ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 4



> 
> ************************
> Widely-Deployed Software
> ************************
> 
> (1) CRITICAL: Sun Java GIF File Parsing Vulnerability
> Affected:
> Sun Microsystems Java Development Kit and Java Runtime Environment
> JDK and JRE 5.0 Update 9 and prior
> SDK and JRE version 1.4.2_12 and prior
> SDK and JRE version 1.3.1_18 and prior
> 
> Description: Certain editions of the Java platform released by Sun
> Microsystems contain a vulnerability in the parsing of GIF 
> image files.
> A specially-crafted GIF image file with an image width value 
> of zero can
> cause a heap overflow. The flaw can be exploited to execute arbitrary
> code with the privileges of the current user. Note that applets are
> automatically downloaded and executed in typical web browser
> configurations. Hence, the flaw can be exploited by simply viewing a
> malicious web page or HTML email. Technical details for this
> vulnerability have been publicly posted. Sun's Java platform is
> installed on most Microsoft Windows systems, all Mac OS X systems, and
> most Unix and Unix-like systems.
> 
> Status: Sun confirmed, updates available.
> 
> References:
> Zero Day Initiative Advisory
> http://zerodayinitiative.com/advisories/ZDI-07-005.html
> Sun Advisory
> http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
> Sun Java Home Page
> http://java.sun.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/22085
> 

> 
> 07.4.17 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: WinZip Command Line Remote Buffer Overflow Vulnerability
> Description: WinZip is a file compression/archival application
> available for multiple Microsoft Windows platforms. It is exposed to a
> remote buffer overflow issue because it fails to adequately
> bounds check user-supplied input before copying it into an
> insufficiently sized buffer. This issue affects version 9.0 SR1.
> Ref: http://www.securityfocus.com/bid/22020/info
> ______________________________________________________________________
> 
> 07.4.35 CVE: CVE-2007-0243
> Platform: Cross Platform
> Title: Sun Java RunTime Environment GIF Images Buffer Overflow
> Description: The Java Runtime Environment is an application that
> allows users to run Java applications. It is prone to a buffer
> overflow vulnerability when the application processes a GIF image from
> a Java applet. Several versions of java runtime environment are
> affected. See the advisory for further details
> Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
> ______________________________________________________________________
> 
> 07.4.38 CVE: Not Available
> Platform: Cross Platform
> Title: Squid Proxy FTP URI Remote Denial of Service
> Description: Squid is an open source proxy server. It is prone to a
> remote denial of service issue due to a quoting flaw in the
> "ftpListingFinish()" function in the "src/ftp.c" source file. Squid
> versions from 2.5.STABLE11 to 2.6.STABLE6 are vulnerable.
> Ref: http://www.securityfocus.com/bid/22079
> ______________________________________________________________________
> 
> 07.4.40 CVE: Not Available
> Platform: Cross Platform
> Title: GnuPG Multiple Potential Vulnerabilities
> Description: GNU Privacy Guard (GnuPG) is an open source encryption
> application. It is potentially vulnerable to multiple remote issues
> due to a code audit. GnuPG version 1.4.6 is reportedly vulnerable and
> other versions may also be affected.
> Ref: http://www.securityfocus.com/bid/22064
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.