Professional Documents
Culture Documents
دليل الثغرات نظم تشغيل المخدمات الخاصة بالمواقع الالكترونية على الشبكة
دليل الثغرات نظم تشغيل المخدمات الخاصة بالمواقع الالكترونية على الشبكة
ﻣﺧدﻣﺎت
دﻟﻳﻝ اﻟﺛﻐرات اﻷﻣﻧﻳﺔ ﻓﻲ ﻧظم ﺗﺷﻐﻳﻝ اﻟ ّ
اﻟﺧﺎﺻﺔ ﺑﺎﻟﻣواﻗﻊ اﻹﻟﻛﺗروﻧﻳﺔ ﻋﻠﻰ ﺷﺑﻛﺔ اﻹﻧﺗرﻧت
اﻹﺻدار اﻷوﻝ
دﻣﺷق ﻓﻲ ٢٠١٢/٤/١٨
1
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﻓﻬرس اﻟﻣﺣﺗوﻳﺎت
13 Red Hat Enterprise Linux اﻟﺛﻐرات اﻷﻣﻧﻳﺔ اﻟﻣوﺟودة ﻓﻲ ﻧظﺎم اﻟﺗﺷﻐﻳﻝ
50 SUSE Linux Enterprise Server اﻟﺛﻐرات اﻷﻣﻧﻳﺔ اﻟﻣوﺟودة ﻓﻲ ﻧظﺎم اﻟﺗﺷﻐﻳﻝ
54 اﻟﻣراﺟﻊ
2
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
.1اﻟﺛﻐرات اﻷﻣﻧﻳﺔ اﻟﻣوﺟودة ﻓﻲ ﻧظﺎم اﻟﺗﺷﻐﻳﻝ :Ubuntu Linux
4
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
اﻟﻣﻬﺎﺟم ﻗد ﻳﺳﺗطﻳﻊ اطﻼق ﻫﺟﻣﺎت vulnerabilities
DoSﻣن داﺧﻝ اﻟﺷﺑﻛﺔ اﻟداﺧﻠﻳﺔ
16 ﺛﻐرة ﻓﻲ ﻣﻠﻔﺎت ﺗﺷﻐﻳﻝ ﻧظﺎم اﻟرﺑط Ubuntu 11.04 Linux
)(OMAP4
اﻟﻼﺳﻠﻛﻲ ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن vulnerabilities
ﺳﻣﺎﺣﻳﺔ ذوي
Medium ﺑﺎطﻼق CAP_NET_ADMIN CVE-2011-2517
ﻫﺟﻣﺎت DoSاو ﻛﺷف ﺳﻣﺎﺣﻳﺎﺗﻬم
ﻋﺑر ﻧظم اﻟرﺑط اﻟﺷﺑﻛﻲ اﻟﻔﻌﺎﻟﺔ
ﺣﻳﻧﻬﺎ
17 ﺛﻐرة ﻓﻲ اداة perf command Ubuntu 11.04 Linux
)(OMAP4
ﺗﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدم اﻟﻌﺎدي ﻣن ﺧﻼﻝ vulnerabilities
Medium CVE-2011-2905
ﺗﺷﻐﻳﻝ ﺑﻌض اﻻواﻣر اﻟﻌﺷواﺋﻳﺔ ﻣن
اﻛﺗﺳﺎب ﺳﻣﺎﺣﻳﺎت ﻣﺗﻘدﻣﺔ
18 ﺗﺗﻣﺛﻝ ﻫذﻩ اﻟﺛﻐرة ﺑﺧطﺄ ﺑرﻣﺟﻲ ﻓﻲ Ubuntu 11.04 Linux
)(OMAP4
Comedi driverﻗد ﻳﺗﺳﺑب ﺑﻛﺷف vulnerabilities
Low CVE-2011-2909
ﻣﻌﻠوﻣﺎت ﻣن ﺧﻼﻝ اﻟذاﻛرة
leaked stack memory
19 ﺗُﻣ ّﻛن اﻟﻣﻬﺎﺟم ﻣن اﻟﻧﻔﺎذ اﻟﻰ CIFS Ubuntu 11.04 Linux
)(OMAP4
Medium Partitionﻣﻣﺎ ﻳؤدي إﻟﻰ ﻣﺷﺎﻛﻝ vulnerabilities CVE-2011-3363
ﻓﻲ اﻟﻧظﺎم ﺑﻬﺟﻣﺎت DoS
20 ﺗﺗﻌﻠق ﺑـ mount.cifsﺑﺣﻳث ﻗد Ubuntu 10.10 Linux
)(OMAP4
وﺑدون اﻟﻣﺳﺗﺧدﻣون ﻳﺳﺗطﻳﻊ vulnerabilities
Medium CVE-2011-1585
اﻟﺳﻣﺎﺣﻳﺎت اﻟﻣﻧﺎﺳﺑﺔ اﺟراء CIFS
share mounted
21 ﻋدم ﻗﻳﺎم اﻟﻧظﺎم ﺑﺎﺟراء اﻟﺗﺣﻘق ﻣن Ubuntu 11.10 KDE Utilities
Ubuntu 11.04 vulnerability
اﻻدﺧﺎﻝ ﺑﺎﻟﺷﻛﻝ اﻟﻣﺛﺎﻟﻲ ﻋﻧد ﻣﻌﺎﻟﺟﺔ Ubuntu 10.10
Medium ﻣﻠﻔﺎت archive filesﻣﻣﺎ ﻗد Ubuntu 10.04 LTS CVE-2011-2725
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﺗﻌدﻳﻝ واﻟﺣذف
ﻋﻠﻰ ﻫذﻩ اﻟﻣﻠﻔﺎت
22 ﺗﺗﻣﺛﻝ ﻫذﻩ اﻟﺛﻐرة ﺑﺗﺳرب اﻟﺑﻳﺎﻧﺎت Ubuntu 11.10 Linux kernel
vulnerability
ﻋﻧد اﻟﺗﻌﺎﻣﻝ ﻣﻊ ﺑﻳﺎﻧﺎت ﻣﺷﻔرة ب
TPM Trusted Platform
Low CVE-2011-1162
Moduleﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدم
ﻏﻳر اﻟﻣﺧوﻝ ﺑﻘراءة اﻟﺑﻳﺎﻧﺎت ﻣن
اﻟﻌﻣﻠﻳﺔ اﻟﺳﺎﺑﻘﺔ ﻟـ TPM
23 ﺛﻐرة ﻓﻲ اﻟﺑروﺗوﻛوﻝ اﻟﺧﺎص ﺑﺎﻻداة Ubuntu 11.04 Pidgin
Ubuntu 10.10 vulnerabilities
Yahoo pluginاﻟﻣوﺟودة ﻓﻲ Ubuntu 10.04 LTS
Low ﺑرﻧﺎﻣﺞ اﻟﻣﺣﺎدﺛﺔ pidginﻗد ﺗؤدي CVE-2011-1091
اﻟﻰ اﻣﻛﺎﻧﻳﺔ اطﻼق ﻫﺟﻣﺔ DoS
ﻧوع Application crashﻣن
5
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﻗﺑﻝ ﻣﻬﺎﺟﻣﻳن ﻋﺑر اﻟﺷﺑﻛﺎت و ﻣن
ﻣﺧدﻣﺎت ﻋﺑر
ﻗﺑﻝ ﻣﻬﺎﺟﻣﻳن
Yahoo
24 ﺛﻐرة ﻓﻲ اﻟﺑروﺗوﻛوﻝ اﻟﺧﺎص ﺑﺎﻻداة Ubuntu 11.04 Pidgin
Ubuntu 10.10 vulnerabilities
MSN pluginاﻟﻣوﺟودة ﻓﻲ Ubuntu 10.04 LTS
ﻗﺑﻝ pidgin اﻟﻣﺣﺎدﺛﺔ ﺑرﻧﺎﻣﺞ
Low اﻟﻧﺳﺧﺔ ٢,١٠,٠ﻗد ﺗؤدي اﻟﻰ CVE-2011-3184
7
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺈﺣداث ﻫﺟﻣﺎت
out‐of‐bounds ﻧوعDoS
memory access and
daemon crash
38 اﻟﺗﻌﺎﻣﻝ ﻏﻳر اﻟﺻﺣﻳﺢ ﻣﻊ ﻣﻠﺣﻘﺎت Ubuntu 11.10 Quagga
Ubuntu 11.04 vulnerabilities
ﻣﻣﺎ ﻗد ﻳؤدي اﻟﻰ ﻫﺟﻣﺎتIPv6 Ubuntu 10.10
Medium CVE-2011-3324
assertion failure ﻧوعDoS Ubuntu 10.04 LTS
and daemon exit
39 Quagga-Routing ﺗﺗﻌﻠق ﺑﻌﻣﻝ Ubuntu 11.10 Quagga
Ubuntu 11.04 vulnerabilities
ﻗد ﺗﺳﻣﺢ19.99 ﻗﺑﻝ اﻟﻧﺳﺧﺔ Ubuntu 10.10
DoSﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎطﻼق ﻫﺟﻣﺎت Ubuntu 10.04 LTS
Medium CVE-2011-3325
ﻣن ﺧﻼﻝdaemon crash ﻧوع
أو ﺟزء اﻟﺗرﺣﻳب ﻓﻲIPv4 ﺗروﻳﺳﺔ
IPv6
40 Quagga-Routing ﺗﺗﻌﻠق ﺑﻌﻣﻝ Ubuntu 11.10 Quagga
Ubuntu 11.04 vulnerabilities
واﻟﺗﻌﺎﻣﻝ ﻣﻊ19.99 ﻗﺑﻝ اﻟﻧﺳﺧﺔ Ubuntu 10.10
Medium ﻣﻣﺎ ﻗد ﻳﺗﺳﺑبIPv4 رﺳﺎﺋﻝ ﺗﺣدﻳث Ubuntu 10.04 LTS CVE-2011-3326
daemon ﻧوع DoS ﺑﻬﺟﻣﺎت
crash
41 Quagga-Routing ﺗﺗﻌﻠق ﺑﻌﻣﻝ Ubuntu 11.10 Quagga
Ubuntu 11.04 vulnerabilities
واﻟﺗﻌﺎﻣﻝ ﻣﻊ19.99 ﻗﺑﻝ اﻟﻧﺳﺧﺔ Ubuntu 10.10
Medium ﻣﻣﺎ ﻗد ﻳﺗﺳﺑبIPv4 رﺳﺎﺋﻝ Ubuntu 10.04 LTS CVE-2011-3327
daemon ﻧوع DoS ﺑﻬﺟﻣﺎت
أو ﺗﻧﻔﻳذ ﺷﻳﻔرات ﺧﺑﻳﺛﺔcrash
42 ﻟﻣﺧدم اﻟﺻﺣﻳﺢ اﻟﺗﻌﺎﻣﻝ ﻋدم Ubuntu 11.10 Apache
Ubuntu 11.04 vulnerabilities
وRewriteRule ﻣﻊApache Ubuntu 10.10
ﻣﻣﺎ ﻗد ﻳﺳﻣﺢProxyPassMatch Ubuntu 10.04 LTS
Medium Ubuntu 8.04 LTS
ﻟﻠﻣﻬﺎﺟﻣﻳن ﻣن ﺧﻼﻝ ارﺳﺎﻝ طﻠﺑﺎت
ﺗﺣوي اﻟﻣﺣرف @ ﺑﺎﻟﻧﻔﺎذ اﻟﻰ ﻣﺧدم
اﻟوﻳب اﻟداﺧﻠﻲ
43 mod_proxy_ajp ﻋﻧد اﺳﺗﺧدام Ubuntu 11.10 Apache
Ubuntu 11.04 vulnerabilities
mod_proxy_balancer ﻣﻊ Ubuntu 10.10
وﻓﻲ ﺿﺑط ﻣﻌﻳن ﻗد ﺗﺳﻣﺢ ﻫذﻩ Ubuntu 10.04 LTS
Ubuntu 8.04 LTS
Medium اﻟظروف ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎطﻼق ﻫﺟﻣﺎت CVE-2011-3348
temporary "error ﻧوعDoS
state" in the backen
http ﻋن طرﻳق طﻠﺑﺎتserver
44 ITK Multi‐ ﺧطﺄ ﻓﻲ ﻋﻣﻝ وﺣدة Ubuntu 11.10 Apache
Ubuntu 11.04 vulnerabilities
Apache ﺿﻣنProcessing Ubuntu 10.10
Medium CVE-2011-1176
وﻓﻲ ظروف ﻣﻌﻳﻧﺔ ﺗﺗﺳﺑب ﻓﻲ ﻣﻧﻊ Ubuntu 10.04 LTS
Ubuntu 8.04 LTS
ﻣن اﻟﺗﻌﺎﻣﻝApache ﻣﺧدم
8
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
اﻟﺻﺣﻳﺢ ﻣﻊ ﺳﻣﺎﺣﻳﺎت اﻟﻣﺳﺗﺧدم
ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﻣن اﻟﻧﻔﺎذ
اﻟﻰ ﺑﻌض ﺳﻣﺎﺣﻳﺎت اﻟﻣﺳﺗﺧدم
root
45 ﺧطﺄ ﻓﻲ ﺑرﻧﺎﻣﺞ ﻣﻛﺎﻓﺣﺔ اﻟﻔﻳروﺳﺎت Ubuntu 11.10 ClamAV
Ubuntu 11.04 vulnerability
ClamAVﻳﺗﻌﻠق ﺑﺎﻟﺗﻌﺎﻣﻝ ﻣﻊ Ubuntu 10.10
اﻟﻌودﻳﺔ recursionﻓﻲ ظروف Ubuntu 10.04 LTS
Medium CVE-2011-3627
ﻣﻌﻳﻧﺔ ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟم ﺑﺈﻳﻘﺎف
اﻟﺑرﻧﺎﻣﺞ اﻋﺗﻣﺎدا ﻋﻠﻰ DoSﻧوع
crush
46 ﺧطﺄ ﻓﻲ radvdاو Router Ubuntu 11.10 radvd
Ubuntu 11.04 vulnerabilities
Advertisement Daemonﻗد Ubuntu 10.10
Medium ﻳﻣﻛن ﻟﻠﻣﻬﺎﺟﻣﻳن اﺳﺗﻐﻼﻝ ذﻟك ﻣن Ubuntu 10.04 LTS CVE-2011-3601
اﺟﻝ اﻳﻘﺎف ﻋﻣﻝ radvdاو ﻣﺣوﻟﺔ
ﺣﻘن وﺗﻧﻔﻳذ ﺑرﻣﺟﻳﺎت ﺧﺑﻳﺛﺔ
47 اﻟواﺟﻬﺎت اﺳﻣﺎء ﺑﻔﻠﺗرة ﻳﺗﻌﻠق Ubuntu 11.10 radvd
Ubuntu 11.04 vulnerabilities
interfacesﻋﻧد اﻧﺟﺎز ﻋﻣﻠﻳﺎت Ubuntu 10.10
Medium اﻧﺷﺎء ﺑﻌض اﻧواع اﻟﻣﻠﻔﺎت ﻣﻣﺎ ﻗد Ubuntu 10.04 LTS CVE-2011-3602
ﻳﺗﺳﺑب ﺑﺎﻋﺎدة اﻟﻛﺗﺎﺑﺔ ﻋﻠﻰ ﺑﻌض
اﻟﻣﻠﻔﺎت
48 ﺧطﺄ ﻓﻲ radvdاو Router Ubuntu 11.10 radvd
Ubuntu 11.04 vulnerabilities
Advertisement Daemon
Ubuntu 10.10
Medium ﻳﺗﻌﻠق ﺑﺑﻌض اﻷطواﻝ ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ Ubuntu 10.04 LTS CVE-2011-3604
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺈﻳﻘﺎف اﻟﺑرﻧﺎﻣﺞ اﻋﺗﻣﺎدا
ﻋﻠﻰ ﻫﺟﻣﺎت DoS
49 Router ﺧطﺄ ﻓﻲ radvdاو Ubuntu 11.10 radvd
Ubuntu 11.04 vulnerabilities
Advertisement Daemonﻓﻲ Ubuntu 10.10
اﻟﺗﻌﺎﻣﻝ ﻣﻊ اﻟﺗﺄﺧﻳر delayﻓﻲ ﺣﺎﻝ Ubuntu 10.04 LTS
Medium CVE-2011-3605
اﻻرﺳﺎﻝ اﻟﻣﻧﻔرد واﻟذي ﻗد ﻳﺗﺳﺑب
ﺑﺗوﻗف اﻟﺑرﻧﺎﻣﺞ اﻋﺗﻣﺎدا ﻋﻠﻰ ﻫﺟﻣﺔ
DoS
50 ﻣﻠف procﻻ ﻳﻘوم ﺑﺗﻘﻳﻳد اﻟﻧﻔﺎذ اﻟﻰ Ubuntu 10.04 LTS Linux kernel
(Natty
اﻟدﻟﻳﻝ /procﺑﻌد ﺗﻧﻔﻳذ setuid )backport
Low ﻳﺳﻣﺢ ﻗد ﻣﻣﺎ program vulnerabilities CVE-2011-1020
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﻧﻔﺎذ اﻟﻰ ﻣﻌﻠوﻣﺎت
ﺣﺳﺎﺳﺔ ﻋن اﻟﻣﻠﻔﺎت او ﺗﻧﻔﻳذ DoS
51 ﻧظﺎم Bluetoothﻻ ﻳﻘوم ﺑﻣﺳﺢ Ubuntu 10.04 LTS Linux kernel
(Natty
اﻟذاﻛرة ﺑﺎﻟﺷﻛﻝ اﻟﻣطﻠوب ﻣﻣﺎ ﻗد )backport
Low CVE-2011-1078
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﻘراءة ذاﻛرة ﻧواة vulnerabilities
اﻟﻧظﺎم
9
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
52 وﺟود ﻋدة ﻧﻘﺎط ﺿﻌف ﻓﻲ ﺗطﺑﻳق Ubuntu 11.10 Tomcat
Ubuntu 11.04 vulnerabilities
Medium HTTP DIGEST ﻣﺻﺎدﻗﺔ Ubuntu 10.10
CVE-2011-1184
Ubuntu 10.04 LTS
53 ﻓﻲ AJPﺑـ ﺧﺎص ﺑرﺗوﻛوﻝ Ubuntu 11.10 Tomcat
Ubuntu 11.04 vulnerabilities
ﻗدApache Tomcat 7.0 Ubuntu 10.10
Medium ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻧﺗﺣﺎﻝ طﻠﺑﺎت Ubuntu 10.04 LTS CVE-2011-3190
ﺑدون ﻣﺻﺎدﻗﺔ واﻟﺣﺻوﻝAJP
ﻋﻠﻰ ﻣﻌﻠوﻣﺎت ﺣﺳﺎﺳﺔ
54 XSS ﺛﻐرة Ubuntu 11.10 Empathy
Ubuntu 11.04 vulnerabilities
Medium CVE-2011-3635
Ubuntu 10.10
Ubuntu 10.04 LTS
55 ﻓﻲ اﻟﻧﻣطXSS ﺛﻐرة Ubuntu 11.10 Empathy
Ubuntu 11.04 vulnerabilities
theme_adium_append_me
Ubuntu 10.10
Empathy ﻓﻲ ﻧﺳﺦssage Ubuntu 10.04 LTS
Medium CVE-2011-4170
وﻣﺎ ﻗﺑﻝ ﺑﺣﻳث ﺗﺳﻣﺢ3.2.1
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺈﻣﻛﺎﻧﻳﺔ ﺣﻘن ﺷﻳﻔرات
HTML ﺑرﻣﺟﻳﺔ او ﺣﺗﻰ
56 ﺗﺗﻣﺛﻝ ﻫذﻩ اﻟﺛﻐرة ﺑﻛون اﺟراﺋﻳﺔ Ubuntu 11.10 BackupPC
Ubuntu 11.04 vulnerabilities
ﺗﻘوم ﺑﻌﻣﻠﻳﺔ ﻓﻠﺗرةBackupPC Ubuntu 10.10
Medium اﻟدﺧﻝ وذﻟك ﻋﻧد ﻣﻌﺎﻟﺟﺔ رﺳﺎﻟﺔ ﺧطﺄ Ubuntu 10.04 LTS CVE-2011-3361
Ubuntu 8.04 LTS
ﻓﻲ ﻋرض ﻣﻠف اﻟﺳﺟﻼت واﻟذي ﻗد
XSS ﻳؤدي اﻟﻰ ﻓﺗﺢ ﺛﻐرة
57 وﺗﺣدﻳداKDE-Libs ﻋدم ﻗدرة Ubuntu 11.04 KDE-Libs
Ubuntu 10.10 vulnerability
ﻋﻠﻰ ﺗﻧﻔﻳذ ﻋﻣﻠﻳﺔ ﻣﺻﺎدﻗﺔKIO Ubuntu 10.04 LTS
وﺗﺣﻘق ﻋﻠﻰ اﻟدﺧﻝ وذﻟك ﻋﻧد
Medium CVE-2011-3365
ﻣﻣﺎ ﻗد ﻳﺳﻣﺢProxy اﻟﺗﺣﻘق ﻣن
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻌدﻳﻝ ﺑﻌض ﺑﻳﺎﻧﺎت
proxy اﻟﻌرض وﺣﺗﻰ ﻋﻧوان
58 ﺗﺳﻣﺢ3.0 ﻗﺑﻝkernel ﻓﻲ ﻧﺳﺦ Ubuntu 11.04 Linux kernel
vulnerabilities
DoS ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎطﻼق ﻫﺟﻣﺎت
Medium CVE-2011-2497
heap memory ﻧوع
corruption
59 وﻋﻧدﻣﺎ2.6 ﻗﺑﻝkernel ﻓﻲ ﻧﺳﺦ Ubuntu 11.04 Linux kernel
vulnerabilities
ﻻ ﻳﻘوم ﺑﻌﺎدة ﺿﺑط
ً ﻓﻌﺎGRO ﻳﻛون
ﻟﺑﻌض اﻟﺣﻘوﻝ ﺑطرﻳﻘﺔ ﻏﻳرreset
Medium CVE-2011-2723
ﺻﺣﻳﺣﺔ واﻟذي ﻗد ﻳﻣﻛن اﻟﻣﻬﺎﺟﻣﻳن
system ﻧوعDoS ﻣن ﺗﻧﻔﻳذ
crash
60 ﻟﻌﻣﻠﻳﺎتlinux kernel ﻣﻌﺎﻟﺟﺔ Ubuntu 11.04 Linux kernel
vulnerabilities
Medium ﺗوﻟﻳد ﺳﻠﺳﻠﺔ أرﻗﺎم ﻋﺷواﺋﻳﺔ ﺑطرﻳﻘﺔ CVE-2011-3188
ﻏﻳر ﺻﺣﻳﺣﺔ ﺗﻣﺎﻣﺎً ﻣﻣﺎ ﻗد ﻳﻌطﻲ
10
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
اﻟﻔرﺻﺔ ﻟﻠﻣﻬﺎﺟﻣﻳن )ﺑﺎﻟﺗﻧﺑؤ( ﺑﺳﻠﺳﻠﺔ
اﻷرﻗﺎم وﺣﻘن ﺑﻳﺎﻧﺎت
1. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3152.html
2. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3154.html
3. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3634.html
4. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3648.html
5. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3650.html
6. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3651.html
7. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3652.html
8. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3654.html
9. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3655.html
10. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2183.html
11. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2479.html
12. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2491.html
13. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2494.html
14. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2495.html
15. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2496.html
16. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2517.html
17. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2905.html
18. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2909.html
19. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3363.html
20. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐1585.html
21. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2725.html
22. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐1162.html
23. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐1091.html
24. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3184.html
25. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3594.html
26. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐1767.html
27. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐1768.html
28. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3150.html
29. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3209.html
30. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3256.html
31. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐4079.html
32. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐4405.html
33. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐4313.html
34. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2189.html
35. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3153.html
36. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐4105.html
37. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3323.html
38. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3324.html
39. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3325.html
40. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3326.html
41. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3327.html
11
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
42. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3368.html
43. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3348.html
44. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐1176.html
45. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3627.html
46. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3601.html
47. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3602.html
48. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3604.html
49. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3605.html
50. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐1020.html
51. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐1078.html
52. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐1184.html
53. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3190.html
54. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3635.html
55. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐4170.html
56. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3361.html
57. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3365.html
58. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2497.html
59. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐2723.html
60. http://people.canonical.com/~ubuntu‐security/cve/2011/CVE‐2011‐3188.html
12
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
.2اﻟﺛﻐرات اﻷﻣﻧﻳﺔ اﻟﻣوﺟودة ﻓﻲ ﻧظﺎم اﻟﺗﺷﻐﻳﻝ :Red Hat Enterprise Linux
13
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
Asterisk ﻓﻲNULL pointer ﺛﻐرة
10 Medium ﻣﻣﺎ ﻗد ﻳﻌطﻲ اﻟﻣﻬﺎﺟﻣﻳنhandled INFO 2011-12-09 CVE-2011-4598
DoS ﻓرﺻﺔ إطﻼق ﻫﺟﻣﺎت ﻧوع
وﺗﺗﻌﻠق ﺑﻣﻧﻊ ﺗﺟﺎوز اﻟﻣﺟﻠد واﺣد اﻧواع ﻫﺟﻣﺎت
potential directory traversal HTTP
11 Unspecified 2011-12-13 CVE-2011-4596
.TAR ﻟﻠﺗﺄﻛد ﻣن ان اﻟﻣﻠﻔﺎت اﻟﻣﺿﻐوطﺔ ﻧوع
آﻣﻧﺔ ﻗﺑﻝ ﻓك ﺿﻐطﻬﺎ ﺗﻣﻬﻳدا ﻻﺳﺗﺧداﻣﻬﺎ
ﺧطﺄ ﻓﻲ ﻧواة اﻟﻧظﺎم ﻣن ﺣﻳث اﻟﺗﻌﺎﻣﻝ ﻣﻊ
اﻟﻣؤﺷر وﺗﺣدﻳدا اﻟﻐﺎء اﻟﻣرﺟﻌﻳﺔ ﺑدون اﻟﻌودة اﻟﻰ
12 2011-12-08 CVE-2011-4594
copy_from_user family of ﺗواﺑﻊ
functions
CVE-2011-4593
CVE-2011-4592
CVE-2011-459١
CVE-2011-45٨٦
CVE-2011-45٨٥
CVE-2011-45٨٤
CVE-2011-45٨٣
14
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
CVE-2011-45٨٢
CVE-2011-45٨١
15
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
HTTPﺧﺎﺻﺔ
16
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
وﻫو ﺛﻐرة ﻓﻲ اﺣد ﺗطﺑﻳﻘﺎت Apache
32 ﺗطﺑﻳﻘﺎت ﻳدﻋم واﻟذي MyFaces2.0
33 Medium 2011-12-06 CVE-2011-4343
34 JavaServerﺣﻳث ﻳﺳﺗطﻳﻊ اﻟﻣﻬﺎﺟﻣون ﺣﻘن
ﺗﻌﺎﺑﻳر ورﻣﺎزات ﺧﺑﻳﺛﺔ
ﺳﻣﺎﺣﻳﺎت ﻣﻠف ﻏﻳر آﻣﻧﺔ ﺿﻣن اﻟﺧدﻣﺔ
35 Medium OpenIPMIﻗد ﺗﺳﻣﺢ ﻟﻣﺳﺗﺧدم ﻣﺣﻠﻲ ﺑﺎﻳﻘﺎف 2011-10-03 CVE-2011-4339
ﻋﻣﻝ ﺑﻌض اﻟﺑراﻣﺞ اﻟﻔﻌﺎﻟﺔ
ﺧطﺄ ﻓﻲ أﺣد ﻣﻠﻔﺎت اﻟﻧظﺎم ﻧوع اﻟﺧطﺄ
36 Medium ﻗد ﻳؤدي اﻟﻰ Corrupted File System 2011-11-21 VE-2011-4330
اﻟﻰ ﺧطﺄ ذاﻛرة ﻧوع Buffer Overflow
ﺛﻐرة أﻣﻧﻳﺔ ﻓﻲ ﻣﺷﻐﻼت اﻟﻔﻼش
Shockwave Flash plug‐in
GNU flash movie player
37 Medium وذﻟك ﻓﻲ ادارة ﻣﻠﻔﺎت Http cookies 2011-11-21 CVE-2011-4328
17
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﻣﺷﺎﻛﻝ اﺿﺎﻓﻳﺔ ﻓﻲ ﺣزﻣﺔ ﺗﺣدﻳث اﻟﺛﻐرة
CVE‐2011‐3368
43 Medium واﻟﺗﻲ ﺗﺗﻌﻠق ﺑـ 2011-11-23 CVE-2011-4317
reverse proxy bypass flaw
18
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
30. https://bugzilla.redhat.com/show_bug.cgi?id=742050
31. h ps://bugzilla.redhat.com/show_bug.cgi?id=756348
32. h ps://bugzilla.redhat.com/show_bug.cgi?id=760692
33. h ps://issues.apache.org/jira/secure/a achment/12504807/MYFACES‐3405‐1.patch
34. h p://www.jakobk.com/2011/11/jsf‐value‐expression‐injection‐vulnerability/
35. h ps://bugzilla.redhat.com/show_bug.cgi?id=742837
36. h ps://bugzilla.redhat.com/show_bug.cgi?id=755431
37. h ps://bugzilla.redhat.com/show_bug.cgi?id=755518
38. h ps://bugzilla.redhat.com/show_bug.cgi?id=755640
39. h ps://bugzilla.redhat.com/show_bug.cgi?id=755584
40. h ps://bugzilla.redhat.com/show_bug.cgi?id=755551
41. h ps://bugzilla.redhat.com/show_bug.cgi?id=755004
42. https://bugzilla.redhat.com/show_bug.cgi?id=754980
43. h ps://bugzilla.redhat.com/show_bug.cgi?id=756483
44. https://bugzilla.redhat.com/show_bug.cgi?id=754757
45. h ps://bugzilla.redhat.com/show_bug.cgi?id=754398
19
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
.3اﻟﺛﻐرات اﻟﻣوﺟودة ﻓﻲ ﻧظم اﻟﺗﺷﻐﻳﻝ ﻣﺎﻳﻛروﺳوﻓت :
20
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﺑﻧﻣﺎذج اﻟﺗﺣﻘق ﻗد ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻋﺎدة ﺗوﺟﻳﻪ
اﻻاﺻطﻳﺎد ﻫﺟﻣﺎت ﻻطﻼق اﻟﻣﺳﺗﺧدﻣﻳﻧﻝ
اﻟﻛﺗروﻧﻲ phishing
ﺛﻐرة ﻓﻲ ﺑﻳﺋﺔ ASP.NETواﻟﻣﺗﺿﻣﻧﺔ ﻓﻲ اطﺎر
اﻟﻌﻣﻝ .NETﻓﻲ اﺣد ﺗواﺑﻊ اﻟﺗطﺑﻳق Hash
hash value ﺗﺗﻌﻠق ﺑﺧطﺄ ﻓﻲ ﺣﺳﺎب ﻗﻳم
7.8 DoS 2011-12-30 CVE-2011-3414
ﻟﺑﻌض اﻟﻣﻌﺎﻣﻼت ﻓﻲ اﻟﻧﻣﺎذج ﻣﻣﺎ ﻗد ﻳﻣﻧﺢ
اﻟﻣﻬﺎﺟﻣﻳن اﻟﻔرﺻﺔ ﻻطﻼق ﻫﺟﻣﺎت DoSﻧوع
CPU consumption
ﺛﻐرة ﻓﻲ ﺑﻳﺋﺔ اﻟﺗﺷﻐﻳﻝ client/serverﺿﻣن
Win32ﺗﺗﻌﻠق ﺑﻌدم اﻟﺗﺣﻘق ﻣن اﻟﺳﻣﺎﺣﻳﺎت اﺛﻧﺎء
2 7.2 +Priv ٢٠١١-١٢-١٤ CVE-2011-3408
ﺗﻧﻔﻳذ ﺑﻌض اﻟﻌﻣﻠﻳﺎت ﻣﻣﺎ ﻗد ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن
ﺑﺎﻟﺣﺻوﻝ ﻋﻠﻰ ﺳﻣﺎﺣﻳﺎت اﻋﻠﻰ
ﺛﻐرة ﻓﻲ اﻟﺑرﻳد اﻻﻟﻛﺗروﻧﻲ وﺑرﻧﺎﻣﺞ اﻟﻣﺣﺎدﺛﺔ
Windows Windows Mailو اﻟﻔورﻳﺔ
Meeting Spaceﺗﺗﻌﻠق ﺑﻣﺳﺎر ﺑﺣث ﻏﻳر آﻣن +Priv
3 9.3 ٢٠١١-١١-٩ CVE-2011-2016
ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑرﺑﺢ ٢٠٠٨
21
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﺗﺳﻣﺢ ﻣوﺛوﻗﺔ ﻏﻳر ﺑﺣث ﻣﺳﺎرات ﻋدة
ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑرﺑﺢ ﺳﻣﺎﺣﻳﺎت اﺿﺎﻓﻳﺔ ﻣن
CVE-2011-1991
8 9.3 ﺧﻼﻝ ﺑرﻣﺟﻳﺎت ﺧﺑﻳﺛﺔ ﻧوع Trojan horse DLL +Priv 2011-11-09
وذﻟك ﻓﻲ دﻟﻳﻝ اﻟﻌﻣﻝ اﻟﺣﺎﻟﻲ واﻟذي ﺳﻳﺑدو ﻟﻣﺟﻠد
ﻳﺣوي ﻣﻠﻔﺎت ﻧوع doc, rtf, txt
ﺛﻐرة ﻓﻲ Win32k.sysﻓﻲ kernel‐mode
ﺗﺗﻌﻠق ﺑﻌدم اﻟﻘﻳﺎم ﺑﺎﻟﺗﺣﻘق اﻟﺳﻠﻳم ﻣن ﻧﻣط
ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن اﻻدﺧﺎﻝ ﻣﻣﺎ +Priv CVE-2011-1985
9 7.2 2011-10-20
ﺑﺎﻟﺣﺻوﻝ ﻋﻠﻰ اﻟﺳﻣﺎﺣﻳﺎت اﻟﺗﻲ ﺗﺧوﻟﻬم اطﻼق DoS
CVE-2011-1888
win32k.sysﻓﻲ kernel‐mode drivers
ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺎﻛﺗﺳﺎب ﺳﻣﺎﺣﻳﺎت +Priv
15 ٧,٢ 2011-10-04
ﻣن ﺧﻼﻝ ﺑﻌض اﻟﺗطﺑﻳﻘﺎت اﻟﺗﻲ ﺗطﻠق 2008
NULL pointer dereference CVE-2011-1887
22
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
CVE-2011-1885
_ kernel‐mode driver
ﻗد ﺗﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺎﻟﺣﺻوﻝ ﻋﻠﻰ
CVE-2011-1883
ﺳﻣﺎﺣﻳﺎت اﺿﺎﻓﻳﺔ ﻣن ﺧﻼﻝ ﺗطﺑﻳﻘﺎت ﺧﺎﺻﺔ
ﺗﻌﻣﻝ ﻋﻠﻰ ادارة ﻣﻠﻔﺎت ﺗﺷﻐﻳﻝ Driversﺑطرﻳﻘﺔ
ﻏﻳر ﻧظﺎﻣﻳﺔ CVE-2011-1882
+Priv
ﺛﻐرة ﻓﻲ
CVE-2011-1881
kernel‐mode driver _ win32k.sys
ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺎﻟﺣﺻوﻝ ﻋﻠﻰ
اﻟﺳﻣﺎﺣﻳﺎت ﻣن ﺧﻼﻝ ﺗطﺑﻳﻘﺎت ﻣﻌﻳﻧﺔ ﺗطﻠق CVE-2011-1880
NULL pointer dereference
CVE-2011-1878
+Priv CVE-2011-1875
CVE-2011-1874
23
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﺛﻐرة ﻓﻲ Tcpip.sysﺿﻣن رزﻣﺔ TCP/IP
18 7.8 ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎطﻼق ﻫﺟﻣﺎت DoSﻧوع DoS 2011-10-04 CVE-2011-1871
rebootﺑواﺳطﺔ ﺳﻠﺳﻠﺔ رﺳﺎﺋﻝ ﻧوع ICMP
إن ﻧظﺎم
)Distributed File System (DFS
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﻋن طرﻳق
19 7.8 DoS 2011-09-06 CVE-2011-1869
remote DFS serversﺑﺎطﻼق ﻫﺟﻣﺎت
DoSﻧوع system hangﺑواﺳطﺔ اﺳﺗﺟﺎﺑﺔ ﻧوع
referral response
ﺧطﺄ ﻧوع Integer overflowﻓﻲ زﻣن اﻟﺗﺷﻐﻳﻝ
Client/Serverﻗد ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑرﺑﺢ
ﺳﻣﺎﺣﻳﺎت ﺗﺧوﻟﻬم اطﻼق ﻫﺟﻣﺎت DoSﻧوع CVE-2011-1284
memory corruptionوذﻟك ﺑواﺳطﺔ ﺗطﺑﻳﻘﺎت
ﺗطﻠق ﺑﻳﺎﻧﺎت ذاﻛرة ﻏﻳر ﺻﺣﻳﺣﺔ
ﻋدم اﻟﺗﻌﺎﻣﻝ ﺑﺎﻟﺷﻛﻝ اﻷﻣﺛﻝ ﻣﻊ اﻟذاﻛرة وﻳﻘوم
ﺑﺎﺳﺗﺧدام ﻣؤﺷرات ﻧوع NULL pointerﻣﻣﺎ ﻗد DoS
Overflow
20 7.2 ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺎﻛﺗﺳﺎب ﺳﻣﺎﺣﻳﺎت +Priv Mem.
2011-10-04 CVE-2011-1282
ﺗﺧوﻟﻬم اطﻼق ﻫﺟﻣﺎت DoSﻧوع memory Corr.
corruption
زﻣن اﻟﺗﺷﻐﻳﻝ Client/Serverﻓﻲ اﻟﻧظﺎم
Win32ﻻ ﻳﻘوم ﺑﺗﻘﻳﻳد ﻋدد واﺟﻬﺎت consoles
اﻟﺗﺎﺑﻌﺔ ﻟﻼﺟراءات ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن CVE-2011-1281
ﺑرﻳﺑﺢ ﺳﻣﺎﺣﻳﺎت ﺗﺧوﻟﻬم اطﻼق ﻫﺟﻣﺎت DoS
ﻧوع memory corruption
SMB clientﻳﺳﻣﺢ ﻟﻣﺧدﻣﺎت SMBاﻟﺑﻌﻳدة
واﻟﻣﺷﻐﻠﺔ ﺿﻣن ﻣﻧﺻﺎت Linux, Unixﺑﺗﻧﻔﻳذ
21 10 Exec Code 2011-07-18 CVE-2011-1268
رﻣﺎزات ﻋﺷواﺋﻳﺔ ﻣﺣﻣﻠﺔ ﺑواﺳطﺔ
SMBv1 or SMBv2 response
SMB serverﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن اﻟﺑﻌﻳدﻳن
Remote attackersﺑﺎطﻼق ﻫﺟﻣﺎت DoS DoS
22 7.8 2011-11-23 CVE-2011-1267
ﻧوع system hangﺑواﺳطﺔ طﻠﺑﺎت ﻧوع 2008
SMBv1 or SMBv2 request
إن اﻟـ )Ancillary Function Driver (AFD +Priv
ﻓﻲ afd.syﻻ ﺗﻘوم ﺑﻌﻣﻠﻳﺔ ﺗﺣﻘق ﺳﻠﻳﻣﺔ ﻓﻲ ﻧﻣط
23 7.2 ادﺧﺎﻝ اﻟﻣﺳﺗﺧدم ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن 2011-07-18 CVE-2011-1249
اﻟﻣﺣﻠﻳﻳن ﺑﺎﻛﺗﺳﺎب ﺳﻣﺎﺣﻳﺎت ﺑواﺳطﺔ ﺗطﺑﻳﻘﺎت
ﻣﻌﻳﻧﺔ
ﺛﻐرة ﻧوع ﻣﺳﺎر ﺑﺣث ﻏﻳر آﻣن ﻓﻲ
Active Accessibility componentﺗﺳﻣﺢ
24 9.3 2011-11-09 CVE-2011-1247
ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑرﺑﺢ ﺳﻣﺎﺣﻳﺎت اﺿﺎﻓﻳﺔ ﻣن
ﺧﻼﻝ Trojan horse DLLﻓﻲ دﻟﻳﻝ اﻟﻌﻣﻝ
24
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
اﻟﺣﺎﻟﻲ
CVE-2011-1239
CVE-2011-1238
CVE-2011-1237
7.2 CVE-2011-1236
CVE-2011-1235
CVE-2011-1234
CVE-2011-1233
CVE-2011-1232
+Priv
CVE-2011-1231
CVE-2011-1230
25
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
2011-10-04 CVE-2011-12٢٩
ﺛﻐرة ﻧوع Use‐after‐freeﻓﻲ win32k.sys
ﺗﺳﻣﺢ ﻗد _ kernel‐mode driver
CVE-2011-12٢٨
ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺎﻟﺣﺻوﻝ ﻋﻠﻰ ﺳﻣﺎﺣﻳﺎت
25 اﺿﺎﻓﻳﺔ ﻣن ﺧﻼﻝ ﺗطﺑﻳﻘﺎت ﺧﺎﺻﺔ ﺗﻌﻣﻝ ﻋﻠﻰ
Driversﺑطرﻳﻘﺔ ﻏﻳر ادارة ﻣﻠﻔﺎت ﺗﺷﻐﻳﻝ
CVE-2011-12٢٧
ﻧظﺎﻣﻳﺔ
CVE-2011-12٢٦
CVE-2011-12٢٥
CVE-2011-0677
CVE-2011-0675
CVE-2011-0670
26
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
CVE-2011-0667
CVE-2011-0666
CVE-2011-0665
CVE-2011-0662
27
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
JScript 5.8و VBScript 5.8ﻻ ﺗﻘوم ﺑﺗﺣﻣﻳﻝ
اﻟﻣﺧطوط اﻟﺑرﻣﺟﻲ اﻟﻣﺳﺗﺧرج ﻣن ﺻﻔﺣﺎت اﻟوﻳب
Mem. Corr.
32 7.1 ﺑﺎﻟﺷﻛﻝ اﻻﻣﺛﻝ ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﺧﺗراق 2011-07-18 CVE-2011-0031
+Info
اﻟذاﻛرة وﺑﺎﻟﺗﺎﻟﻲ اﻟﺣﺻوﻝ ﻋﻠﻰ ﻣﻌﻠوﻣﺎت ﻫﺎﻣﺔ
وذﻟك ﺑواﺳطﺔ ﺻﻔﺣﺎت وﻳب ﻣﻌﻳﻧﺔ
ﺛﻐرة ﻣﺳﺎر ﺑﺣث ﻏﻳر آﻣن ﻓﻲ ﺗطﺑﻳق اﻻﺗﺻﺎﻝ
Microsoft Remote Desktop 5.2, 6.0,
6.1, 7.0ﻣن طرف اﻟﻌﻣﻳﻝ ﻗد ﺗﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدم CVE-2011-0029
33 9.3 +Priv 2011-10-04
اﻟﻣﺣﻠﻲ ﺑرﻳﺢ ﺳﻣﺎﺣﻳﺎت اﺿﺎﻓﻳﺔ ﺑواﺳطﺔ ﻣﻠف
ﺗروﺟﺎن .dllﻓﻲ دﻟﻳﻝ اﻟﻌﻣﻝ اﻟﺣﺎﻟﻲ ﺗظﻬر ﻋﻠﻰ
ﺷﻛﻝ ﻣﺟﻠد ﻳﺣوي ﻣﻠف .rdp
ﻣﺷﻛﻠﺔ ﻓﻳض ذاﻛرة ﻧوع buffer‐overflowﻓﻲ
اﻟﺗﺎﺑﻊ RtlQueryRegistryValuesﻓﻲ اﻟﻧظﺎم
win32k.sysﺗﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدم اﻟﻣﺣﻠﻲ ﺑﺎﻛﺗﺳﺎب Overflow
34 7.2 ﺳﻣﺎﺣﻳﺎت اﺿﺎﻓﻳﺔ وﺗﺟﺎوز ﻣﻳزة ﺣﺳﺎب اﻟﻣﺳﺗﺧدم +Priv 2011-07-18 CVE-2010-4398
Bypass
) User Account Control (UACﺑواﺳطﺔ ﻗﻳم
ﺛﻧﺎﺋﻳﺔ ﻟﻣﺳﺟﻝ اﻟﻧظﺎم REG_BINARYﻟﻠﻣﻔﺗﺎح
SystemDefaultEUDCFont
ﺛﻐرة ﻓﻲ ﻣﺣرر اﻟﺻﻔﺣﺔ اﻷوﻟﻰ ﻟﻠﻔﺎﻛس وﺗﺣدﻳدا
واﻟﺗﻲ ﻻﺗﻘوم اﻟﻣﻠف اﻟﺗﻧﻔﻳذي fxscover.exe Exec Code
35 7.6 ﺑﺗﺣﻠﻳﻝ parseﺻﻔﺣﺎت اﻟﻔﺎﻛس اﻷوﻟﻰ ﺑﺎﻟﺷﻛﻝ Overflow 2011-10-04 CVE-2010-3974
اﻻﻣﺛﻝ ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات Mem. Corr.
28
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﺛﻐرة ﻓﻲ ﻣﺟدوﻝ اﻟﻣﻬﺎم Schedulerﺑﺣﻳث ﻻ
ﻳﻘوم ﺑﺎﻻﺧذ ﺑﻌﻳن اﻻﻋﺗﺑﺎر اﻟﺳﻳﺎق اﻻﻣﻧﻲ ﻟﻠﻣﻬﻣﺔ +Priv
39 CVE-2010-3338
اﻟﻣﺟدوﻟﺔ ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن ﺑﺎﻟﺣﺻوﻝ ٢٠٠٨
ﻋﻠﻰ ﺳﻣﺎﺣﻳﺎت اﺿﺎﻓﻳﺔ
ﺛﻐرة ﻓﻲ اﻟﺣزﻣﺔ اﻻﻣﻧﻳﺔ Security Channel
ﻋﻧد اﺳﺗﺧدام اﻟﻧﺳﺦ 7.xﻣن اﻟﻣﺧدم IISﺣﻳث ﻻ
ﺗﻘوم اﻟﻘﻧﺎة اﻵﻣﻧﺔ ﺑﺎﻟﻣﻌﺎﻟﺟﺔ اﻟﺻﺣﻳﺣﺔ ﻟﺷﻬﺎدة
اﻟﻌﻣﻳﻝ اﺛﻧﺎء ﻋﻣﻠﻳﺎت ﺗﺑﺎدﻝ اﻟﺷﻬﺎدات ﻧوﻋﻲ SSL, DoS
40 7.1 2011-10-04 CVE-2010-3229
٢٠٠٨
TLSواﻟذي ﻗد ﻳﻣﻛن اﻟﻣﻬﺎﺟﻣﻳن ﻣن اطﻼق
ﻫﺟﻣﺎت ﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع LSASS outage
and reboot
29
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
win32k.sys ﻓﻲkernel‐mode drivers
47 6.8 Exec Code CVE-2010-1255
ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ
30
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
15. h p://www.microso .com/technet/security/bulle n/ms11‐054.mspx
16. h p://www.microso .com/technet/security/bulle n/ms11‐054.mspx
17. http://www.microsoft.com/technet/security/bulle n/ms11‐041.mspx
18. h p://www.microso .com/technet/security/bulle n/ms11‐064.mspx
19. h p://www.microso .com/technet/security/bulle n/ms11‐042.mspx
20. h p://www.microso .com/technet/security/bulle n/ms11‐056.mspx
21. h p://www.microso .com/technet/security/bulle n/ms11‐043.mspx
22. h p://www.microso .com/technet/security/bulle n/ms11‐048.mspx
23. h p://www.microso .com/technet/security/bulle n/ms11‐046.mspx
24. http://technet.microsoft.com/en‐us/security/bulletin/MS11‐075
25. h p://www.microso .com/technet/security/bulle n/ms11‐034.mspx
26. http://www.microsoft.com/technet/security/bulle n/ms11‐020.mspx
27. h p://www.microso .com/technet/security/bulle n/ms11‐038.mspx
28. h p://www.microso .com/technet/security/bulle n/ms11‐030.mspx
29. h p://www.microso .com/technet/security/bulle n/ms11‐026.mspx
30. h p://www.microso .com/technet/security/bulle n/ms11‐013.mspx
31. h p://www.microso .com/technet/security/bulle n/ms11‐032.mspx
32. h p://www.microso .com/technet/security/bulle n/ms11‐009.mspx
33. http://www.microsoft.com/technet/security/bulle n/ms11‐017.mspx
34. h p://www.microso .com/technet/security/bulle n/ms11‐011.mspx
35. h p://www.microso .com/technet/security/bulle n/ms11‐024.mspx
36. h p://www.microso .com/technet/security/bulle n/ms10‐095.mspx
37. h p://www.microso .com/technet/security/bulle n/ms10‐100.mspx
38. http://www.microsoft.com/technet/security/bulle n/ms10‐098.mspx
