The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer threat CVE-2011-2202

PHP: partial filtering of _FILES

Synthesis of the vulnerability

When a PHP application allows a file upload, an attacker can use a special file name, which is not correctly filtered.
Severity: 2/4.
Creation date: 13/06/2011.
Identifiers: 54939, BID-48259, CVE-2011-2202, DSA-2262-2, DSA-2266-1, FEDORA-2011-11528, FEDORA-2011-11537, MDVSA-2011:165, MDVSA-2012:071, openSUSE-SU-2011:1137-1, openSUSE-SU-2011:1138-1, RHSA-2011:1423-01, RHSA-2012:0033-01, RHSA-2012:0071-01, SSA:2011-237-01, SUSE-SU-2012:0496-1, VIGILANCE-VUL-10727.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The RFC 1867 describes the file upload via HTTP, using the "multipart/form-data" MIME type.

When a client sent a "multipart/form-data" query, PHP stores the filename in the $_FILES variable. The application can then use this value, in order to process the uploaded file. PHP guarantees that the file name does not contain a '/' nor a '\'.

However, if the '/' or '\' is located at the beginning of the file (for example "/file" or "\file") it is not suppressed.

When a PHP application allows a file upload, an attacker can therefore use a special file name, which is not correctly filtered. If the application does not call basename() to filter this character, it could (depending on its code) then access to a file located at the root of the file system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-1429

Mutt: man-in-the-middle via SSL

Synthesis of the vulnerability

An attacker can be positioned in Man-in-the-middle, between Mutt and a SMTP server, in order to read or modify the exchanged data.
Severity: 1/4.
Creation date: 13/06/2011.
Identifiers: 3506, BID-46803, CVE-2011-1429, FEDORA-2011-7739, FEDORA-2011-7751, FEDORA-2011-7756, MDVSA-2012:048, RHSA-2011:0959-01, VIGILANCE-VUL-10726.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Mutt messaging client implements a SSL/TLS client, which is enabled by the ssl_starttls and ssl_force_tls configuration directives.

However, when Mutt initiates an HTTPS connection with a server, it does not check if the host name specified in the X.509 certificate server is the server name.

An attacker can therefore be positioned in Man-in-the-middle, between Mutt and a SMTP server, in order to read or modify the exchanged data.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2011-2200

D-Bus: denial of service via endianness

Synthesis of the vulnerability

A local attacker can send a D-Bus message with an invalid endianness, in order to stop the service.
Severity: 1/4.
Creation date: 13/06/2011.
Identifiers: 38120, BID-48216, CVE-2011-2200, FEDORA-2011-9817, FEDORA-2011-9891, openSUSE-SU-2011:0880-1, RHSA-2011:1132-01, SUSE-SU-2011:0752-1, VIGILANCE-VUL-10725.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The D-Bus service is used by applications to communicate via messages sent on a bus.

The format of messages depends on the endianness (big endian or little endian) of the processor. The first byte of a D-Bus message indicates its endianness.

When the libdbus library processes a message with a different endianness, the _dbus_header_byteswap() function of the dbus/dbus-marshal-header.c file reverts the endianness of the message. In order to do so, it alters the data, however it forgets to alter the first byte of the message. As this first byte still indicates an incorrect endianness, applications decode invalid fields, which stop them.

A local attacker can therefore send a D-Bus message with an invalid endianness, in order to stop the service.
Full Vigil@nce bulletin... (Free trial)

threat 10724

Aastra IP Phone: password disclosure

Synthesis of the vulnerability

An attacker can connect to the web service of the Aastra IP Phone, in order to read the user password.
Severity: 2/4.
Creation date: 09/06/2011.
Identifiers: BID-48264, VIGILANCE-VUL-10724.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Each Aastra IP Phone is associated to a user, via his Caller ID and his Authentication Name/Password. These information are transmitted to the SIP server (PBX) during the initialization phase.

The phone has a web service, which displays its SIP configuration:
 - http://ip/globalSIPsettings.html
 - http://ip/SIPsettingsLine1.html
However, these pages contain the Caller ID and Authentication Name/Password fields.

An attacker can therefore connect to the web service of the Aastra IP Phone, in order to read the user password.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2011-1864

HP OpenView Storage Data Protector: code execution

Synthesis of the vulnerability

A remote attacker can use a vulnerability of HP OpenView Storage Data Protector, in order to execute code.
Severity: 3/4.
Creation date: 09/06/2011.
Identifiers: BID-48178, c02712867, CERTA-2011-AVI-337, CVE-2011-1864, HPSBMA02631, SSRT100324, VIGILANCE-VUL-10723.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP OpenView Storage Data Protector product manages data of an enterprise.

