DragonSoft Security Associates

Advisories & Alerts

Date Reported: 2010/09/09
Name: Mozilla Thunderbird before 3.1.3 Multiple Remote Vulnerabilities
Risk: High
Description:
Mozilla Thunderbird before version 3.1.3 exists multiple remote vulnerabilities. (CVE-2010-2764,CVE-2010-2769,CVE-2010-2768,CVE-2010-2762,CVE-2010-2770,CVE-2010-2766,CVE-2010-3167,CVE-2010-3168,CVE-2010-2760,CVE-2010-3166,CVE-2010-3131,CVE-2010-2767,CVE-2010-2765,CVE-2010-3169)
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4420

Date Reported: 2010/09/09
Name: SeaMonkey before 2.0.7 Multiple Remote Vulnerabilities
Risk: High
Description:
SeaMonkey before version 2.0.7 exists multiple remote vulnerabilities. (CVE-2010-2764,CVE-2010-2769,CVE-2010-2768,CVE-2010-2763,CVE-2010-2770,CVE-2010-2766,CVE-2010-3167,CVE-2010-3168,CVE-2010-2760,CVE-2010-3166,CVE-2010-3131,CVE-2010-2767,CVE-2010-2765,CVE-2010-3169)
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4419

Date Reported: 2010/09/09
Name: Mozilla Thunderbird before 3.0.7 Multiple Remote Vulnerabilities
Risk: High
Description:
Mozilla Thunderbird before version 3.0.7 exists multiple remote vulnerabilities. (CVE-2010-2764,CVE-2010-2769,CVE-2010-2768,CVE-2010-2763,CVE-2010-2770,CVE-2010-2766,CVE-2010-3167,CVE-2010-3168,CVE-2010-2760,CVE-2010-3166,CVE-2010-3131,CVE-2010-2767,CVE-2010-2765,CVE-2010-3169)
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4418

Date Reported: 2010/09/09
Name: Mozilla Firefox before 3.6.9 Multiple Remote Vulnerabilities
Risk: High
Description:
Firefox before version 3.6.9 are exist multiple remote vulnerabilities. (CVE-2010-2764,CVE-2010-2769,CVE-2010-2768,CVE-2010-2762,CVE-2010-2770,CVE-2010-2766,CVE-2010-3167,CVE-2010-3168,CVE-2010-2760,CVE-2010-3166,CVE-2010-3131,CVE-2010-2767,CVE-2010-2765,CVE-2010-3169)
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4417

Date Reported: 2010/09/09
Name: Mozilla Firefox before 3.5.12 Multiple Remote Vulnerabilities
Risk: High
Description:
Firefox before version 3.5.12 are exist multiple remote vulnerabilities. (CVE-2010-2764,CVE-2010-2769,CVE-2010-2768,CVE-2010-2763,CVE-2010-2770,CVE-2010-2766,CVE-2010-3167,CVE-2010-3168,CVE-2010-2760,CVE-2010-3166,CVE-2010-3131,CVE-2010-2767,CVE-2010-2765,CVE-2010-3169)
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4416

Date Reported: 2010/09/03
Name: FTP Explorer Directory traversal Vulnerability
Risk: High
CVSS Base Score: 9.3
Description:
Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
Category: FTP Servers
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4409

Date Reported: 2010/09/03
Name: Wireshark SigComp Universal Decompressor Virtual Machine dissector Buffer overflow Vulnerability
Risk: High
CVSS Base Score: 8.3
Description:
Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4408

Date Reported: 2010/09/03
Name: Wireshark ASN.1 BER dissector Buffer overflow Vulnerability
Risk: High
CVSS Base Score: 8.3
Description:
The Buffer overflow vulnerability exists in Wireshark 0.10.13 through 1.0.13, and 1.2.0 through 1.2.8, has unknown impact and remote attack vectors.
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4405

Date Reported: 2010/09/08
Name: MySQL 'WITH ROLLUP' DoS Vulnerability
Risk: Medium
Description:
MySQL before 5.1.49 exists a denial-of-service vulnerability. Incorrect handling of NULL arguments could lead to a crash for IN() or CASE operations when NULL arguments were either passed explicitly as arguments (for IN()) or implicitly generated by the WITH ROLLUP modifier (for IN() and CASE).
Category: MySQL
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=4415

