CVE-2010-1321 – krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)
https://notcve.org/view.php?id=CVE-2010-1321
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. Vulnerabilidad en la función "kg_accept_krb5" en "krb5/accept_sec_context.c" de la librería GSS-API en MIT Kerberos v5 (también conocido como krb5) a través de v1.7.1 y v1.8 anterior a v1.8.2, como los usados en "kadmind" y otras aplicaciones, no comprueban adecuadamente vales (tokens) GSS-API inválidos, que permiten a usuarios autenticados remotamente causar una denegación de servicio (referencia a puntero nulo y caída del demonio) a través de un mensaje AP-REQ en el cual se pierde el campo "checksum" del usuario autenticado. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://lists.opensuse.org/opensuse-security-announce • CWE-476: NULL Pointer Dereference •
CVE-2010-1624 – Pidgin: MSN SLP emoticon DoS (NULL pointer dereference)
https://notcve.org/view.php?id=CVE-2010-1624
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message. La función msn_emoticon_msg en slp.c en el plugin MSN protocol en libpurple en Pidgin en versiones anteriores a la 2.7.0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un emoticono personalizado en un mensaje SLP malformado. • http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b http://secunia.com/advisories/39801 http://secunia.com/advisories/41899 http://www.mandriva.com/security/advisories?name=MDVSA-2010:097 http://www.pidgin.im/news/security/index.php?id=46 http://www.redhat.com/support/errata/RHSA-2010-0788.html http://www.securityfocus.com • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVE-2010-0629 – krb5: kadmind use-after-free remote crash (MITKRB5-SA-2010-003)
https://notcve.org/view.php?id=CVE-2010-0629
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. Vulnerabilidad de uso después de la liberación kadmin/server/server_stubs.c en kadmind en MIT Kerberos 5 (también conocido como krb5) de la v1.5 a la v1.6.3, permite a usuarios autenticados remotamente provocar una denegación de servicio (caída de demonio) a través de una petición desde un cliente kadmin que envía un número de versión de API no válido. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052 http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://secunia.com/advisories/39264 http://secunia.com/advisories/39290 http://secunia.com/advisories/39315 http://secunia.com/advisories/39324 http://secunia.com/advisories/39367 http://securitytracker.com/id?1023821 http • CWE-416: Use After Free •
CVE-2010-0840 – Oracle JRE Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2010-0840
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23 y 1.4.2_25 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. NOTA: la información previa fue obtenida de la CPU Marzo 2010. • https://www.exploit-db.com/exploits/16297 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http:/ •
CVE-2010-0302 – cups Incomplete fix for CVE-2009-3553
https://notcve.org/view.php?id=CVE-2010-0302
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. Vulnerabilidad de uso despues de liberacion en el interfaz de gestion de descriptores de fichero en la funcion cupsdDoSelect en scheduler/select.c en the scheduler en cupsd en CUPS v1.3.7, v1.3.9, v1.3.10, y v1.4.1, cuando se utiliza kqueue o epoll, permite a atacantes remotos producir una denegacion de servicio (caida de demonio o cuelgue) a traves de la desconexion del cliente durante el listado de un gran numero de trabajos de imporesion, relacionados con el inadecuado mantenimiento del numero de referencias. NOTA: Algunos de los detalles fueron obtenidos de terceras partes. • http://cups.org/articles.php?L596 http://cups.org/str.php?L3490 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html http://secunia.com/advisories/38785 http://secunia.com/advisories/38927 http://secunia.com/advisories/38979 http://secunia.com/advisories/40220 http://security.gentoo.org/glsa/glsa-201207-10.xml http://support.apple.com/kb/HT4188 http://www.mandriva.com • CWE-416: Use After Free •