A remote attacker can use a vulnerability of HP OpenView Storage Data Protector, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2011-0786 CVE-2011-0788 CVE-2011-0802

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 08/06/2011.
Identifiers: BID-48133, BID-48134, BID-48135, BID-48136, BID-48137, BID-48138, BID-48139, BID-48140, BID-48141, BID-48142, BID-48143, BID-48144, BID-48145, BID-48146, BID-48147, BID-48148, BID-48149, c02945548, c03316985, c03358587, c03405642, CERTA-2003-AVI-005, CERTA-2011-AVI-336, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873, DSA-2311-1, DSA-2358-1, FEDORA-2011-8003, FEDORA-2011-8020, FEDORA-2011-8028, HPSBMU02797, HPSBMU02799, HPSBUX02697, HPSBUX02777, javacpujune2011, MDVSA-2011:126, openSUSE-SU-2011:0633-1, openSUSE-SU-2011:0706-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2011:0856-01, RHSA-2011:0857-01, RHSA-2011:0860-01, RHSA-2011:0938-01, RHSA-2011:1087-01, RHSA-2011:1159-01, RHSA-2011:1265-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100591, SSRT100854, SSRT100867, SUSE-SA:2011:030, SUSE-SA:2011:032, SUSE-SA:2011:036, SUSE-SU-2011:0632-1, SUSE-SU-2011:0807-1, SUSE-SU-2011:0863-1, SUSE-SU-2011:0863-2, SUSE-SU-2011:0966-1, SUSE-SU-2011:1082-1, TPTI-11-06, VIGILANCE-VUL-10722, VMSA-2011-0013.1, ZDI-11-182, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191, ZDI-11-192, ZDI-11-199.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D (ICC profile), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48137, CVE-2011-0862, TPTI-11-06, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48148, CVE-2011-0873]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48143, CVE-2011-0815]

An attacker can use a vulnerability of Deployment (IE Browser Plugin), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48134, CVE-2011-0817, ZDI-11-182]

An attacker can use a vulnerability of Deployment (Java Web Start), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48138, CVE-2011-0863, ZDI-11-192]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48139, CVE-2011-0864]

An attacker can use a vulnerability of Soundbank Decompression, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48149, CVE-2011-0802, ZDI-11-199]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48145, CVE-2011-0814]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48142, CVE-2011-0871]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48133, CERTA-2011-AVI-336, CVE-2011-0786]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48135, CVE-2011-0788]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48136, CVE-2011-0866]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-48140, CVE-2011-0868]

An attacker can use a vulnerability of NIO, in order to create a denial of service. [severity:2/4; BID-48141, CVE-2011-0872]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-48144, CVE-2011-0867]

An attacker can use a vulnerability of SAAJ, in order to obtain information. [severity:2/4; BID-48146, CVE-2011-0869]

An attacker can use a vulnerability of Deserialization, in order to alter information. [severity:1/4; BID-48147, CVE-2011-0865]
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2011-2328

HP LoadRunner: buffer overflow via Virtual User

Synthesis of the vulnerability

An attacker can create a malicious Virtual User file, in order to create a buffer overflow in HP LoadRunner, and to execute code.
Severity: 2/4.
Creation date: 07/06/2011.
Identifiers: BID-48073, c03216705, CVE-2011-2328, HPSBMU02785, SSRT100526, VIGILANCE-VUL-10721, VU#987308.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP LoadRunner product simulates users (Virtual User) in order to test an application under load.

Virtual Users are defined in a file with the ".usr" extension. The Vuser User Generator (VuGen.exe) application is called to open ".usr" files. However, when directives in a ".usr" file are too long, a buffer overflow occurs in VuGen.exe.

An attacker can therefore create a malicious Virtual User file, in order to create a buffer overflow in HP LoadRunner, and to execute code.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2011-2187

XScreenSaver: no locking in Blank Screen Only

Synthesis of the vulnerability

When XScreenSaver is configured in Blank Screen Only mode, without DPMS, the screen does not lock.
Severity: 1/4.
Creation date: 07/06/2011.
Identifiers: 627382, 627397, 703483, CVE-2011-2187, VIGILANCE-VUL-10720.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The XScreenSaver screen saver has several modes:
 - Blank Screen Only
 - Random Screen Saver
 - etc.

The DPMS (Display Power Management Signaling) feature is used to switch off the screen when it is idle.

However, when DPMS is disabled, if XScreenSaver starts in mode "Blank Screen Only" an internal error occurs, and XScreenSaver stops.

When XScreenSaver is configured in Blank Screen Only mode, without DPMS, the screen therefore does not lock. An attacker with a physical access to the screen can thus access to the victim's session.
Full Vigil@nce bulletin... (Free trial)

threat bulletin 10719

pam_ssh: execution of ssh-agent with the root group

Synthesis of the vulnerability

The pam_ssh module calls the ssh-agent program with privileges of the root group.
Severity: 1/4.
Creation date: 07/06/2011.
Identifiers: 665061, BID-48115, FEDORA-2011-8006, FEDORA-2011-8022, FEDORA-2011-8036, VIGILANCE-VUL-10719.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ssh-agent program memorizes private SSH keys during a session.

The pam_ssh module provides SSH authentication and SSH session features. The SSH session feature of pam_ssh executes ssh-agent.

However, pam_ssh does not call initgroups()/setgid to loose privileges of the root group (gid 0). The ssh-agent command is then executed with privileges of the root group. An attacker can therefore use a future ssh-agent vulnerability, in order to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2011-2177

OpenOffice: code execution via npsoplugin.dll

Synthesis of the vulnerability

An attacker can invite the victim to browse a malicious web site, with the OpenOffice plugin, in order to execute code on his computer.
Severity: 3/4.
Creation date: 07/06/2011.
Identifiers: CVE-2011-2177, VIGILANCE-VUL-10718.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenOffice suite installs the npsoplugin.dll plugin in web browsers, in order to display online documents.

However, a malicious web site can create a memory corruption in this plugin.

An attacker can therefore invite the victim to browse a malicious web site, with the OpenOffice plugin, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1011 1012 1013 1014 1015 1016 1017 1018 1019 1021 1023 1024 1025 1026 1027 1028 1029 1030 1031 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2927