39. h p://www.microso .com/technet/security/bulle n/ms10‐092.mspx
40. http://www.microso .com/technet/security/bulle n/ms10‐085.mspx
41. h p://www.microso .com/technet/security/bulle n/ms10‐086.mspx
42. h p://www.microso .com/technet/security/bulle n/ms10‐081.mspx
43. h p://www.microso .com/technet/security/bulle n/ms10‐061.mspx
44. h p://www.microso .com/technet/security/bulle n/ms10‐046.mspx
45. h p://www.microso .com/technet/security/advisory/2264072.mspx
46. h p://www.microso .com/technet/security/bulle n/ms10‐076.mspx
47. http://www.microsoft.com/technet/security/bulle n/ms10‐032.mspx
48. h p://www.microso .com/technet/security/bulle n/ms10‐037.mspx
49. h p://www.microso .com/technet/security/bulle n/ms10‐034.mspx
50. h p://www.microso .com/technet/security/bulle n/ms10‐032.mspx
51. h p://www.microso .com/technet/security/bulle n/ms10‐034.mspx
52. h p://www.microso .com/technet/security/bulle n/ms10‐008.mspx
53. h p://www.microso .com/technet/security/bulle n/ms10‐013.mspx
54. h p://technet.microso .com/security/bulle n/MS12‐005
55. h p://technet.microso .com/security/bulle n/MS12‐004
56. http://technet.microso .com/security/bulle n/MS12‐004
h p://technet.microso .com/security/bulle n/MS12‐001
31
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
.3اﻟﺛﻐرات اﻷﻣﻧﻳﺔ اﻟﻣوﺟودة ﻓﻲ ﻧظﺎم اﻟﺗﺷﻐﻳﻝ :Debian Linux
ﺗﻔﺎﺻﻳﻝ
ﻋﺎﻣﻝ اﻟﺧطورة اﻟوﺻف اﻟﺗﺻﻧﻳف اﻟﺗﺎرﻳﺦ إﺳم اﻟﺛﻐرة
إﺿﺎﻓﻳﺔ
ﺑرﻣﺟﻳﺎت اﻟﺗﺄﻣﻳن /OpenSSL 0.9.8s
DSA‐2392‐1
1.0.0fﻻ ﺗدﻋم ﺗطﺑﻳﻘﺎت DTLSﻣﻣﺎ ﻗد
42 Medium ‐openssl ‐‐ out‐of CVE‐2012‐0050
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن اﻟﺑﻌﻳدﻳن ﺑﺗﻧﻔﻳذ ﻫﺟﻣﺎت bounds read
DoS
ﺛﻐرة ﻧوع SQL injectionﻓﻲ اﻟﻣﻧﻬﺞ
اﻟﺑﻳﺋﺔ ﻓﻲ quote_table_name
Rubyﻓﻲ Railsﻗﺑﻝ 2.3.13وﻗﺑﻝ
43 High CVE‐2011‐2930
ﺗﺳﻣﺢ 3.1.0.rc5 وﻗﺑﻝ 3.0.10
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ ﺗﻌﻠﻳﻣﺎت SQLﻋﺷواﺋﻳﺔ
ﻣن ﺧﻼﻝ اﺳم اﻟﺣﻘﻝ
ﺛﻐرة ﻧوع XSSﻓﻲ strip_tags: help
ﻓﻲ اﻟﺑﻳﺋﺔ Rubyﻓﻲ Railsﻗﺑﻝ 2.3.13
44 وﻗﺑﻝ 3.0.10وﻗﺑﻝ 3.1.0.rc5ﺗﺳﻣﺢ CVE‐2011‐2931
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺣﻘن رﻣﺎزات HTMLاو 23‐1‐2012
رﻣﺎزات Web scripts
ﺛﻐرة ﻧوع CRLF injectionﻓﻲ DSA‐2301‐2 rails
actionpack/lib/action_controlle
r/response.rbﻓﻲ اﻟﺑﻳﺋﺔ Rubyﻓﻲ
45 CVE‐2011‐3186
Medium Railsاﻻﺻدارات 2.3.xوﻗﺑﻝ 2.3.13
ﺣﻳث ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺣﻘن ﺗروﻳﺳﺎت
HTTPﻋﺷواﺋﻳﺔ
ﺛﻐرة ﻧوع XSSﻓﻲ اﻟﺗﺎﺑﻊ strip_tags
واﻟﻣﺗﺿﻣن ﻓﻲ اﻟﺑﻳﺋﺔ Rubyﻓﻲ Rails
اﻟﻧﺳﺦ 2.2.s/2.3.xﻗﺑﻝ 2.3.5ﺗﺳﻣﺢ
46 CVE‐2009‐4214
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺣﻘن رﻣﺎزات ﻋﺷواﺋﻳﺔ ﻧوع
web script / HTMLﺑواﺳطﺔ ﻣﺣﺎرف
ﻧوع non‐printing ASCII
ﻣﺷﻛﻠﺔ ﻓﻲ اداة اﻻدارة phpMyAdmin
XSSﻣﺣﺎﻣﻠﺔ ﻓﻲ اﻟﻣﻳزة table tracking
47 Unspecified CVE‐2011‐1940
ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺣﻘن رﻣﺎزات ﻋﺷواﺋﻳﺔ
ﻧوع web script / HTML
DSA‐2391‐1
ﺛﻐرة ﻧوع XSSﻓﻲ اداة اﻟﺗﻌﻘب ﻓﻲ phpmyadmin
22‐1‐2012
—3.3.x phpMyAdminاﻟﻧﺳﺦ
48 Medium 3.3.10.4 / 3.4.x—3.4.4 CVE‐2011‐3181
ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺣﻘن رﻣﺎزات ﻋﺷواﺋﻳﺔ
ﻧوع web script / HTML
32
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﺗﺎﺑﻊ simplexml_load_stringﻓﻲ
اﻟﻣﺿﻣﻧﺔ اﻻداة
ﻓﻲ libraries/import/xml.php
49 CVE‐2011‐4107
phpMyAdmin 3.4.x & 3.4.7.1
3.3.x & 3.3.10.5ﺗﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن
ااﻟﺑﻌﻳدﻳن اﻟﻣﺧوﻟﻳن ﺑﻘراءة ﻣﻠﻔﺎت XML
ﺗطﺑﻳق DTLS implementationﻓﻲ
اداة ﺗﺑﺎدﻝ اﻟﺷﻬﺎدات OpenSSLﻗﺑﻝ
اﻟﻧﺳﺧﺔ 0.9.8sوﻗﺑﻝ اﻟﻧﺷﺧﺔ 1.0.0f
ﺗﻘوم ﺑﻌﻣﻠﻳﺔ ﻣطﺎﺑﻘﺔ ﻟﻠﻌﻧوان اﻟﻔﻳزﻳﺎﺋﻲ
1 Medium CVE‐2011‐4108
MACﻓﻘط ﻓﻲ ﺣﺎﻝ وﺟود Padding
ﻣﻌﻳن ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﻛﺷف
ﻧﺻوص ﻏﻳر ﻣﺷﻔرة ﺑواﺳطﺔ padding
oracle attack
ﺛﻐرة ﻣزدوﺟﺔ ﻓﻲ OpenSSLﻗﺑﻝ 0.9.8s
ﻣﻳزة ﺗﻛون ﻋﻧدﻣﺎ
2 High X509_V_FLAG_POLICY_CHECK CVE‐2011‐4109
ﻓﻲ وﺿﻊ اﻟﺗﻔﻌﻳﻝ ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﻘﻳﺎم
ﺑﻬﺟﻣﺔ ﻣﺳﺗﻐﻠﻳن ﻓﺷﻝ اﻟﺗﺣﻘق ﻣن اﻟﺳﻳﺎﺳﺔ.
ﻓﻲ ﻣﻧﺻﺎت ﻋﻣﻝ – 32‐bitﻋﻣﻠﻳﺎت DSA‐2390 openssl
اﻟﺗﺷﻔﻳر ﻧوع ‐NIST elliptic curves P ٢٠١٢-١-١٥
33
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
kernelﻗﺑﻝ 2.6.39.3ﺗﺗﻌﻠق ﺛﻐرة ﻓﻲ
inet_diag_bc_audit ﺑﺎﻟﺗﺎﺑﻊ
functionواﻟﻣوﺟود ﻓﻲ اﻟﺣزﻣﺔ
net/ipv4/inet_diag.cﻻ ﻳﻘوم ﺑﻌﻣﻝ
7 Medium CVE‐2011‐2213
ﺗﺗﺑﻊ ﺻﺣﻳﺢ ﻟـINET_DIAG bytecode
ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺎﻟﺗﺳﺑب
ﺑـﻣﺷﻛﻠﺔ kernel infinite loop
وﺑﺎﻟﻧﺗﻳﺟﺔ اطﻼق DoS
ﺛﻐرة ﺿﻌف ﻓﻲ اﻷداة
8 Low packet socket implementation CVE‐2011‐2898
34
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
DoSﻣن ﺧﻼﻝ اﻟﺑدء ﺑﻌداد PITﺑدون
ﺗﺟﻬﻳز irqchip
35
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﻋدة اﺧطﺎء ﻧوع off‐by‐oneﻓﻲ
order_cmd.cppﻓﻲ OpenTTDﻗﺑﻝ
١,١,٣ﺗﺳﻣﺢ ﻫذﻩ اﻻﺧطﺎء ﻟﻠﻣﻬﺎﺟﻣﻳن
22 CVE‐2011‐3341
ﺑﺎطﻼق ﻫﺟﻣﺎت DoSﻧوع daemon
crashوﻗد ﺗﺳﻣﺢ ﺑﺗﻧﻔﻳذ رﻣﺎزات ﺧﺑﻳﺛﺔ ﻣن
ﺧﻼﻝ ﺗﻌﻠﻳﻣﺔ CMD_INSERT_ORDER
buffer ﻧوع ذاﻛرة ﻣﺷﺎﻛﻝ ﻋدة
اﻻﻟﻌﺎب ﻣﺣﺎﻛﻲ ﻓﻲ overflow
OpenTTDﻗﺑﻝ ١,١,٣ﻗد ﺗﺳﻣﺢ
DSA‐2386‐1
23 High DoS ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎطﻼق ﻫﺟﻣﺎت ٢٠١٢-١-١٠ CVE‐2011‐3342
openttd
ﻧوع daemon crashوﻗد ﺗﺳﻣﺢ ﺑﺗﻧﻔﻳذ
رﻣﺎزات ﺧﺑﻳﺛﺔ ﻣن ﺧﻼﻝ ﻋدة ﻣﺗﻐﻳرات ﻓﻲ
اﻻﺟراﺋﻳﺔ Savegame
buffer ﻧوع ذاﻛرة ﻣﺷﺎﻛﻝ ﻋدة
اﻻﻟﻌﺎب ﻣﺣﺎﻛﻲ ﻓﻲ overflow
OpenTTDﻗﺑﻝ ١,١,٣ﻗد ﺗﺳﻣﺢ
24 CVE‐2011‐3343
DoS ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎطﻼق ﻫﺟﻣﺎت
ﻧوع daemon crashاو ﻗد ﺗﺳﻣﺢ
ﺑﺎﻛﺗﺳﺎب ﺑﻌض اﻟﺳﻣﺎﺣﻳﺎت
ﻣﺧدم اﻟﺗﺣﻘق PowerDNSواﺳﺗﺟﺎﺑﺗﻪ
ﻟﻠرزم اﻟﻣﺳﺗﻘﺑﻠﺔ ،ﺑﺣﻳث ان اﻟﻣﻬﺎﺟم اذا
اﺳﺗطﺎع اﻧﺗﺣﺎﻝ اﻟـ IPاﻟﻣﺻدر ﻟﻠرزﻣﺔ ﻓﺎﻧﻪ DSA‐2385‐1 pdns
25 Unspecified ٢٠١٢-١-١٠ CVE‐2012‐0206
ﻳﺳﺗطﻳﻊ اطﻼق ﻫﺟﻣﺔ DoSﻧوع packet loop
endless packet loopﺑﻳن
PowerDNSو ﻣﺧدم DNS
ﺛﻐرة ﻧوع XSSﻓﻲ CACTIﻗﺑﻝ 0.8.7f
رﻣﺎزات ﺑﺣﻘن ﻟﻠﻣﻬﺎﺟﻣﻳن ﺗﺳﻣﺢ ﻗد
ﻋﺷواﺋﻳﺔ ﻣن اﻟﻧوع HTMLﻣن ﺧﻼﻝ
26 Medium CVE‐2010‐1644
اﻟﻣﺗﻐﻳرات
(1) hostname or (2) descrip on
وﺗﻣرﻳرﻫﺎ اﻟﻰ اﻟﻣﻠف host.php
واﻟﻣﺳﺗﺧدم ﻓﻲ ﺣﻠوﻝ اﻟﺣوﺳﺑﺔ ﻋﺎﻟﻳﺔ
DSA‐2384‐1 cac
