LinuxХР Поддержка Клуб Линукс-ХР

Лицензионное ПО доступно каждому!



 
05.02.2010

Обнаруженные уязвимости с 29 января по 05 февраля 2009 года

    Оглавление


  1. Python Security Update Fixes Expat Denial of Service Vulnerabilities
  2. Wireshark Multiple buffer overflows
  3. Squid denial of service
  4. Apache HTTP Server Integer overflow
  5. Linux kernel Integer underflow in the e1000_clean_rx_irq function
  6. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability




    Возврат к списку


  1. Python Security Update Fixes Expat Denial of Service Vulnerabilities


    2. Description: Two vulnerabilities have been identified in Python, which could be exploited by attackers to cause a denial of service. These issues are caused by errors in Expat. For additional information, see
    Critical:--
    CVE:CVE-2009-3560 - CVE-2009-3720
    URL: http://www.vupen.com/english/advisories/2010/0262
    Date: 2010-02-01


    Возврат к списку


  2. Wireshark Multiple buffer overflows


    3. Description: Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
    Critical:--
    CVE:CVE-2010-0304
    URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0304
    Date: 2010-02-03


    Возврат к списку


  3. Squid denial of service


    4. Description: lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
    Critical:--
    CVE:CVE-2010-0308
    URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0308
    Date: 2010-02-03


    Возврат к списку


  4. Apache HTTP Server Integer overflow


    5. Description: Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
    Critical:--
    CVE:CVE-2010-0010
    URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010
    Date: 2010-02-03


    Возврат к списку


  5. Linux kernel Integer underflow in the e1000_clean_rx_irq function


    6. Description: Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
    Critical:--
    CVE:CVE-2009-1385
    URL: http://www.securityfocus.com/bid/35185
    Date: 2010-02-03


    Возврат к списку


  6. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability


    7. Description: The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
    References
    Critical:--
    CVE:CVE-2009-0834
    URL: http://www.securityfocus.com/bid/33951
    Date: 2010-02-02



    Возврат к списку

© «Linux ХР», 2008-2009. Тел. (495) 980-23-45   Контакты   Карта сайта   RSS   Разработка сайта: «Ксан-презентации», «Ума»