Mu Dynamics has discovered vulnerabilities in GnuTLS and Libtasn1. The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability. Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1_get_length_der is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally corrupt or otherwise buggy structures.
5c22831c56b5d7f5cefb792251ddbea761d9ea8806a0c02c5e304b7b960abf12The Mu Dynamics Research team has found several vulnerabilities stemming from unsafe use of the sscanf C standard library function. Asterisk versions 1.6.1 through 1.6.1.2 are affected.
4b4ca564af6eb635dec77a8869f1db6582e448ddc90620d17fb84789c0b6f227An IKE_SA_INIT message with a Key Exchange payload containing a large number of NULL values can cause a crash of the IKEv2 charon daemon. The problem is strongSwan dereferences a NULL pointer returned by the mpz_export() function of the GNU Multiprecision Library (GMP). strongSwan versions 4.2.6 and below are affected.
a3597b49066b341935ee93779ea9ca112ab0a8104c7b1a8d4db0e4628d8bde6aThe Mu Security Research team has found that repro SIP proxy/registrar version 1.3.2 suffers from a remote denial of service vulnerability.
91a6d43a2baf5a2b2ed067a279c38f21a6b845cf53483affa1bdf220b1303342The Mu Security Research team has found two security issues in the SDP parser in Asterisk 1.4.18. One is an invalid write to an attacker-controllable, almost arbitrary memory location and the other is a stack buffer overflow with limited attacker-controllable values.
22b9f55626db7117f3ba9d0b616eac257212d9c93020ffbcecfcfa095604f614MPlayer versions 1.0rc2 and below suffer from a remote stack overflow vulnerability.
1a59d6f531ad1e6263a34f3777c052f01a4db023ad45f6e63307d5f8ccdd1488There are multiple vulnerabilities where a maliciously-crafted packet can crash Dibbler version 0.6.0. These include packets with options with large lengths (memory allocation failure via integer overflow), invalid lengths (buffer overread), and malformed IA_NA options in a REBIND message (null pointer dereference).
f2b090fcf8285f4556684e70a8d80dc062ceda4f629aff5c30aed4839cb633a6Quagga bgpd version 0.99.8 suffers from a remote denial of service vulnerability.
a643fe7b20e97d462b4461df79f25858f310676b357a7736c5fd8f8217bcdf15A remote heap overflow condition in Real Helix's RTSP service could allow for arbitrary code execution. The vulnerable code is triggered with the use of an RTSP command with multiple 'Require' headers. Versions prior to 11.1.4 are affected.
99fbe1a74de2e483e58433d3eafc5f2697345d9fc0f9bf9de2e4664637001ed8An integer overflow vulnerability exists in the RPC runtime library (libinfo) that handles AUTH_UNIX authentication. By sending maliciously-crafted requests to the any RPC service (portmap, mount, nfs, etc), a remote attacker can trigger the overflow which may lead to arbitrary code execution as the 'daemon' user. Mac OS X versions 10.3.9 and 10.4.9 are affected.
97e5e87dca373f256dac237d93184a10f3eab15b0ae01172cebbd02bfd5db45bAsterisk crashes when handed an otherwise valid request message but with no URI and no SIP-version in the request-line of the message. Asterisk versions 1.2.15 and 1.4.0, along with prior versions, are affected.
4df0189ab0730598e7eef2261fe6960b91fbe72020bb219fd37a290679ce1e96Mu Security MU-200610-01: Denial of Service in XORP OSPFv2: OSPF carries link state information using Link State Advertisements. Each LSA contains a length field as well as a checksum. XORP performs a checksum verification when processing an LSA. During the checksum verification, the length field is used to calculate the payload. An invalid length field causes an out of bounds read, causing the OSPF daemon to crash.
ba8f5f4a3cbb2887f475beee8d4367ae57c087c94175bdd0caae9389252befbdMu Security Advisory: Multiple Pre-Authentication Vulnerabilities in MailEnable SMTP [MU-200609-01]
f16c24e6e5e0894662a9bc5a294d4f5854f06b80208788c3261aef62da2517b7A remote stack buffer overflow condition in Asterisk's MGCP implementation could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed AUEP (audit endpoint) response message. A second issue exists in the handling of file names sent to the Record() application which could lead to arbitrary code execution via a format string attack or arbitrary file-overwrite via directory traversal techniques. The impact of this vulnerability is minimal, however, as it requires an administrator to use a client-controlled variable as part of the filename. Asterisk versions 1.0.0 through 1.2.10 are affected.
dbdc141ab5d77885c8dca0d5658fe534d27d30e676035e308e313dba03713a10Apple Open Directory Pre-Authentication Denial of Service: A denial of service condition exists in slapd (OpenLDAP-2.2.19) during the anonymous bind operation. By sending a malformed ldap-bind message, the slapd server can be forced to abort
d9553f5df18483b93dbebdc0884e1242dbb918c1e00d9668340b5b3a8f0e9f9eA remote buffer overflow condition in Real Helix's RTSP service could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed HTTP header. A second vulnerability of equal criticality was also discovered. This bug involved the parsing of HTTP URLs. Affected versions include Real Networks Helix DNA Server 11.0.x and Real Networks Helix DNA Server 10.0.x.
4022b34c3349145110e125c8bc13def3346578012e5faac7c27a6d60fc1afa73MU-200605-02 - A remote buffer overflow condition in Apple's RTSP service could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed RTSP header. QuickTime Streaming Server versions 5.5 and below are affected.
193c81cd2ec447f58781bf500a1dcd68539eacc3a38e3fe8c308fb7fd356f9a2MU-200604-01: Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service - A denial of service condition exists in the SASL authentication library during DIGEST-MD5 negotiation. This potentially affects multiple products that use SASL DIGEST-MD5 authentication including OpenLDAP, Sendmail, Postfix, Apple, etc.
3a2e74c99b10fb7186b0276d863f1e37f31bf044add47a6bcf9ace11369bed1eMailEnable POP3 Pre-Authentication Buffer Overflow [MU-200603-01] - A remote buffer overflow condition in MailEnable's POP3 service could allow for arbitrary code execution. The vulnerable code can be exercised remotely without authentication.
13622f86f57e20faad4fea32d02d1fe528d85b0c0a4897015d09a293505ad909
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed