Fedora 15 : wireshark-1.4.6-1.fc15 (2011-5621)

Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html and http://www.wireshark.org/docs/relnotes/wireshark-1.4.6.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

Debian DSA-2223-1 : doctrine - SQL injection

It was discovered that Doctrine, a PHP library for implementing object persistence, contains SQL injection vulnerabilities. The exact impact depends on the application which uses the Doctrine library. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Fedora 15 : perl-5.12.3-156.fc15 (2011-4631)

Security bug: lc launder tainted data http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 Cwd.so should go the subpackage. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Google Chrome 10.0.648.205之前版本存在多个安全漏洞

Bugtraq ID: 47377 CVE ID：CVE-2011-1300,CVE-2011-1301,CVE-2011-1302 Google Chrome是一款流行的WEB浏览器。 Google Chrome存在多个安全漏洞允许攻击者以应用程序权限执行任意指令。 CVE-2011-1300： CNCVE ID：CNCVE-20111300 CNCVE-20111300 GPU进程存在一个三字节触发错误，可能导致任意代码执行，此漏洞仅影响windows平台。 CVE-2011-1301： CNCVE ID：CNCVE-20111300 CNCVE-20111300...

Microsoft Excel Office Art远程代码执行漏洞(MS11-021)

BUGTRAQ ID: 47226 CVE ID: CVE-2011-0979 Microsoft Excel是由Microsoft为Windows和Apple Macintosh操作系统的电脑而编写和运行的一款试算表软件。 Microsoft Excel在实现上存在缓冲区溢出漏洞，远程攻击者可利用此漏洞以当前用户权限执行任意代码，造成拒绝服务。 Microsoft Office Excel处理特制Excel文件的方式中存在一个远程执行代码漏洞，成功利用此漏洞的攻击者便可完全控制受影响的系统。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户 Microsoft...

Linux Kernel EFI分区拒绝服务漏洞

Bugtraq ID: 47343 Linux是一款开放源代码的操作系统。 不管是否启用了自动安装，Linux内核会自动评测存储设备的分区表。评测EFI GUID分区表存在一个缓冲区溢出，可导致内核触发oops而崩溃。 Linux kernel 2.6.38 Linux kernel 2.6.37 Linux kernel 2.6.37 Linux kernel 2.6.36 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.34 Linux kernel 2.6.34 Linux...

MS11-021 / MS11-022 / MS11-023: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489279 / 2489283 / 2489293) (Mac OS X)

The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Office file, these issues could be leveraged to execute arbitrary code subject to the user's...

Fedora 14 : exim-4.72-2.fc14 (2010-12375)

This update fixes the following security flaws : - CVE-2010-2023 exim: hard-link following vulnerability in mailbox handling - CVE-2010-2024 exim: race condition when MBX locking is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Linux Kernel 'inotify_init1()'两次释放本地拒绝服务漏洞

Bugtraq ID: 47296 CVE ID：CVE-2011-1479 Linux是一款开放源代码的操作系统。 "inotifyinit1"系统调用实现存在一个两次释放错误，本地攻击者可以利用漏洞使内核崩溃。 Linux kernel 2.6.37 Linux kernel 2.6.36 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.34 Linux kernel 2.6.34 Linux kernel 2.6.33 .1 Linux kernel 2.6.33 Linux...

McAfee Firewall Reporter 'GernalUtilities.pm'验证绕过漏洞

Bugtraq ID: 47306 McAfee Firewall Reporter用于集中处理企业范围内McAfee网关安全设备的日志和审计数据。 负责验证用户的代码存在缺陷。GernalUtilities.pm包含的代码通过解析Cookie值来验证会话是否合法。在检查特定文件只判断是否存在而没有检查其内容。使用目录遍历技术攻击者可以把cgisess cookie值指向任意服务器上存在的文件，绕过验证。 0 McAfee Firewall Reporter 5.1.0.6 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息：...

Fedora 13 : dbus-1.2.24-2.fc13 (2010-19178)

You need to reboot to apply this update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Linux Kernel SCTP INIT/INIT-ACK块长度远程拒绝服务漏洞

Bugtraq ID: 47308 Linux是一款开放源代码的操作系统。 在计算INIT/INIT-ACK块长度时，代码只计算了参数长度，而没有计算参数的零填充长度，如AUTH HMACS参数和CHUNKS参数。没有计算零填充长度参数可导致内核触发oops。 Linux kernel 2.6.38 Linux kernel 2.6.37 Linux kernel 2.6.37 Linux kernel 2.6.36 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.35 Linux kernel 2.6.34 Linux...

VMware Workstation 'vmrun' Library Path Privilege Escalation Vulnerability (Linux)

The host is installed with VMWare Workstation local privilege escalation vulnerability. OpenVAS Vulnerability Test $Id: gbvmwareworkstationlocprevesclvulnlin.nasl 7044 2017-09-01 11:50:59Z teissa $ VMware Workstation 'vmrun' Library Path Privilege Escalation Vulnerability Linux Authors: Antu Sana...

Nokia E75固件锁码验证绕过漏洞

Bugtraq ID: 47022 Nokia E75是一款诺基亚生产的智能移动设备。 Nokia E75锁码lock code用于保护手机不被越权访问，但存在一个未明错误，在启动阶段使用特定键序列和绕过锁定功能访问设备。 Nokia E75 厂商解决方案 Nokia E75 211.12.01已经修复此漏洞，建议用户升级固件： http://www.nokia.com...

Mac OS X Multiple Vulnerabilities (Security Update 2011-001)

The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11 C Tenable Network...

Symantec LiveUpdate Administrator Cross-Site Request Forgery

SUMMARY Symantecs LiveUpdate Administrator LUA is susceptible to a cross-site request forgery vulnerability which could result in the execution of HTML or script code in the context of the admins browser. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec LiveUpdate Administrator...

PHP "substr_replace()"释放后重用远程内存破坏漏洞

BUGTRAQ ID: 46843 CVE ID: CVE-2011-1148 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的"substrreplace"函数在实现上存在释放后重用远程内存破坏漏洞，远程攻击者可利用此漏洞在网络服务器中执行任意代码，造成拒绝服务。 此漏洞源于在将同一个变量多次发送到"substrreplace"函数时，PHP会使该函数中的三个变量使用同一个指针，所以当函数中的类型转换更改了该指针，该指针也会使其他变量无效。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁： PHP ---...

Fedora 14 : pidgin-2.7.11-1.fc14 (2011-3113)

New release 2.7.11 Full Upstream ChangeLog : http://developer.pidgin.im/wiki/ChangeLog Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible withou...

Fedora 13 : clamav-0.97-1300.fc13 (2011-2741)

Update to 0.97 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...

Fedora 14 : clamav-0.97-1400.fc14 (2011-2743)

Update to 0.97 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...