Next Page >>
reference
On Tue, 27 May 2008, security curmudgeon wrote:
> No mention of CVE-2008-1035 in the [CORE] advisory other than the header
> CVE name reference. BID seems to have split the three vulnerabilities,
> but given two of them the same CVE. CVE does not have descriptions open
> yet.
The descriptions are below - for CVE-2008-2006, we merged on the rough
criteria of "insufficient validation of a length field".
Title: CA20090429-01: CA ARCserve Backup Apache HTTP Server
Multiple Vulnerabilities
CA Advisory Reference: CA20090429-01
CA Advisory Date: 2009-04-29
Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion
Multiple Vulnerabilities
CA Advisory Reference: CA20090126-01
CA Advisory Date: 2009-01-26
CA Advisory Updated: May 12, 2009
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion
Multiple Vulnerabilities
CA Advisory Reference: CA20090126-01
CA Advisory Date: 2009-01-26
In either way, it is our hope that the increased awareness and the release
of IE8 and php5.3 will reduce - if not eliminate - the risk of such mime
sniffing attacks in the future.
V References
====================================================
[1] Barth, Caballero, Song: "Secure Content Sniffing for Web Browsers, or
How to Stop Papers from Reviewing Themselves"; in IEEE Security &
Privacy (Oakland 2009)
Title: CA20090107-01: CA Service Metric Analysis and CA Service
Level Management smmsnmpd Arbitrary Command Execution
Vulnerability
CA Advisory Reference: CA20090107-01
CA Advisory Date: 2009-01-07
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting
Vulnerability
CA Advisory Reference: CA20090615-02
CA Advisory Date: 2009-06-15
http://www.adobe.com/products/flashplayer
II. DESCRIPTION
Remote exploitation of a invalid object reference vulnerability in Adobe
Systems Inc.'s Flash Player could allow an attacker to execute arbitrary
code with the privileges of the current user.
During the processing of a Shockwave Flash file, a particular object can
be created, along with multiple references that point to the object. The
allowed, the username and a ciphered challenge/response will be sent to
the IP_OR_HOSTNAME specified.
Internet Explorer reacts different when a requested resource is directly
accessed or when it's found after a redirection. If a page hosted in
domain A makes a reference to a resource located at domain B, the user
will be prompted to download this file from the B domain. But if the
resource is requested, for example, in the following way:
/-----------
3.2. The ``execute'' command
:exe[cute] {expr1} .. Executes the string that results from the evaluation
of {expr1} as an Ex command.
-- Vim Reference Manual (eval.txt)
``execute'' is similar e.g. to the ``eval'' command of the POSIX shell. As Vim
Script doesn't allow variables as arguments to commands, only literals,
``execute'' is very popular:
available updates and the `distribution definition files' [1], which contain
information encoded in XML and JavaScript, defining every aspect of the
user experience, when installing an update.
When OS X checks for new updates, it first contacts swscan.apple.com
to receive the XML catalog file. This file references the distribution
definition files, which can reside on another server. Software Update
receives these files and calls some of the JavaScript functions to check,
if the update is suited for the local machine.
The catalog file and the distribution definition files are both received
II. Problem Description
Microsoft Office documents can carry URLs as clickable
references. The target of URLs given in the document
are stored in word/_rels/document.xml.rels inside
the OOXML ZIP container. Inside you will see the
hyperlink, referenced by an internal ID and the target.
The target can be changed without invalidating the signature.
At least in the GUI a hyperlink's target is shown to the user.
>=20
>=20
> VI. Correction details
>=20
>=20
> A closer look into the references section of the XML signature=20
>=20
> used by Microsoft Office (stored in the File=20
>=20
> _xmlsignatures\sig1.xml) reveals that the file core.xml is=20
>=20
required in that the victim must visit a malicious website or be coerced
into opening a malicious document.
The specific flaw exists within the way that Mozilla's Firefox parses
.XUL files. While appending a particular tag to a treechildren
container, the application will create more than one reference to a
particular element without increasing its reference count. Upon removal
of one of the elements, the refcount will be decreased causing the
application to free the memory associated with the object. Due to the
rogue reference occurring, the next time the application attempts to
reference that container, the application will access memory that has
Information disclosure vulnerability in Drupal's Realname User Reference
Widget contributed module (version 6.x-1.0)
Discovered by Martin Barbella <barbella@sas.upenn.edu>
Description of Vulnerability:
-----------------------------
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide variety
of content on a website (http://drupal.org/about).
services, servers, and other network hardware."
[Zabbix Server : Remote command execution]
Impacted software : Zabbix Server
Zabbix reference : https://support.zabbix.com/browse/ZBX-1030
Patched version : 1.8
Faulty source code : function node_process_command() in
zabbix_server/trapper/nodecommand.c
http://www.adobe.com/products/flashplayer
II. DESCRIPTION
Remote exploitation of an invalid Loader object reference vulnerability
in Adobe Systems Inc.'s Flash Player could allow an attacker to execute
arbitrary code with the privileges of the current user.
During the processing of a Shockwave Flash file, an object can be
created, along with multiple references that point to the object. The
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
References: SUN ALERT ID: 246286 (CVE-2008-5349), 254569 (CVE-2009-1093, CVE-2009-1094), 254570 (CVE-2009-1095, CVE-2009-1096), 254571 (CVE-2009-1097, CVE-2009-1098, CVE-2009-1099), 254608 (CVE-2009-1100), 254609 (CVE-2009-1101), 254610 (CVE-2009-1102), 254611 (CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.15 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.21 or earlier
Microsoft Office Excel Malformed Records Stack Buffer Overflow
TSL ID : FSC20090609-01
Reference: http://telussecuritylabs.com/threats/show/FSC20090609-01
1. Affected Software
Microsoft Office Excel 2000
Microsoft Office Excel 2002
Versions: See below
Severity: High
Author: Timothy D. Morgan <tmorgan {a} vsecurity.com>
Vendor Status: Patch Released [3]
CVE Candidate: CVE-2008-2086
Reference: http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup LDBserver
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1942
93
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
Solution Document Reference APARs:
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA Service Desk
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=186585
Solution Document Reference APARs:
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup for Laptops and Desktops
Server LGServer
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721
7. Within the patch directory run the following command:
./utility/iiinstaller
Please check the $II_SYSTEM/ingres/files/patch.log file to
make sure the patch was applied successfully. Also check the
$II_SYSTEM/ingres/version.rel to make sure the patch is
referenced.
Note: The patch can also be installed silently using the ‘-m'
flag with iiinstaller:
./utility/iiinstaller -m
8. Once the patch install has been complete, re-link the iimerge
binary with the following command:
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for
CA Host-Based Intrusion Prevention System SDK
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=182496
Next Page>>
|
