NUEVAS VULNERABILIDADES que afectan a Microsoft

Diciembre 9, 2009

Microsoft Project Invalid Resource Memory Allocation Remote Code Execution Vulnerability
Microsoft Project is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Microsoft Internet Explorer ‘CAttrArray’ Object Remote Code Execution Vulnerability
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Microsoft Internet Explorer (CVE-2009-3671) Uninitialized Memory Remote Code Execution Vulnerability
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Microsoft Internet Explorer CSS Race Condition Remote Code Execution Vulnerability
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Microsoft Windows Active Directory Single Sign On Authentication Spoofing Vulnerability
Microsoft Windows Active Directory Federation Services (ADFS) is prone to an authentication-spoofing vulnerability affecting single sign-on (SSO) websites because it fails to properly implement session management. Successful exploits will allow attackers to authenticate to trusted servers by spoofing a legitimate user’s credentials, which may aid in further attacks.

fuente: securityfocus.com


Deja un Comentario » | 1 | Etiquetado: , , , | Permalink
Escrito por komz

NUEVA VULNERABILIDAD, Linux Kernel ‘net/mac80211/’ Multiple Remote Denial of Service Vulnerabilities

Diciembre 2, 2009

The Linux Kernel is prone to multiple remote denial-of-service vulnerabilities.

An attacker can exploit these issues to cause a kernel panic, denying service to legitimate users.

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , , | Permalink
Escrito por komz

NUEVAS VULNERABILIDADES, que afectan al sistema operativo Microsoft

Noviembre 11, 2009

Multiples vulnerabildiades que afectan a productos del paquete Microsoft Office (especificamente a Excel y a Word) como tambien vulnerabilidades que afectan al kernel de Windows.

Las vulnerabilidades encontradas son las siguientes:

BOLETIN DE SEGURIDAD DE NOVIEMBRE 09

Published: Nov 10 2009 | Updated: Nov 10 2009
fuente: securityfocus.com

windows broken-mini

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , , , , | Permalink
Escrito por komz

VULNERABILIDADES, Nuevas variantes en vulnerabilidades que afectan a Wireshark

Noviembre 5, 2009

Wireshark 1.2.1 Multiple Vulnerabilities

Wireshark 1.2.0 Multiple Vulnerabilities

Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities

fuente: securityfocus.com

Wireshark_Icon


Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , | Permalink
Escrito por komz

VULNERABILIDADES. Nuevas variantes en vulnerabilidades que afectan al servidor Apache

Noviembre 2, 2009

Nuevas variantes en vulnerabilidades que afectan al servidor Apache.

Apache APR-util ‘apr_strmatch_precompile()’ Integer Underflow Vulnerability

Apache APR-util ‘xml/apr_xml.c’ Denial of Service Vulnerability

Apache APR-util ‘apr_brigade_vprintf’ Off By One Vulnerability

 

fuente: securityfocus.com

apache

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , , | Permalink
Escrito por komz

DOS NUEVAS VULNERABILIDADES que afectan al Kernel de Linux

Octubre 23, 2009

1- Linux Kernel Keyring ‘refcount’ Local Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected computer, denying service to legitimate users.

2- Linux Kernel NFSV4 CallbackClient NULL Pointer Dereference Local Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability. Local attackers may exploit this issue to cause the affected computer to crash, denying service to legitimate users.

Published:  Oct 22 2009
Updated:     Oct 22 2009

Linux kernel Homepage (kernel.org)

fuente: fuente: securityfocus.com

linux

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , | Permalink
Escrito por komz

NUEVAS VULNERABILIDADES, que atacan al sistema operativo (y componentes) Microsoft

Octubre 14, 2009

Un mes mas, cuando Microsoft saca a la luz publica su Boletin de Seguridad Mensual, tambien salen a relucir nuevas vulnerabilidades que lo afectan.

Published:       Oct 13 2009
Updated:          Oct 13 2009

BOLETIN DE SEGURIDAD, OCTUBRE 09

fuente: securityfocus.com

micro

1 comentario | 03.Vulnerabilidades | Etiquetado: , , | Permalink
Escrito por komz

NUEVA VULNERABILIDAD, Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability

Octubre 9, 2009

The Linux kernel is prone to a local denial-of-service vulnerability in the ‘eCryptfs’ component.

Attackers can exploit this issue to corrupt memory, resulting in a denial-of-service condition. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Linux kernel 2.6.31.2 are vulnerable.

Published:       Oct 08 2009 12:00AM
Updated:          Oct 08 2009 07:29PM

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

linux

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , | Permalink
Escrito por komz

NUEVA VULNERABILIDAD, Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability

Octubre 6, 2009

Apache HTTP Server is prone to a denial-of-service vulnerability because of faulty error handling.

Successful exploits may allow remote attackers to trigger denial-of-service conditions.

