Spyware, viruses, & security : VULNERABILITIES \ FIXES - November 6, 2009
- 11/6/09 6:40 AM
HTML-Parser Invalid HTML Entity Remote Denial of Service
by Carol~ - 11/6/09 7:36 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
Bugtraq ID: 36807
Class: Design Error
CVE: CVE-2009-3627
Remote: Yes
Local: No
Published: Oct 23 2009 12:00AM
Updated: Nov 06 2009 06:57AM
HTML-Parser is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected application that uses the module to fall into an infinite loop, denying service to legitimate users.
Versions prior to HTML-Parser 3.63 are vulnerable.
Solution:
Updates are available.
http://www.securityfocus.com/bid/36807/references
http://www.securityfocus.com/bid/36807/discuss
Alien Arena 'M_AddToServerList()' UDP Packet Buffer Overflow
by Carol~ - 11/6/09 7:37 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
Alien Arena 'M_AddToServerList()' UDP Packet Buffer Overflow Vulnerability
Bugtraq ID: 36782
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2009-3637
Remote: Yes
Local: No
Published: Oct 21 2009 12:00AM
Updated: Nov 06 2009 07:26AM
Alien Arena is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Solution:
Updates are available.
http://www.securityfocus.com/bid/36782/references
http://www.securityfocus.com/bid/36782/discuss
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integ
by Carol~ - 11/6/09 7:38 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
Linux Kernel KVM 'kvm_dev_ioctl_get_supported_cpuid()' Integer Overflow Vulnerability
Bugtraq ID: 36803
Class: Design Error
CVE: CVE-2009-3638
Remote: No
Local: Yes
Published: Oct 23 2009 12:00AM
Updated: Nov 06 2009 08:07AM
The Linux kernel is prone to an integer-overflow vulnerability that affects the Kernel-based Virtual Machine (KVM).
Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits will completely compromise affected computers.
Versions prior to Linux kernel 2.6.32-rc4 are vulnerable.
Solution:
Updates are available.
http://www.securityfocus.com/bid/36803/references
http://www.securityfocus.com/bid/36803/discuss
Linux Kernel 'unix_stream_connect()' Local Denial of Service
by Carol~ - 11/6/09 7:39 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
Bugtraq ID: 36723
Class: Input Validation Error
CVE: CVE-2009-3621
Remote: No
Local: Yes
Published: Oct 19 2009 12:00AM
Updated: Nov 06 2009 08:07AM
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to cause the affected kernel to stop responding, denying service to legitimate users.
Linux kernel 2.6.31.4 is vulnerable; other versions may also be affected.
Solution:
Updates are available.
http://www.securityfocus.com/bid/36723/references
http://www.securityfocus.com/bid/36723/discuss
Linux Kernel 2.4 and 2.6 Local Information Disclosure
by Carol~ - 11/6/09 7:40 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
Bugtraq ID: 36827
Class: Unknown
CVE: CVE-2009-3612
Remote: No
Local: Yes
Published: Oct 08 2009 12:00AM
Updated: Nov 06 2009 08:07AM
The Linux kernel is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Solution:
Updates are available.
http://www.securityfocus.com/bid/36827/references
http://www.securityfocus.com/bid/36827/discuss
Linux Kernel Keyring 'refcount' Local Integer Underflow
by Carol~ - 11/6/09 7:41 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
Linux Kernel Keyring 'refcount' Local Integer Underflow Vulnerability
Bugtraq ID: 36793
Class: Boundary Condition Error
CVE: CVE-2009-3624
Remote: No
Local: Yes
Published: Oct 22 2009 12:00AM
Updated: Nov 06 2009 09:46AM
The Linux kernel is prone to a local integer-underflow vulnerability.
Attackers can exploit this issue to crash the affected computer, denying service to legitimate users. Due to the nature of this flaw, it may be possible to leverage this issue to execute code but this has not been confirmed.
Solution:
Updates are available.
http://www.securityfocus.com/bid/36793/references
http://www.securityfocus.com/bid/36793/discuss
Multiple Vendor TLS Protocol Session Renegotiation Security
by Carol~ - 11/6/09 7:42 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
Bugtraq ID: 36935
Class: Design Error
CVE: CVE-2009-3555
Remote: Yes
Local: No
Published: Nov 04 2009 12:00AM
Updated: Nov 06 2009 12:56PM
Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process.
Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data.
Solution:
Updates are available.
http://www.securityfocus.com/bid/36935/references
http://www.securityfocus.com/bid/36935/discuss
Linux Kernel 64-bit Kernel Register Memory Leak Local Inform
by Carol~ - 11/6/09 7:43 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
Bugtraq ID: 36576
Class: Design Error
CVE: CVE-2009-2910
Remote: No
Local: Yes
Published: Oct 01 2009 12:00AM
Updated: Nov 06 2009 11:57AM
The Linux kernel is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Solution:
Updates are available
http://www.securityfocus.com/bid/36576/references
http://www.securityfocus.com/bid/36576/discuss
Debian update for linux-2.6.24
by Carol~ - 11/6/09 8:01 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
Release Date: 2009-11-06
Critical: Less critical
Impact: Exposure of sensitive information
Privilege escalation
DoS
Where: Local system
Solution Status: Vendor Patch
OS:Debian GNU/Linux 4.0
Solution:
Apply updated packages.
http://secunia.com/advisories/37282/2/
http://secunia.com/advisories/37282/
Debian update for linux-2.6 (2)
by Carol~ - 11/6/09 8:10 AM
In reply to: VULNERABILITIES \ FIXES - November 6, 2009 by Carol~
Release Date: 2009-11-06
Critical: Less critical
Impact: Exposure of sensitive information
Privilege escalation
DoS
Where: Local system
Solution Status: Vendor Patch
OS:Debian GNU/Linux 4.0
Description:
Debian has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges.
Solution:
Apply updated packages.
http://secunia.com/advisories/37293/2/
http://secunia.com/advisories/37293/
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
