Archiv für 5. Februar 2010
UplusFtp Server FTP Command Buffer Overflow Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
UplusFtp Server FTP Command Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38470 VERIFY ADVISORY: http://secunia.com/advisories/38470/ DESCRIPTION: b0telh0 has discovered a vulnerability in UplusFtp Server, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the processing of FTP commands and can be exploited to [...]
LANDesk Management Gateway Cross-Site Scripting and Request Forgery Vulnerabilities
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
LANDesk Management Gateway Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA38474 VERIFY ADVISORY: http://secunia.com/advisories/38474/ DESCRIPTION: Some vulnerabilities have been reported in LANDesk Management Gateway, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. [...]
Drupal Node Export Module PHP Code Execution Security Issue
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
Drupal Node Export Module PHP Code Execution Security Issue SECUNIA ADVISORY ID: SA38449 VERIFY ADVISORY: http://secunia.com/advisories/38449/ DESCRIPTION: A security issue has been reported in the Node Export module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. The security issue is caused due to the application allowing users to execute [...]
WebSphere Application Server “Requires SSL” Option Security Issue
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
WebSphere Application Server “Requires SSL” Option Security Issue SECUNIA ADVISORY ID: SA38425 VERIFY ADVISORY: http://secunia.com/advisories/38425/ DESCRIPTION: A security issue has been reported in WebSphere Application Server, which can potentially lead to disclosure of sensitive information. The security issue is caused due to an error in the handling of configuration data, which can lead to the [...]
SystemTap Buffer Overflow Vulnerabilities
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
SystemTap Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA38426 VERIFY ADVISORY: http://secunia.com/advisories/38426/ DESCRIPTION: Some vulnerabilities have been reported in SystemTap, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerabilities are caused due to boundary errors within the “__get_argv()” and “__get_compat_argv()” functions in tapset/aux_syscall.stp, [...]
Schwachstelle ermöglicht Ausführung von beliebigem Code
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
CERT-Bund Meldung —————– KURZINFO CB-K10/0049 Titel: Novell NetStorage: Schwachstelle ermöglicht Ausführung von beliebigem Code Datum: 05.02.2010 Software: Novell Netware 6.5 SP8 Plattform: UNIX, Linux Auswirkung: Ausführen beliebigen Programmcodes mit den Rechten des Dienstes Remoteangriff: Ja Risiko: niedrig Bezug: http://www.novell.com/support/viewContent.do?externalId=7005282 BESCHREIBUNG Novell Netware ist ein Serverbetriebssystem, das von Novell entwickelt wurde. NetStorage dient dem Dateizugriff über [...]
Automatisches Ausführen von Java-Binärdateien
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
CERT-Bund Meldung —————– KURZINFO CB-K10/0048 Titel: Sun JDK: Automatisches Ausführen von Java-Binärdateien Datum: 05.02.2010 Software: Sun JDK Plattform: Unix, Linux Auswirkung: Ausführen beliebigen Programmcodes mit Benutzerrechten Remoteangriff: Nein Risiko: niedrig Bezug: http://www.tat.physik.uni-tuebingen.de/~rguenth/linux/binfmt_misc.html BESCHREIBUNG Mit der Installation des Sun JDK Paketes wird nun auch vermehrt bei Linux-Distributionen (u.a. RedHat, CentOS und OpenSuSE) das Kernel-Modul binfmt_misc und [...]
Schwachstelle ermöglicht Informationsabfluss
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
CERT-Bund Meldung —————– KURZINFO CB-K10/0047 Titel: Microsoft Internet Explorer: Schwachstelle ermöglicht Informationsabfluss Datum: 05.02.2010 Software: Microsoft Internet Explorer <= 8 Plattform: Windows Auswirkung: Ausspähen von Informationen Remoteangriff: Ja Risiko: hoch Bezug: http://www.microsoft.com/technet/security/advisory/980088.mspx BESCHREIBUNG Der Internet Explorer ist der Web Browser von Microsoft. Microsoft hat am Mittwoch, den 03.02.2010, ein Security Advisory veröffentlicht, in dem eine [...]
Drupal Menu Breadcrumb Module Script Insertion Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
Drupal Menu Breadcrumb Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA38456 VERIFY ADVISORY: http://secunia.com/advisories/38456/ DESCRIPTION: A vulnerability has been reported in the Menu Breadcrumb module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via certain blocks is not properly sanitised before being displayed to the user. This [...]
Microsoft Internet Explorer Local File Disclosure Vulnerabilities
Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 5. Februar 2010
Microsoft Internet Explorer Local File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA38416 VERIFY ADVISORY: http://secunia.com/advisories/38416/ DESCRIPTION: Two vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose sensitive information. 1) An error in URLMON when handling redirections can be exploited to bypass domain restrictions and disclose the content of arbitrary [...]