This issue affects versions prior to Apache 2.2.14 on Solaris platforms.

Published:    Oct 05 2009 12:00AM
Updated:       Oct 06 2009 12:39AM

REFERENCIA DE LA VULNERABILIDAD

fuente: securityfocus.com

apache

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , , | Permalink
Escrito por komz

NUEVA VULNERABILIDAD, Sun Solaris IP(7P) Module and STREAMS Framework Local Denial Of Service Vulnerability

Octubre 1, 2009

Sun Solaris is prone to a local denial-of-service vulnerability in the IP(7P) module and STREAMS Framework.

Local attackers may exploit this issue to cause denial-of-service conditions.
Published:     Sep 30 2009 12:00AM
Updated:        Sep 30 2009 10:30PM

REFERENCIA DE LA VULNERABILIDAD

Solution 263388 : Security Vulnerabilities in Solaris IP(7P) Module and STREA (Sun)
fuente: securityfocus.com

sun microsystem

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , | Permalink
Escrito por komz

NUEVA VULNERABILIDAD. Cisco Lightweight Access Point Over The Air Manipulation Denial of Service Vulnerability

Agosto 26, 2009

Cisco Lightweight Access Point is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause the affected device to stop responding, denying service to legitimate users.

This issue is being tracked by Cisco Bug ID CSCtb56664.


Published:       Aug 25 2009 12:00AM
Updated:          Aug 25 2009 09:52PM


REFERENCIA DE LA VULNERABILIDAD

REFERENCIA CISCO

fuente: securityfocus.com

cisco

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , | Permalink
Escrito por komz

VULNERABILIDAD. Cisco Wireless LAN Controller HTTP Authorization Denial of Service Vulnerability

Julio 27, 2009

Cisco Wireless LAN Controller is prone to a denial-of-service vulnerability when handling specially crafted HTTP requests.

An attacker can exploit this issue to trigger an affected device to reboot, causing denial-of-service conditions.

This issue affects Cisco Wireless LAN Controller 4402 (software release 5.1.151.0); other versions and devices may be affected as well.

Published:       Jul 26 2009 12:00AM
Updated:          Jul 26 2009 12:00AM

REFERENCIA DE LA VULNERABILIDAD

EXPLOIT

fuente: securityfocus.com

cisco


1 comentario | 03.Vulnerabilidades | Etiquetado: , , , | Permalink
Escrito por komz

VULNERABILIDAD. Mozilla Firefox Nested ‘window.print()’ Denial of Service Vulnerability

Marzo 4, 2009

Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 2.0.0.20 is vulnerable; other versions may also be affected.

REFERENCIA DE LA VULNERABILIDAD

EXPLOIT

fuente: securityfocus.com

firefox

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , , , , | Permalink
Escrito por komz

VULNERABILIDAD. Wireshark 1.0.4 SMTP Denial of Service Vulnerability

Diciembre 16, 2008

Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to hang, which may aid in other attacks.

This issue affects Wireshark 1.0.4; other versions may also be vulnerable.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

wireshark-logo2

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , | Permalink
Escrito por komz

VULNERABILIDAD. Solaris ‘libICE’ Unspecified Denial of Service Vulnerability

Diciembre 16, 2008

Sun Solaris is prone to an unspecified denial-of-service vulnerability.

Remote attackers may exploit this issue to deny service to legitimate users.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

sun-microsystem

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , | Permalink
Escrito por komz

VULNERABILIDAD. Linux Kernel ‘net/atm/proc.c’ Local Denial of Service Vulnerability

Diciembre 11, 2008

The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the Linux kernel to go into an infinite loop, which may cause a denial-of-service condition.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

linux2

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , | Permalink
Escrito por komz

VULNERABILIDAD. Linux Kernel ’sendmsg()’ Local Denial of Service Vulnerability

Diciembre 11, 2008

The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to create a soft lockup of the vulnerable kernel or to invoke the ‘oom-killer’ kernel functionality, which may halt unrelated processes. This may result in a denial-of-service condition.

NOTE: This issue was either caused or revealed by the fix for BID 32154 (Linux Kernel ‘__scm_destroy()’ Local Denial of Service Vulnerability).

The Linux kernel 2.6.27 and prior versions are affected.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

linux1

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , | Permalink
Escrito por komz

VULNERABILIDAD. Apache ‘mod_proxy_http’ Interim Response Denial of Service Vulnerability

Noviembre 12, 2008

The Apache ‘mod_proxy_http’ module is prone to a denial-of-service vulnerability that affects the processing of interim responses.

Attackers may exploit this issue to cause denial-of-service conditions.

Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected.

fuente: securityfocus

REFERENCIA DE LA VULNERABILIDAD

apache1

Deja un Comentario » | 03.Vulnerabilidades | Etiquetado: , , | Permalink
Escrito por komz