Date Reported: 2010/09/08
Name: MySQL 'JOIN' DoS Vulnerability
Risk: Medium
Description:
MySQL before 5.1.49 exists a denial-of-service vulnerability. Joins involving a table with a unique SET column could cause a server crash.
Category: MySQL
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=4414

Date Reported: 2010/09/08
Name: MySQL 'DLL' DoS Vulnerability
Risk: Medium
Description:
MySQL before 5.1.49 exists a denial-of-service vulnerability. After changing the values of the innodb_file_format or innodb_file_per_table configuration parameters, DDL statements could cause a server crash.
Category: MySQL
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=4413

Date Reported: 2010/09/08
Name: MySQL 'EXPLAIN' DoS Vulnerability
Risk: Medium
Description:
MySQL before 5.1.49 exists a denial-of-service vulnerability. Using 'EXPLAIN' with queries of the form SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...) could cause a server crash.
Category: MySQL
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=4412

Date Reported: 2010/09/08
Name: MySQL 'LOAD DATA INFILE' DoS Vulnerability
Risk: Medium
Description:
MySQL before 5.1.49 exists a denial-of-service vulnerability. The security issue is caused by 'LOAD DATA INFILE' did not check for SQL errors and sent an OK packet even when errors were already reported. An attacker can exploit this issue to crash the database
Category: MySQL
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=4411

Date Reported: 2010/09/08
Name: bogofilter base64 decoder Multiple buffer underflows Vulnerability-SUSE
Risk: Medium
CVSS Base Score: 5
Description:
Multiple buffer underflows in the base64 decoder in bogofilter before 1.2.2 allow remote attackers to cause a denial of service via an e-mail message with invalid base64 data.
Category: SUSE Security Checks
Affect OS: SUSE
Link: http://vdb.dragonsoft.com/detail.php?id=4410

Date Reported: 2010/08/27
Name: OpenLDAP IA5StringNormalize() DoS Vulnerability
Risk: Medium
CVSS Base Score: 5
Description:
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function.
Category: LDAP
Affect OS: UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=4402

Date Reported: 2010/08/27
Name: OpenLDAP slap_mods_free() DoS Vulnerability
Risk: Medium
CVSS Base Score: 5
Description:
The Denial of Service vulnearability exits in OpenLDAP 2.4.22, causes by slap_mods_free() does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) or send specially crafted data to cause an invalid pointer to be freed, potentially executing arbitrary code on the target.
Category: LDAP
Affect OS: UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=4401

Date Reported: 2010/09/02
Name: OpenSSL ssl3_get_key_exchange() Use-after-free Vulnerability
Risk: Medium
CVSS Base Score: 4.3
Description:
The Use-after-free vulnerability exists in OpenSSL 1.0.0a, 0.9.8, 0.9.7, caused by a error in the "ssl3_get_key_exchange()" function when processing malformed SSL data, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted certificate or connecting to a malicious server.
Category: Web Servers
Affect OS: UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=4403

Date Reported: 2010/09/03
Name: Wireshark SigComp Universal Decompressor Virtual Machine dissector DoS Vulnerability
Risk: Low
CVSS Base Score: 3.3
Description:
The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4407

Date Reported: 2010/09/03
Name: Wireshark SMB PIPE dissector DoS Vulnerability
Risk: Low
CVSS Base Score: 3.3
Description:
The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4406

Date Reported: 2010/09/03
Name: Wireshark SMB dissector DoS Vulnerability
Risk: Low
CVSS Base Score: 3.3
Description:
The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
Category: Others
Affect OS: NT
Link: http://vdb.dragonsoft.com/detail.php?id=4404

--------------------------------------------------------------------------------------------------

Risk:
  High: Allow immediate remote, or local access or immediate execution of code or commands,
          with unauthorized privileges, and bypassing security on firewalls.
  Medium: Potential of granting access or allowing code execution by means of complex or 
          lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle 
          attacks, SQL injection, denial of service, information disclosure.
  Low: deny service or provide non-system information that could be used to formulate 
         structured attacks on a target, but not directly gain unauthorized access.
--------------------------------------------------------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved

PRODUCTS\| SOLUTIONS \| RESOURCES \| SUPPORT \| PARTNERS \| COMPANY
Copyright © DragonSoft Security Associates, Inc. All rights reserved..	Privacy statement