CA杀毒引擎arclib库多个内存破坏漏洞

BUGTRAQ ID: 36653 CVE ID: CVE-2009-3587,CVE-2009-3588 Computer Associates是世界领先的安全厂商，产品包括多种杀毒软件及备份恢复系统。 多个CA产品杀毒引擎所使用的arclib组件在解析畸形RAR压缩文件时存在堆或栈内存破坏，用户受骗打开恶意文件就会导致拒绝服务或执行任意指令。 Computer Associates eTrust Intrusion Detection 3.0 SP1 Computer Associates eTrust Intrusion Detection 3.0 Computer...

Fedora 10 : gnutls-2.4.2-5.fc10 (2009-8622)

This update fixes handling of NUL characters in certificate Common Name or subjectAltName fields especially in regards to comparsion to hostnames. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Linux Kernel O_EXCL NFSv4本地权限提升漏洞

BUGTRAQ ID: 36472 CVE ID: CVE-2009-3286 Linux Kernel是开放源码操作系统Linux所使用的内核。 当OEXCL创建文件失败时，Linux Kernel的NFSv4没有正确地清除inode。这导致以不安全的设置（如setuid位）创建文件，本地用户可以通过执行doopenpermission函数获得权限提升。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://git.kernel.org/linus/af85852d...

Linux Kernel AppleTalk-IP内存泄露拒绝服务漏洞

BUGTRAQ ID: 36379 CVECAN ID: CVE-2009-2903 Linux Kernel是开放源码操作系统Linux所使用的内核。 对于加载了appletalk和ipddp模块的Linux主机，在检查ipddpN设备时如果该设备不存在handleipoverddp函数会对atalkrcv函数返回-NODEV，之后atalkrcv函数直接将该值返回给调用程序。由于对不可接受的IP-DDP数据报缺少 kfreeskb调用，向目标主机发送足够多的AppleTalk-IP数据报就会耗尽可用的内核内存。 Linux kernel 2.6.x 厂商补丁： Linux -----...

Microsoft DHTML编辑组件ActiveX控件远程代码执行漏洞（MS09-046）

BUGTRAQ ID: 36280 CVECAN ID: CVE-2009-2519 Microsoft Windows是微软发布的非常流行的操作系统。 Windows所捆绑的DHTML编辑组件ActiveX控件（triedit.dll）在格式化HTML标记时存在错误。攻击者可以通过创建特制网页来利用这个漏洞，如果用户查看特制的网页，该漏洞可能允许远程执行指令。成功利用这些漏洞的攻击者可以获得与本地用户相同的用户权限。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP2...

OpenPro Remote File Inclusion Vulnerability

This host is installed with OpenPro and is prone to Remote File Inclusion vulnerability. OpenVAS Vulnerability Test $Id: gbopenprofileincvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ OpenPro Remote File Inclusion Vulnerability Authors: Nikita MR Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server

1. Advisory Information Title: Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server Advisory ID: CORE-2009-0820 Advisory URL:http://www.coresecurity.com/core-labs/advisories/dnsmasq-vulnerabilities Date published: 2009-08-31 Date of last update: 2009-08-31 Vendors contacted: Simon...

OpenForum 'profile.php' Authentication Bypass Vulnerability

This host is installed with OpenForum and is prone to Authentication Bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodopenforumauthbypassvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenForum 'profile.php' Authentication Bypass Vulnerability Authors: Nikita MR Copyright: Copyright c 20...

FreeBSD ftpd setusercontext()远程权限提升漏洞

BUGTRAQ ID: 36119 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD及其他一些BSD系统有一个用于设置用户上下文的功能，如FreeBSD中的setusercontext函数： setusercontextlc, pw, uidt0, LOGINSETLOGIN|LOGINSETGROUP|LOGINSETPRIORITY| LOGINSETRESOURCES|LOGINSETUMASK; 其中的LOGINSETRESOURCES设置允许用户设置资源。根据用户手册所述： LOGINSETRESOURCES...

Pidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption

The version of Pidgin installed on the remote host is earlier than 2.5.9. Such versions are reportedly affected by a vulnerability in 'msnslplinkprocessmsg'. Maliciously crafted MSN SLP messages can result in memory corruption. A remote attacker could use this to crash the client, or execute...

Linux Kernel binfmt_flat.c空指针引用拒绝服务漏洞

BUGTRAQ ID: 36037 CVECAN ID: CVE-2009-2768 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的flat子系统中fs/binfmtflat.c文件的loadflatsharedlibrary函数存在空指针应用错误。如果本地用户执行了共享的flat二进制程序的话，就可以触发这个错误，导致系统崩溃。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

libxml2栈溢出和释放后使用拒绝漏洞

BUGTRAQ ID: 36010 CVECAN ID: CVE-2009-2414,CVE-2009-2416 libxml2软件包提供允许用户操控XML文件的函数库，包含有读、修改和写XML和HTML文件支持。 libxml库处理DTD中根XML文档元素定义的方式存在栈溢出漏洞，解析Notation和Enumeration属性类型的方式存在多个释放后使用漏洞。远程攻击者可以提供特制的XML文件，如果本地用户受骗打开了该文件，就会导致拒绝服务（应用程序崩溃）。 XMLSoft Libxml2 = 2.6.26 厂商补丁： RedHat ------...

Microsoft Windows Telnet NTLM凭据反射绕过认证漏洞（MS09-042）

BUGTRAQ ID: 35993 CVECAN ID: CVE-2009-1930 Microsoft Windows是微软发布的非常流行的操作系统。 Telnet协议未正确地选择加入NTLM凭据反射保护以确保用户凭据不被反射回来并供用户使用。如果用户受骗连接到了恶意的Telnet服务器，就可能导致反射NTLM凭据并以当前用户的权限获得系统访问。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windo...

Microsoft Windows Workstation服务双重释放代码执行漏洞（MS09-041）

BUGTRAQ ID: 35972 CVECAN ID: CVE-2009-1544 Microsoft Windows是微软发布的非常流行的操作系统。 Workstation RPC服务在处理发送给NetrGetJoinInformation函数的参数时没有正确地释放内存，可能出现“双重释放”的情况。成功利用此漏洞的攻击者可以使用提升的权限运行任意指令。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2...

WordPress < 2.8.4 'wp-login.php' 'key' Parameter Remote Administrator Password Reset (uncredentialed check)

According to its version number, the version of WordPress running on the remote server has a flaw in the password reset mechanism. Validation of the secret user activation key can be bypassed by providing an array instead of a string. This allows anyone to reset the password of the first user in...

Fedora 10 : xml-security-c-1.5.1-1.fc10 (2009-8121)

Fixes CVE-2009-0217 511915 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenab...

Firebird SQL op_connect_request main listener shutdown Vulnerability

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Firebird SQL opconnectrequest main listener shutdown vulnerability 1. Advisory Information Title: Firebird SQL opconnectrequest mai...

Firebird SQL op_connect_request main listener shutdown Vulnerability

Exploit for unknown platform in category dos / poc ==================================================================== Firebird SQL opconnectrequest main listener shutdown Vulnerability ==================================================================== -----BEGIN PGP SIGNED MESSAGE----- Hash:...

Firebird SQL - op_connect_request main listener shutdown

Firebird SQL - opconnectrequest main listener shutdown -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Firebird SQL opconnectrequest main listener shutdown vulnerability 1. Advisory Information Title: Firebird SQL...

DD-WRT HTTP Daemon Metacharacter Injection Remote Code Execution

The remote web server is vulnerable to a command injection attack that may allow an attacker to execute arbitrary commands on the remote server usually with root privileges. An attacker can exploit this flaw to take complete ownership of the remote device. C Tenable Network Security, Inc...