|
 |
| Sun, Jul 27th | home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop | 01:55 UTC |
|
|
login « register « recover password « |
|
|
|
[«] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [»]
It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code. Fixed packages are available from security.debian.org. Links: security.debian.org
Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. Fixed packages are available from security.debian.org. Links: security.debian.org
The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in the Java Management Extensions (JMX) management agent, when local monitoring is enabled. This allowed remote attackers to perform illegal operations. Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. A Java Runtime Environment (JRE) vulnerability could be triggered by an untrusted application or applet. A remote attacker could grant an untrusted applet extended privileges such as reading and writing local files, or executing local programs. Several buffer overflow vulnerabilities in Java Web Start were reported. These vulnerabilities may allow an untrusted Java Web Start application to elevate its privileges and thereby grant itself permission to read and/or write local files, as well as to execute local applications accessible to the user running the untrusted application. Two file processing vulnerabilities in Java Web Start were found. A remote attacker, by means of an untrusted Java Web Start application, was able to create or delete arbitrary files with the permissions of the user running the untrusted application. A vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in the Java Management Extensions (JMX) management agent, when local monitoring is enabled. This allowed remote attackers to perform illegal operations. Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. Several vulnerabilities in the Java API for XML Web Services (JAX-WS) client and service implementation were found. A remote attacker who caused malicious XML to be processed by a trusted or untrusted application was able access URLs or cause a denial of service. A JRE vulnerability could be triggered by an untrusted application or applet. A remote attacker could grant an untrusted applet or application extended privileges such as being able to read and write local files, or execute local programs. Several vulnerabilities within the JRE scripting support were reported. A remote attacker could grant an untrusted applet extended privileges such as reading and writing local files, executing local programs, or querying the sensitive data of other applets. A vulnerability in Java Web Start was found. A remote attacker was able to create arbitrary files with the permissions of the user running the untrusted Java Web Start application. Another vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX® socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Ruby is an interpreted scripting language for quick and easy object-oriented programming. Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
IBM's 1.4.2 SR11 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. A buffer overflow flaw was found in Java Web Start (JWS). An untrusted application using the Java Network Launch Protocol (JNLP) could access local files or execute local applications accessible to the user running the JRE. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Sergei Golubchik discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, nor would it (under proper conditions) prevent two databases from using the same paths for data or index files. This permits an authenticated user with authorization to create tables in one database to read, write or delete data from tables subsequently created in other databases, regardless of other GRANT authorizations. Fixed packages are available from security.debian.org. Links: security.debian.org
Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context or signed JAR archives. "moz_bug_r_a4" discovered that XUL documements can escalate privileges by accessing the pre-compiled "fastload" file. "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceweasel itself is not affected, but some addons are. Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. Masahiro Yamada discovered that file URLS in directory listings were insufficiently escaped. John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings secure connections. Greg McManus discovered discovered a crash in the block reflow code, which might allow the execution of arbitrary code. Fixed packages are available from security.debian.org. Links: security.debian.org
Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including a number of security bugs. Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-privileged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. Security research firm Astabis, via the iSIGHT Partners GVP Program, reported a vulnerability in Mozilla's block reflow code. This vulnerability could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com
The bind daemon is responsible for resolving hostnames in IP addresses and vice versa. The new version of bind uses a random transaction-ID (TRXID) and a random UDP source-port for DNS queries to address DNS cache poisoning attacks possible because of the "birthday paradox" and an attack discovered by Dan Kaminsky. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com
It was discovered that poppler, a PDF rendering library, did not properly handle embedded fonts in PDF files, allowing attackers to execute arbitrary code via a crafted font object. Fixed packages are available from security.debian.org. Links: security.debian.org
OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Pidgin is a multi-protocol Internet Messaging client. An integer overflow flaw was found in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's BIND 9 packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. Fixed packages are available from security.debian.org. Links: security.debian.org
The Linux kernel on the SUSE Linux Enterprise 10 Service Pack 1 line of products was updated to fix quite a number of security problems. A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine. On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. An information leakage during core dumping of root processes was fixed. An SMP ordering problem in fcntl_setlk that could potentially allow local attackers to execute code by timing file locking was fixed. A dnotify race condition was fixed, which could be used by local attackers to potentially execute code. A ptrace bug could be used by local attackers to hang their own processes indefinitely. The "direction" flag is now cleared before calling signal handlers to fix a potential memory corruption or code execution. The isdn_ioctl function in isdn_common.c allowed local users to cause a denial of service via a crafted ioctl struct in which ioctls is not null terminated, which triggers a buffer overflow. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com
Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. Fixed packages are available from security.debian.org. Links: security.debian.org
Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information. The XML-RPC implementation, when registration is enabled, allows remote attackers to edit posts of other blog users. Fixed packages are available from security.debian.org. Links: security.debian.org
Mozilla Firefox is an open source Web browser. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed web content was displayed. A web page containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
[«] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [»] |
|