HPCﻗد ﺗﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺳﺗوى ٢٠١٢-١-9
27 Low اﻟﺑﻌﻳدﻳن ﺑﺳﻣﺎﺣﻳﺎت ﻣدﻳر ﻧظﺎم ﺑﺗﻧﻔﻳذ CVE‐2010‐1645
ﺗﻌﻠﻳﻣﺎت ﻋﺷواﺋﻳﺔ ﺑواﺳطﺔ
shell metacharacters
ﺛﻐرة ﻧوع XSSﻓﻲ CACTIﻗﺑﻝ 0.8.7f
اﻟﻣﻠف ﻓﻲ وﺗﺣدﻳدا
28 Medium CVE‐2010‐2543
include/top_graph_header.php
ﻗد ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺣﻘن رﻣﺎزات
36
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﺧﻼﻝ ﻣن HTML ﻧوع ﻋﺷواﺋﻳﺔ
ﻟﻠﻣﻠف وﺗﻣرﻳرﻩ graph_start
graph.php
0.8.7f ﻗﺑﻝCACTI ﻓﻲXSS ﺛﻐرة ﻧوع
29 Low رﻣﺎزات ﺑﺣﻘن ﻟﻠﻣﻬﺎﺟﻣﻳن ﺗﺳﻣﺢ ﻗد CVE‐2010‐2545
HTML ﻋﺷواﺋﻳﺔ ﻣن اﻟﻧوع
ﻧوع0.8.7h ﻗﺑﻝCACTI ﺛﻐرة ﻓﻲ
ﻗد ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳنSQL injuction
30 Medium CVE‐2011‐4824
ﻋﺷواﺋﻳﺔ ﻣن ﺧﻼﻝSQL ﺑﺗﻧﻔﻳذ ﺗﻌﻠﻳﻣﺎت
login_username اﻟﺑﺎراﻣﻳﺗر
Super ﻓﻲsuper.c ﺧطﺄ ﻓﻲ اﻟﺗﺎﺑﻊ
3.30.0 DSA‐2383‐1 super‐
31 Medium Buffer overflow ﻳﺗﺳﺑب ﺑﺧطﺄ ﻧوعbuffer overflow ٢٠١٢-١-٨ CVE‐2011‐2776
ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺗﻧﻔﻳذ
رﻣﺎزات ﺧﺑﻳﺛﺔ
CVE‐2011‐1831
CVE‐2011‐1832
CVE‐2011‐1837
CVE‐2011‐3145
37
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
Foomatic ﻓﻲfoomaticrip.c
DSA‐2380‐1
ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات4.0.6 foomatic‐filters ‐‐
35 Medium اﻟﺣﻘﻝ ﺑواﺳطﺔ ﻋﺷواﺋﻳﺔshell command ٢٠١٢-١-٤ CVE‐2011‐2964
FoomaticRIPCommandLine injection
.ppd ﻓﻲ ﻣﻠف
krb5_ldap_lockout_audit ان ﺗﺎﺑﻊ
MIT Kerberos 5 ﻓﻲ ﺧدﻣﺔ اﻟﺗﺣﻘق
١,٩,١/١,٩/١,٨,٤/١,٨ اﻟﻧﺳﺦ
CVE‐2011‐4351
CVE‐2011‐4579
38
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﻟﻠﻣﺳﺗﺧدﻣﻳن ﺑﻌﻣﻠﻳﺔ اﻳﻘﺎف اﻻﺟراﺋﻳﺎت
ﺑواﺳطﺔ اﻟﻛﺗﺎﺑﺔ ﻟﻬذا اﻟﻣﻠف
39
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
33. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐4096
34. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐2697
35. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐2964
36. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐1528
37. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐1529
38. h p://www.debian.org/security/2012/dsa‐2378
39. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐3481
40. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐4339
41. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐4862
42. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2012‐0050
43. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐2930
44. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐2931
45. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐3186
46. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2009‐4214
47. http://www.debian.org/security/2012/dsa‐2391
48. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐3181
49. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2011‐4107
40
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
.4اﻟﺛﻐرات اﻷﻣﻧﻳﺔ اﻟﻣوﺟودة ﻓﻲ ﻧظﺎم اﻟﺗﺷﻐﻳﻝ :MAC OSX Server
ﺗﻔﺎﺻﻳﻝ ﻋﺎﻣﻝ
اﻟﺗﺎرﻳﺦ
إﺿﺎﻓﻳﺔ ﻣﻊ اﻟﺧطورة اﻟوﺻــــــــــــــف ﻧوع اﻟﺛﻐرة إﺳم اﻟﺛﻐرة
ﺣزم اﻟﺗﺣدﻳث ١٠ -- ٠
WebDAV Sharing in Apple Mac OS X
10.7.x before 10.7.3ﻻ ﺗﻘوم ﺑﻌﻣﻠﻳﺔ ﺗﺣﻘق
1 ٧,٢ +Priv CVE‐2011‐3463
ﺑﺎﻟﺷﻛﻝ اﻻﻣﺛﻝ ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن
ﺑرﺑﺢ ﺳﻣﺎﺣﻳﺎت اﺿﺎﻓﻳﺔ ﻣن ﺧﻼﻝ اﻟﻧﻔﺎذ اﻟﻰ اﻟﻣﺧدم
Apple Mac OS X وﻗت اﻟﻣﺧدم ﻓﻲ ﻧظﺎم
before 10.7.3ﻻ ﻳﻘوم ﺑﻌﻣﻠﻳﺔ اﻟﺗﺣﻘق ﻣن
CVE‐2011‐3462
2 ٥,٠ اﻟﻣﻌرف اﻟوﺣﻳد اﻟﺑﻌﻳد ﻟـ AFP volumeﻣﻣﺎ ﻗد +Info
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﺣﺻوﻝ ﻋﻠﻰ ﻣﻌﻠوﻣﺎت ﺣﺳﺎﺳﺔ
واﻟﻣوﺟودة ﻓﻲ اﻟﻧﺳﺦ اﻻﺣﺗﻳﺎطﻳﺔ اﻟﺟدﻳدة
ﺧطﺎ ﻧوع Buffer overflowﻓﻲ اﻟﺗطﺑﻳق
QuickTime in Apple Mac OS X before
3 ٧,٥ 10.7.3ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ CVE‐2011‐3460
application او اطﻼق ﻫﺟﻣﺎت DoSﻧوع
crashﺑواﺳطﺔ ﻣﻠف ﻧوع PNG DoS Exec
Code
ﺧطﺎ ﻧوع Off‐by‐oneﻓﻲ ﻣﺷﻐﻝ اﻟوﺳﺎﺋط Overflow
QuickTime in Apple Mac OS X before 2012‐02‐03
41
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﺧطﺎ ﻧوع Integer overflowﻓﻲ
libresolv in Apple Mac OS X before
10.7.3
7 ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزت ﻋﺷواﺋﻳﺔ او اﻟﺗﺳﺑب CVE‐2011‐3453
ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع (heap memory
corruption and application crash
ﻣن ﺧﻼﻝ ﺑﻳﺎﻧﺎت DNS
ان ﺧدﻣﺔ Internet Sharingﻓﻲ اﻟﻣﺧدم
Apple Mac OS X before 10.7.3
ﻻ ﺗﺣﺎﻓظ ﻋﻠﻰ اﻋدادات اﻝ Wi‐Fiاﺛﻧﺎء اﻟﺗﺣدﻳث
8 4.3 +Info 2012‐02‐03 CVE‐2011‐3452
ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﺣﺻوﻝ ﻋﻠﻰ ﻣﻌﻠوﻣﺎت
ﺣﺳﺎﺳﺔ ﻣﺳﺗﻐﻠﻳن ﺿﻌف/ﻧﻘص ﻛﻠﻣﺔ ﻣرور WEP
ﻓﻲ ﺷﺑﻛﺎت Wi‐Fi
ان اﻟواﺟﻬﺔ اﻟرﺳوﻣﻳﺔ CoreUIﻓﻲ اﻟﻧظﺎم
Apple Mac OS X 10.7.x before 10.7.3
ﻻ ﺗﺿﻊ ﻗﻳود ﻋﻠﻰ ﻋﻣﻠﻳﺎت ﺗﺧﺻﻳص ﻣﻛدس
DoS Exec
9 ٦,٨ اﻟذاﻛرة ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات 2012‐02‐03 CVE‐2011‐3450
Code
ﻋﺷواﺋﻳﺔ او اﻟﺗﺳﺑب ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻣن اﻟﻧوع
memory consumption and application
crash
ﻓﻲ اﻟﺗطﺑﻳق ﺛﻐرة ﻧوع Use‐after‐free
Apple Mac OS X CoreTextﻓﻲ اﻟﻧظﺎم
before 10.7.3ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات DoS Exec
10 CVE‐2011‐3449
ﺧﺑﻳﺛﺔ او ﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻣن اﻟﻧوع Code
application crashﻣن ﺧﻼﻝ ﻧوع ﺧط ﻣدﻣﺞ
ﻓﻲ ﻣﺳﺗﻧد
٦,٨
ﻓﻲ ﺧطﺎ Heap‐based buffer overflow
اﻟﺗطﺑﻳق CoreMediaﻓﻲ اﻟﻧظﺎم
Apple Mac OS X before 10.7.3 DoS Exec 2012‐02‐03
11 Code CVE‐2011‐3448
ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﺧﺑﻳﺛﺔ او ﻣﻧﻊ ﺗﻘدﻳم
Overflow
اﻟﺧدﻣﺔ ﻣن اﻟﻧوع application crashﻣن ﺧﻼﻝ
ﻣﻠف ﻓﻳﻠم ﺑﺗرﻣﻳز H.264
ان ﺗطﺑﻳق CFNetworkﻓﻲ اﻟﻧظﺎم
Mac OS X 10.7.x before 10.7.3
12 ٤,٣ ﻻ ﺗﻘوم ﺑﻌﻣﻠﻳﺔ ﺑﻧﺎء ﺻﺣﻳﺣﺔ ﻟﻠﺗروﻳﺳﺔ ﺧﻼﻝ ﺗﻔﺳﻳر +Info CVE‐2011‐3447
طﻠﺑﺎت URLﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﺣﺻوﻝ ﻋﻠﻰ
ﻣﻌﻠوﻣﺎت ﺣﺳﺎﺳﺔ ﺑواﺳطﺔ طﻠﺑﺎت URLﻏﻳر ﻗﻳﺎﺳﻳﺔ
Apple Type Services ﻣﺟﻣوﻋﺔ ﺧدﻣﺎت
) (ATSﻓﻲ اﻟﻧظﺎم
DoS Exec
13 ٧,٥ Apple Mac OS X before 10.7.3 2012‐02‐03 CVE‐2011‐3446
Code
