Dark Reading
Risky Business
CISO GUIDE: FISMA Compliance
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
EBOOK: 7 Truths of IT Governance
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
BUYERS GUIDE: Endpoint Protection
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Small Businesses, Banks Wrestle With Security Issues
Only One In Seven Consumer AV Tools Catch New 'Aurora' Variants
Security Pros Say Apps Are Vulnerable -- And Constantly Attacked
MORE KEYHOLE
ENTERPRISE VULNERABILITIES
Vulnerability:legato networker, informix dynamic server
Published:2010-03-05
Severity:High
Description:Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allow remote attackers to execute arbitrary code via a crafted parameter size.
Published:2010-03-05
Severity:High
Description:Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allow remote attackers to execute arbitrary code via a crafted parameter size.
Vulnerability:legato networker, informix dynamic server
Published:2010-03-05
Severity:High
Description:Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
Published:2010-03-05
Severity:High
Description:Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
Vulnerability:http server
Published:2010-03-05
Severity:Medium
Description:The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Published:2010-03-05
Severity:Medium
Description:The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Vulnerability:kvm
Published:2010-03-05
Severity:Medium
Description:The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Published:2010-03-05
Severity:Medium
Description:The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
Vulnerability:unified communications manager
Published:2010-03-05
Severity:High
Description:Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
Published:2010-03-05
Severity:High
Description:Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
|
