Inter5.Org Research » Advisories

Vuln: WebKit ‘font-face’ and ‘use’ Elements Use-After-Free Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities — Thu, 29 Jul 2010 18:00:00 +0000

WebKit ‘font-face’ and ‘use’ Elements Use-After-Free Remote Code Execution Vulnerability

Vuln: WebKit ‘foreignObject’ Elements Use-After-Free Remote Code Execution Vulnerability

SecurityFocus Vulnerabilities — Thu, 29 Jul 2010 18:00:00 +0000

WebKit ‘foreignObject’ Elements Use-After-Free Remote Code Execution Vulnerability

Vuln: Whizzy CMS ‘whizzycms1001.php’ Local File Include Vulnerability

SecurityFocus Vulnerabilities — Thu, 29 Jul 2010 18:00:00 +0000

Whizzy CMS ‘whizzycms1001.php’ Local File Include Vulnerability

secunia-autonomycfp.txt

Packet Storm Security Advisories — Thu, 29 Jul 2010 12:25:00 +0000

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

secunia-autonomywkssr.txt

Packet Storm Security Advisories — Thu, 29 Jul 2010 05:25:22 +0000

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

secunia-autonomyrtfsigned.txt

Packet Storm Security Advisories — Thu, 29 Jul 2010 05:25:13 +0000

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the \\ls keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

secunia-autonomywosr.txt

Packet Storm Security Advisories — Thu, 29 Jul 2010 05:25:04 +0000

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

secunia-wkssriu.txt

Packet Storm Security Advisories — Thu, 29 Jul 2010 05:24:47 +0000

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

secunia-autonomykvindex.txt

Packet Storm Security Advisories — Thu, 29 Jul 2010 00:45:11 +0000

Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

secunia-autonomykvrp.txt

Packet Storm Security Advisories — Thu, 29 Jul 2010 00:44:59 +0000

Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.

MDVSA-2010-142.txt

Packet Storm Security Advisories — Thu, 29 Jul 2010 00:44:42 +0000

Mandriva Linux Security Advisory 2010-142 – The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

Vuln: OpenLDAP ‘modrdn’ Request Multiple Vulnerabilities

SecurityFocus Vulnerabilities — Wed, 28 Jul 2010 23:00:00 +0000

OpenLDAP ‘modrdn’ Request Multiple Vulnerabilities

Vuln: RETIRED: Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities

SecurityFocus Vulnerabilities — Wed, 28 Jul 2010 23:00:00 +0000

RETIRED: Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities

Vuln: ZABBIX ‘formatQuery()’ Cross Site Scripting Vulnerability

SecurityFocus Vulnerabilities — Wed, 28 Jul 2010 23:00:00 +0000

ZABBIX ‘formatQuery()’ Cross Site Scripting Vulnerability

Mandriva: 2010:142: openldap

LinuxSecurity.com - Security Advisories — Wed, 28 Jul 2010 15:18:00 +0000

LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in openldap:
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not
check the return value of a call to the smr_normalize function, which
allows remote attackers to cause a denial of service (segmentation
[More...]

Vuln: ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability

SecurityFocus Vulnerabilities — Wed, 28 Jul 2010 15:00:00 +0000

ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability

Vuln: Pointdev IDEAL Migration & IDEAL Administration ‘.ipj’ File Stack Buffer Overflow Vulnerability

SecurityFocus Vulnerabilities — Wed, 28 Jul 2010 13:00:00 +0000

Pointdev IDEAL Migration & IDEAL Administration ‘.ipj’ File Stack Buffer Overflow Vulnerability

Vuln: Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities

SecurityFocus Vulnerabilities — Wed, 28 Jul 2010 13:00:00 +0000

Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities

Red Hat: 2010:0567-01: lvm2-cluster: Moderate Advisory

LinuxSecurity.com - Security Advisories — Wed, 28 Jul 2010 11:10:00 +0000

LinuxSecurity.com: An updated lvm2-cluster package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]

MDVSA-2010-140.txt

Packet Storm Security Advisories — Wed, 28 Jul 2010 02:34:58 +0000

Mandriva Linux Security Advisory 2010-140 – This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version.