ﻻ ﺗﻘوم ﺑﺎدارة اﻟذاﻛرة اﻟﺧﺎﺻﺔ ﺑﻣﻠﻔﺎت ‐data
fontﺑﺎﻟﺷﻛﻝ اﻟﺻﺣﻳﺢ ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ
42
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
رﻣﺎزات ﺧﺑﻳﺛﺔ او ﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻣن اﻟﻧوع
application crashﻣن ﺧﻼﻝ ﻣﻠف ﺧط
43
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ان اﻟـ libsecurityﻓﻲ اﻟﻧظﺎم
Apple Mac OS X before 10.7.2
ﻻ ﻳﺗﻌﺎﻣﻝ ﻣﻊ اﻟﺧطﺎء ﺑﺎﻟﺷﻛﻝ اﻻﻣﺛﻝ ﺧﻼﻝ ﻋﻣﻠﻳﺔ
ﻣﻌﺎﻟﺟﺔ اﻻﻣﺗدادات ﻏﻳر اﻟﻘﻳﺎﺳﻳﺔ ﻓﻲ
)Certificate Revocation list (CRL DoS Exec
21 CVE‐2011‐3227
Code
ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ او
اﻟﺗﺳﺑب ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻣن اﻟﻧوع
application crashﻣن ﺧﻼﻝ
e‐mail message--web site
ﺧطﺄ ﻣن اﻟﻧوع Open Directoryﻓﻲ اﻟﻧظﺎم
Apple Mac OS X 10.7 before 10.7.2
ﻋﻧد اﺳﺗﺧدام LDAPv3 serverﻣﻊ RFC 2307
22 CVE‐2011‐3226
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﺟﺎوز ﻗﻳود طﻠب ﻛﻠﻣﺔ اﻟﻣرور
ﻣن ﺧﻼﻝ اﺳﺗﻐﻼﻝ ﻓﻘدان ﺳﻣﺔ ﺣﺳﺎب اﻟﻣﺳﺗﺧدم
اﻟﺗﺎﻟﻳﺔ AuthenticationAuthority
ان ﻣﺧدم SMBﻓﻲ اﻟﻧظﺎم Bypass
Apple Mac OS X 10.7 before 10.7.2
ﻻ ﻳﻣﻧﻊ اﻟﻣﺳﺗﺧدﻣﻳن اﻟـ guestsﻣن اﻟﻧﻔﺎذ اﻟﻰ
23 5.0 share point recordﻟﻠﻣﺟﻠد CVE‐2011‐3225
guest‐restrictedﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﺟﺎوز
ﻗﻳود اﻟﺗﺻﻔﺢ ﻣن ﺧﻼﻝ اﻻﺳﺗﻔﺎدة ﻣن اﻟﻧﻔﺎذ ﺑواﺳطﺔ
ﺣﺳﺎب nobody
ان User Documentation component
ﻓﻲ اﻟﻧظﺎم
Apple Mac OS X through 10.6.8
24 ٢,٦ Exec Code CVE‐2011‐3224
ﻳﺳﺗﺧدم ﺟﻠﺳﺎت اﺗﺻﺎﻝ ﻣن اﻟﻧوع httpﻣن اﺟﻝ
ﺗﺣدﻳﺛﺎت App Storeﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ذوي
اﺳﻠوب MITMﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ
ﺧطﺄ ذاﻛرة ﻧوع Buffer overflowﻓﻲ ﻣﺷﻐﻝ
اﻟوﺳﺎﺋط QuickTimeﻓﻲ اﻟﻧظﺎم
Apple Mac OS X before 10.7.2 DoS Exec
25 ٦,٨ Code CVE‐2011‐3223
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ او اﻟﺗﺳﺑب
Overflow
ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع application crashﻣن
ﺧﻼﻝ ﻣﻠف ﻓﻳﻠم ﻧوع FLIC
ﺧطﺄ ذاﻛرة ﻧوع Buffer overflowﻓﻲ ﻣﺷﻐﻝ
اﻟوﺳﺎﺋط QuickTimeﻓﻲ اﻟﻧظﺎم
Apple Mac OS X before 10.7.2 DoS Exec
26 ٦,٨ Code 2012‐01‐13 CVE‐2011‐3222
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ او اﻟﺗﺳﺑب
Overflow
ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع application crashﻣن
ﺧﻼﻝ ﻣﻠف FlashPix
44
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ان ﻣﺷﻐﻝ اﻟوﺳﺎﺋط اﻟﻣﺗﻌددة QuickTimeﻓﻲ
Mac OS X before 10.7.2
ﻻ ﻳﻘوم ﺑﺎﻟﺗﻌﺎﻣﻝ اﻟﺻﺣﻳﺢ ﻣﻊ ﺑﻧﻳﺔ اﻟﺗﺳﻠﺳﻝ اﻟﻬرﻣﻲ
DoS Exec
27 ٦,٨ ﻓﻲ ﻣﻠﻔﺎت اﻻﻓﻼم movie files 2012‐01‐13 CVE‐2011‐3221
Code
ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ او
اﻟﺗﺳﺑب ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع
application crash
ان ﻣﺷﻐﻝ اﻟوﺳﺎﺋط اﻟﻣﺗﻌددة QuickTimeﻓﻲ
Mac OS X before 10.7.2
28 ٤,٣ ﻻ ﻳﻌﺎﻟﺞ ﺑﻳﺎﻧﺎت اﻟرواﺑط URLﺑﺎﻟﺷﻛﻝ اﻻﻣﺛﻝ ﻓﻲ Info+ 2012‐01‐13 CVE‐2011‐3220
ﻣﻠﻔﺎت اﻻﻓﻼم ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﺣﺻوﻝ
ﻋﻠﻰ ﻣﻌﻠوﻣﺎت ﻫﺎﻣﺔ ﻣن ﺧﻼﻝ ﻣواﻗﻊ ﻓﻲ اﻟذاﻛرة
ان اﻻﻣر Save for Webﻓﻲ
ﻣﺷﻐﻝ اﻟوﺳﺎﺋط اﻟﻣﺗﻌددة QuickTimeﻓﻲ
Apple Mac OS X through 10.6.8
ﻳﻘوم ﺑﺎﺳﺗﻳراد ﻣﺳﺗﻧدات HTMLواﻟﺗﻲ ﻗد ﺗﺣوي
29 ٢,٦ XSS CVE‐2011‐3218
رواﺑط httpﺗﺷﻳر ﻟﻣﻠﻔﺎت ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن
ﺑطرﻳﻘﺔ MITMﺑﺎﺟراء ﻋﻣﻠﻳﺔ XSSﻣن ﺧﻼﻝ
اﻟﺗﺟﺳس ﻋﻠﻰ ﻣﺧدم httpاﺛﻧﺎء ﻋرض اﻟﻣﺳﺗﻧد
اﻟﻣﺳﺗورد
ان ﻣﺟﻣوﻋﺔ اﻻدوات MediaKitﻓﻲ اﻟﻧظﺎم
Apple Mac OS X through 10.6.8 DoS Exec
ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ او اﻟﺗﺳﺑب Code
30 ٦,٨ Overflow CVE‐2011‐3217
ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع memory corruption
.Mem. Corr
and application crashﻣن ﺧﻼﻝ ﻣﻠف disk
imag
ان اﻟﻧواة kernelﻓﻲ اﻟﻧظﺎم
2012‐01‐13
Apple Mac OS X before 10.7.2
31 ﻻ ﺗﻘوم ﺑﺗﻘدﻳم اﻟﺧﺎﻧﺔ sticky bitﻣن أﺟﻝ CVE‐2011‐3216
اﻟﻣﺟﻠدات ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن
ﺑﺗﺟﺎوز اﻟﺳﻣﺎﺣﻳﺎت وﺣذف ﺑﻌض اﻟﻣﻠﻔﺎت
ان اﻟﻧواة kernelﻓﻲ اﻟﻧظﺎم
٢,١
Apple Mac OS X before 10.7.2
ﻻ ﺗﻣﻧﻊ اﻟﻧﻔﺎذ اﻟﻣﺑﺎﺷر اﻟﻰ اﻟذاﻛرة واﻟﺧﺎص ﺑوﺻﻠﺔ
Bypass
32 FireWireﺑﺎﻟﺷﻛﻝ اﻻﻣﺛﻝ وذﻟك ﻋﻧد ﻏﻳﺎب CVE‐2011‐3215
اﻟدﺧوﻝ loginﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن اﻟﻘرﻳﺑﻳن
ﺑﺷﻛﻝ ﻛﺎف ﻟﻼﺗﺻﺎﻝ اﻟﻔﻳزﻳﺎﺋﻲ ﺑﺗﺟﺎوز ﻗﻳود اﻟدﺧوﻝ
واﻛﺗﺷﺎف ﻛﻠﻣﺔ اﻟﻣرور ﻣن ﺧﻼﻝ طﻠب DMA
ان اﻻظﻬﺎر IOGraphicsﻓﻲ اﻟﻧظﺎم
Apple Mac OS X through 10.6.8
33 ٤,٦ CVE‐2011‐3214
ﻻ ﻳﺗﻌﺎﻣﻝ ﺑﺎﻟﺷﻛﻝ اﻻﻣﺛﻝ ﻣﻊ اﻟﺷﺎﺳﺔ اﻟﻣؤﻣﻧﺔ ﻓﻲ
ﺣﺎﻝ ﺳﻛون اﻟﻧظﺎم وذﻟك ﻟﻠوﺿﻊ
45
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
Apple Cinema Displayﻣﻣﺎ ﻗد ﻳﺳﻣﺢ
ﻟﻠﻣﻬﺎﺟﻣﻳن اﻟﻘرﻳﺑﻳن ﺑﺷﻛﻝ ﻛﺎف ﻟﻼﺗﺻﺎﻝ اﻟﻔﻳزﻳﺎﺋﻲ
ﺑﺗﺟﺎوز طﻠب ﻛﻠﻣﺔ اﻟﻣرور
اﺣد اﻟﻣﻛوﻧﺎت File Systemsﻓﻲ اﻟﻧظﺎم
Apple Mac OS X before 10.7.2
ﻻ ﻳﺗﺗﺑﻊ ﺑﺎﻟﺷﻛﻝ اﻻﻣﺛﻝ ﺷﻬﺎدة X.509واﻟﺗﻲ ﻗد
34 ٧,٦ -- 2012‐01‐13 CVE‐2011‐3213
ﺳﺑق وﻗﺑﻠﻬﺎ اﻟﻣﺳﺗﺧدم ﺑﺷﻛﻝ ﻳدوي وذﻟك ﻻﺗﺻﺎﻝ
https WebDAVﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻣﻬﺎﺟﻣﻲ MITM
ﺑﺧطف اﺗﺻﺎﻝ WebDAV
ﺗطﺑﻳق CoreStorageﻓﻲ اﻟﻧظﺎم
Apple Mac OS X 10.7 before 10.7.2
ﻻ ﻳﺗﺣﻘق ﻣن ﻛون ﺟﻣﻳﻊ اﻗراص ﺗﺧزﻳن اﻟﺑﻳﺎﻧﺎت
35 ٢,١ ﻣﺷﻔرة اﺛﻧﺎء ﻋﻣﻠﻳﺔ ﺗﻔﻌﻳﻝ FileVaultﻣﻣﺎ ﻳﺳﻬﻝ +Info 2012‐01‐13 CVE‐2011‐3212
ﻋﻠﻰ اﻟﻣﻬﺎﺟﻣﻳن اﻟﻘرﻳﺑﻳن ﺑﺷﻛﻝ ﻛﺎف ﻟﻼﺗﺻﺎﻝ
اﻟﻔﻳزﻳﺎﺋﻲ اﻟﺣﺻوﻝ ﻋﻠﻰ ﻣﻌﻠوﻣﺎت ﺣﺳﺎﺳﺔ ﻣن
ﺧﻼﻝ اﻟﻘراءة اﻟﻣﺑﺎﺷرة ﻣن اﻻﻗراص
وظﻳﻔﺔ اﻟدﻋم GPUﻓﻲ اﻟﻧظﺎم Mac OS X
ﻻ ﺗﻘوم ﺑﺎﻟﺗﻘﻳﻳد اﻻﻣﺛﻝ ﻟوﻗت اﻟﺗﻘدﻳم ﻣﻣﺎ ﻳﺳﻣﺢ
36 ٧,١ DoS ٢٠١١-٠٧-١٢ CVE‐2011‐2601
desktop ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع
hang
ﻓﻲ اﻟﻧظﺎم
Apple Mac OS X 10.5.x through 10.7.x
37 ٧,٦ -- ٢٠١٢-٠٢-١٦ CVE‐2011‐1516
ﻻ ﺗﻌﻣم اﻟﻘﻳود ﻟﺟﻣﻳﻊ اﻻﺟراءات اﻟﻣﻧﺷﺄة ﻣﻣﺎ ﻳﺳﻣﺢ
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﻧﻔﺎذ اﻟﻰ ﻣوارد اﻟﺷﺑﻛﺔ
ﺧطﺎ ذاﻛرة Integer overflowﻓﻲ اﻟﺗطﺑﻳق
QuickLookواﻟﻣﺳﺗﺧدم ﻓﻲ اﻟﻧظﺎم
Apple Mac OS X before 10.6.7
وﻓﻲ اﻟﺗطﺑﻳق MobileSafariﻓﻲ اﻟﻧظﺎم DoS Exec
Apple iOS before 4.2.7 and 4.3.x Code
38 ٩,٣ 2011‐10‐27 CVE‐2011‐1417
before 4.3.2 Overflow
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ او اﻟﺗﺳﺑب Mem. Corr.
ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع memory corruption
and application crashﺑواﺳطﺔ ﻣﺳﺗﻧد
Microsoft Office
ﺗطﺑﻳق IPv6ﻓﻲ اﻟﻧواة ﻓﻲ اﻟﻧظﺎم
Apple Mac OS X before 10.6.8
39 ٤,٩ ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺎﻟﺗﺳﺑب ﺑﻣﻧﻊ ﺗﻘدﻳم DoS 2011‐10‐26 CVE‐2011‐1132
اﻟﺧدﻣﺔ ﻧوع NULL pointer dereference
and rebootﺑواﺳطﺔ socket options
Apple Mac OS Xﻻ ﻳﺣذر ان اﻟﻧظﺎم
40 ٦,٩ اﻟﻣﺳﺗﺧدم ﺑﺎﻟﺷﻛﻝ اﻻﻣﺛﻝ اﺛﻧﺎء ﺗﻔﻌﻳﻝ اﺟﻬزة ﻧوع -- 2011‐04‐28 CVE‐2011‐0639
HIDﻣن ﺧﻼﻝ ﻣﻧﺎﻓذ USBﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن
46
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
user‐assistedﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ ﻧوع
ﻣوﺻوﻟﺔ اﻧطﻼﻗﺎ ﻣن اﺟﻬزة smartphone
ﺑطرﻳﻘﺔ اﻝ USB
ﺛﻐرة Stack consumptionﻓﻲ اﻟﺗطﺑﻳق
Apache Portable Runtime library
before 1.4.3 and the Apache HTTP
41 ٤,٣ Server before 2.2.18 DoS 2012‐01‐18 CVE‐2011‐0419
ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﺗﺳﺑب ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻣن
اﻟﻧوع CPU and memory consumption
ان ﻣﻛون CoreProcessesﻓﻲ اﻟظﺎم
Apple Mac OS X 10.7 before 10.7.2
ﻻ ﺗﻣﻧﻊ ﻧﺎﻓذة اﻟﻧظﺎم ﻣن اﺳﺗﻘﺑﺎﻝ ﺿﻐطﺎت ﻣن
42 ٤,٦ ﻟوﺣﺔ اﻟﻣﻔﺎﺗﻳﺢ ﻓﻲ ﺣﺎﻝ ﻗﻔﻝ اﻟﺷﺎﺷﺔ ﻣﻣﺎ ﻳﺳﻣﺢ Bypass 2012‐01‐13 CVE‐2011‐0260
ﻟﻠﻣﻬﺎﺟﻣﻳن اﻟﻘرﻳﺑﻳن ﺑﺷﻛﻝ ﻛﺎف ﻟﻼﺗﺻﺎﻝ اﻟﻔﻳزﻳﺎﺋﻲ
ﺑﺗﺟﺎوز ﻗﻳود اﻟﻧﻔﺎذ ﺑواﺳطﺔ اﻟﻛﺗﺎﺑﺔ ﺿﻣن ﻫذﻩ
اﻟﻧﺎﻓذة
ﺗطﺑﻳق CFNetworkﻓﻲ اﻟﻧظﺎم
Apple Mac OS X before 10.7.2
43 ٥,٠ ﻻ ﻳﻘوم ﺑﺎﻟﺗﺗﺑﻊ اﻻﻣﺛﻝ ﻟﺧطﺔ cookie‐storage +Info 2012‐01‐13 CVE‐2011‐0231
policyﻣﻣﺎ ﻳﺳﻬﻝ ﻋﻠﻰ ﻣﺧدﻣﺎت اﻟوﻳب اﻟﺑﻌﻳدة
ﻋﻣﻠﻳﺔ ﺗﺗﺑﻊ اﻟﻣﺳﺗﺧدﻣﻳن ﺑواﺳطﺔ اﻝcookie
ﺧطﺎ ذاﻛرة ﻧوع Buffer overflowﻓﻲ اﻟﺗطﺑﻳق
ATSFontDeactivate APIﻓﻲ اﻟﺧدﻣﺎت
DoS Exec
) Apple Type Services (ATSﻓﻲ اﻟﻧظﺎم
44 ٧,٥ Code 2012‐01‐13 CVE‐2011‐0230
Apple Mac OS X before 10.7.2 Overflow
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ او اﻟﺗﺳﺑب
ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ application crash
Apple Type Services ﻣﺟﻣوﻋﺔ اﻟﺧدﻣﺎت
) (ATSﻓﻲ اﻟﻧظﺎم Apple Mac OS X through
Exec Code
45 ٦,٨ 10.6.8ﻻ ﺗﺗﻌﺎﻣﻝ ﺑﺎﻟﺷﻛﻝ اﻻﻣﺛﻝ ﻣﻊ اﻟﺧطوط 2012‐01‐13 CVE‐2011‐0229
Overflow
Type 1ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن اﻟﻣدﻣﺟﺔ ﻧوع
ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ ﺑواﺳطﺔ ﻣﻠف ﻣﺳﺗﻧد
اﻟﺗطﺑﻳق CoreMediaﻓﻲ اﻟﻧظﺎم
Apple Mac OS X through 10.6.8 DoS Exec
46 ٦,٨ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﻋﺷواﺋﻳﺔ او اﻟﺗﺳﺑب Code Mem. 2012‐01‐13 CVE‐2011‐0224
ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع memory corruption Corr.
ﺑواﺳطﺔ ﻣﻠف ﻧوع QuickTime movie
ﺧطﺎ ذاﻛرة ﻧوع Buffer overflowﻓﻲ اﻟﻣﺷﻐﻝ
QuickTimeﻓﻲ اﻟﻧظﺎم Apple Mac OS X DoS Exec
47 ٦,٨ Code 2011‐08‐10 CVE‐2011‐0213
before 10.6.8ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات Overflow
ﻋﺷواﺋﻳﺔ او اﻟﺗﺳﺑب ﺑﻣﻧﻊ ﺗﻘدﻳم اﻟﺧدﻣﺔ ﻧوع
47
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
JPEG ﺑواﺳطﺔ ﻣﻠف ﻧوعapplication crash
49
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
.5اﻟﺛﻐرات اﻷﻣﻧﻳﺔ اﻟﻣوﺟودة ﻓﻲ ﻧظﺎم اﻟﺗﺷﻐﻳﻝ :SUSE Linux Enterprise Server
ﺗﻔﺎﺻﻳﻝ ﻋﺎﻣﻝ
اﻟﺗﺎرﻳﺦ
إﺿﺎﻓﻳﺔ ﻣﻊ اﻟﺧطورة اﻟوﺻــــــــــــــف ﻧوع اﻟﺛﻐرة إﺳم اﻟﺛﻐرة
ﺣزم اﻟﺗﺣدﻳث ١٠ -- ٠
ان اﺻدار اﻟﻧظﺎم SUSE Linux Enterprise
)openSUSE 11.2 ، 10 SP3 (SLE10‐SP3
٧,٥
ﺗﻘوم ﺑﺎﻋداد اﻟـ postfixﺑﺣﻳث ﻳﻘوم ﺑﺎﻟﺗﻧﺻت
1 High Bypass 2011‐04‐28 CVE‐2010‐0230
ﻋﻠﻰ ﺟﻣﻳﻊ واﺟﻬﺎت اﻟﺷﺑﻛﺔ ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﺟﺎوز اﻟﻘﻳود اﻻﻟزاﻣﻳﺔ ﻟﻠوﺻوﻝ اﻟﻰ
اﻟﻧظﺎم
pure‐FTPd ﺛﻐرة )ﺗﺟﺎوز اﻟﻣﺟﻠد( ﻓﻲ اﻻداة
1.0.22وﻋﻠﻰ اﻻرﺟﺢ اﻻﺻدارات اﻻﺧرى ،
٣,٦ ﻋﻧدﻣﺎ ﺗﻛون اﻻداة Netware OES remote Directory
2 ٢٠١١-١١-٧ CVE‐2011‐3171
Low ﺗﺳﻣﺢ ﻗد اﻟﺗﻔﻌﻳﻝ وﺿﻌﻳﺔ ﻓﻲ server Traversal
50
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ان اﻻداة WebYaSTﻓﻲ yast2‐webclient
ﺗﻘوم ﺑﺎﺳﺗﺧدام ﻣﻔﺗﺎح ﺳري ﺛﺎﺑت وﻫو ﻣدﻣﺞ ﻓﻲ
٥,٠
8 ﻳﺳﻣﺢ ﻗد ﻣﻣﺎ WebYaST appliance +Info ٢٠١٠-٩-٦ CVE‐2010‐1507
Medium
ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻧﺗﺣﺎﻝ اﻟﺟﻠﺳﺔ اﻟﺣﺎﻟﻳﺔ ﻣن ﺧﻼﻝ
اﺳﺗﻐﻼﻝ ﻣﻌرﻓﺔ ﻫذا اﻟﻣﻔﺗﺎح
ﺗﺳﻣﺢ ﺛﻐرة ﻓﻲ اﻟﺣزﻣﺔ apache2‐slms
٤,٣
9 ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﺧﺗطﺎف ﺑﻳﺎﻧﺎت اﻟﻣﺻﺎدﻗﺔ ﻣن ﺧﻼﻝ XSS ٢٠١٠-٩-٦ CVE‐2010‐1325
Medium
ﺑﻌض ﻋﻣﻠﻳﺎت اﻗﺗﺑﺎس اﻟﺑﺎرﻣﺗرات
ان gdk/gdkwindow.c in GTK+ before
‐gnome ﻓﻲ واﻟﻣﺳﺗﺧدﻣﺔ 2.18.5
screensaver before 2.28.1ﺗﺳﺗﺧدم اﻟواﻧﺎ
ﻧوع اﻟﻧواﻓذ ﻓﻲ ﻣﺿﻣﻧﺔ
٦,٢
10 GDK_WINDOW_FOREIGNﻣﻣﺎ ﻗد ﻳوﻟد +Bypass ٢٠١٠-٦-٥ CVE‐2010‐0732
Medium
ﺧطﺄ ﻧوع X errorﻓﻲ ظروف ﺧﺎﺻﺔ ﻣﻣﺎ ﻗد
ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن اﻟﻘرﻳﺑﻳن ﻓﻳزﻳﺎﺋﻳﺎ ﺑﺗﺟﺎوز ﻗﻔﻝ
اﻟﺷﺎﺷﺔ واﻟﻧﻔﺎذ اﻟﻰ ﻧظﺎم اﻟطرﻓﻳﺔ ﻣن ﺧﻼﻝ ﺗﻛرار
اﻟﺿﻐط ﻋﻠﻰ اﻟﻣﻔﺗﺎح ENTER
iscsi_discovery in open‐iscsi
٤,٤ ﺗﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺎﺳﺗﺑداﻝ ﺑﻌض
11 -- ٢٠٠٩-١٠-٢٩ CVE‐2009‐1297
Medium اﻟﻣﻠﻔﺎت ﺑواﺳطﺔ ﻫﺟوم ﻧوع symlink attack
ﻋﻠﻰ ﻣﻠف ﻣؤﻗت ﻗد ﻳﻣﻠك اﺳﻣﺎ ﻗﺎﺑﻼ ﻟﻠﺗﻧﺑؤ
ﺛﻐرة ﻓﻲ اﻻداة ‐ia32el before 7042_7022
٤,٩
12 0.4.2ﻗد ﺗﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺎﻟﺗﺳﺑب DoS ٢٠٠٩-٩-١٨ CVE‐2009‐2707
Medium
ﺑﻣﻧﻊ اﻟﺧدﻣﺔ ﻧوع system crash
ان اﻟﺑرﺗوﻛوﻝ YaST2 LDAPﻓﻲ ‐yast2‐ldap
serverﻻ ﻳﻘوم ﺑﻌﻣﻠﻳﺔ اﻟﺗﻔﻌﻳﻝ اﻟﻼزﻣﺔ ﻟﻠﺟدار
٧,٥
13 اﻟﻧﺎري ﻓﻲ ظروف ﻣﻌﻳﻧﺔ )اﻋﺎدة اﻻﻗﻼع اﺛﻧﺎء -- ٢٠٠٩-٧-٦ CVE‐2009‐1648
High
اﻟﺗﺣدﻳﺛﺎت( ﻣﻣﺎ ﻳﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺎﻟﻧﻔﺎذ اﻟﻰ
ﺧدﻣﺎت اﻟﺷﺑﻛﺔ
ﺛﻐرة ﻓﻲ ‐Apache Struts before 1.2.9
٤,٣ 162.31.1ﻗد ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺣﻘن رﻣﺎزات
14 XSS ٢٠٠٩-٤-١٨ CVE‐2008‐2025
Medium ﻧوع web script/HTMLﻣن ﺧﻼﻝ ﻋﻣﻠﻳﺎت
insufficient quoting of parameters
‐aka multipath‐tools or device
mapper‐mul path) 0.4.8
ﺗﺳﺗﺧدم ﺳﻣﺎﺣﻳﺎت ﻧوع world‐writableﻣن
٧,٢ اﻟﻣﻠف اﺟﻝ
15 aka Exec Code ٢٠١٠-٨-٢١ CVE‐2009‐0115
High /var/run/multipathd.sock
ﻣﻣﺎ ﻗد ﻳﺳﻣﺢ ﻟﻠﻣﺳﺗﺧدﻣﻳن اﻟﻣﺣﻠﻳﻳن ﺑﺗﻧﻔﻳذ ﺗﻌﻠﻳﻣﺎت
ﻋﺷواﺋﻳﺔ
51
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
ﻓﻲ اﻟﻧظﺎمOpenPBS ﻋدة ﺛﻐرات ﻓﻲ اﻻداة
١٠,٠ SUSE Linux 9.2 through 10.1
16 Exec Code 2011‐09‐02 CVE‐2006‐5616
High ﻗد ﺗﺳﻣﺢ ﻟﻠﻣﻬﺎﺟﻣﻳن ﺑﺗﻧﻔﻳذ رﻣﺎزات ﺧﺑﻳﺛﺔ
52
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
15. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE‐2009‐0115
16. http://www.cvedetails.com/cve/CVE‐2006‐5616/
17. http://www.cvedetails.com/cve/CVE‐2007‐0460/
18. http://www.cvedetails.com/cve/CVE‐2005‐3625/
19. http://www.cvedetails.com/cve/CVE‐2005‐0605/
20. http://www.cvedetails.com/cve/CVE‐2004‐1154/
53
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy
: اﻟﻣراﺟـــــــــــــــﻊ.6
Http://www.ubuntu.com
http://www.cve.mitre.org
http://nvd.nist.gov
http://www.kb.cert.org/
http://www.redhat.com
https://bugzilla.redhat.com/
http://www.cvedetails.com
http://www.itsecdb.com
http://www.technet.microsoft.com
http://www.microsoft.com/
http://www.debian.org
http://www.exploit‐db.com
http://www.suse.com
54
Tel: +963 11 3937032 Fax: +963 11 3937079 E-mail: isc@nans.gov.sy Website: www.nans.gov.sy