material, seeing the
> lack of interest this bugzilla ticket triggered, I have not considered
ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-198
June 14, 2011
-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
-- Affected Vendors:
Summary
=======
Cisco IOS Software contains a vulnerability when the Cisco IOS SSL
VPN feature is configured with an HTTP redirect. Exploitation could
allow a remote, unauthenticated user to cause a memory leak on the
affected devices, that could result in a memory exhaustion condition
that may cause device reloads, the inability to service new TCP
connections, and other denial of service (DoS) conditions.
Cisco has released free software updates that address this
for free.
II. Description
~~~~~~~~~~~~~~~
This bug is a simple design bug that results in an endless loop (and interesting
memory leaks).
Once upon a time Netscape thought it would be a great idea to add the keygen tag
(<keygen>) as a feature to their Browser. The keygen tag offers a simple way
of automatically generating key material using various algorithms. For instance
it is possible to generate RSA, DSA and EC key material.
and fixed:
- TLS: MITM attacks via session renegotiation (CVE-2009-3555).
- Loader-constraint table allows arrays instead of only the b
ase-classes (CVE-2010-0082).
- Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084).
- File TOCTOU deserialization vulnerability (CVE-2010-0085).
- Inflater/Deflater clone issues (CVE-2010-0088).
- Unsigned applet can retrieve the dragged information before drop
action occurs (CVE-2010-0091).
- AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
http://www.debian.org/security/ dann frazier
Aug 21, 2008 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service/information leak
Problem type : several
Debian-specific: no
CVE Id(s) : CVE-2007-6282 CVE-2008-0598 CVE-2008-2729 CVE-2008-2812
CVE-2008-2826 CVE-2008-2931 CVE-2008-3272 CVE-2008-3275
http://www.debian.org/security/ dann frazier
Sep 11, 2008 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526
CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915
--------------------------------------------------------
IRM Security Advisory 025
TIBCO Rendezvous RVD Daemon Remote Memory Leak DoS
Vulnerability Type / Importance: Remote DoS / High
Problem Discovered: 16 April 2007
Vendor Contacted: 16 April 2007
Advisory Published: 29 November 2007
http://www.debian.org/security/ dann frazier
May 15, 2009 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : denial of service/privilege escalation/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-0028 CVE-2009-0834 CVE-2009-0835 CVE-2009-0859
CVE-2009-1046 CVE-2009-1072 CVE-2009-1184 CVE-2009-1192
CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338
http://www.debian.org/security/ Dann Frazier
February 27, 2010 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6.24
Vulnerability : privilege escalation/denial of service/sensitive memory leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726
CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021
CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538
iL> The vulnerability exists in the kernel ioctl() handler for FIFOs. The
iL> I_PEEK ioctl is used to peek at a number of bytes contained in the FIFO
iL> without actually removing them from the queue. One of the arguments to
iL> this command, which represents the number of bytes to peek, is a signed
iL> integer value. Since this parameter is not properly validated, a
iL> negative value can cause large amounts of kernel memory to be leaked.
Can you please clarify this issue? According to subject it looks like
information leak (information disclosure) issue, while according to
description, it looks more like memory leak (Denial of Service) issue.
Next Page>>
|
