| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
History of vulnerabilities analyzed by Vigil@nce:
Adobe Reader, Acrobat: several vulnerabilities
Synthesis of the vulnerability
Several Adobe Reader/Acrobat vulnerabilities can be used by an attacker to execute code or to create a denial of service.
Impacted products: Acrobat, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 14/09/2011.
Identifiers: APSB11-24, BID-49572, BID-49575, BID-49576, BID-49577, BID-49578, BID-49579, BID-49580, BID-49581, BID-49582, BID-49583, BID-49584, BID-49585, BID-49586, BID-51557, CERTA-2011-AVI-508, CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442, CVE-2011-4374, FGA-2011-30, openSUSE-SU-2011:1238-1, RHSA-2011:1434-01, SUSE-SA:2011:044, SUSE-SU-2011:1239-1, VIGILANCE-VUL-10985, ZDI-11-296, ZDI-11-297, ZDI-11-298, ZDI-11-299, ZDI-11-300, ZDI-11-301, ZDI-11-302, ZDI-11-310.
Description of the vulnerability
Several vulnerabilities were announced in Adobe Reader/Acrobat.
An attacker can bypass the Sandbox, in order to elevate his privileges. [severity:2/4; BID-49586, CERTA-2011-AVI-508, CVE-2011-1353, FGA-2011-30]
An attacker can execute code. [severity:4/4; BID-49582, CVE-2011-2431]
A malicious PDF document creates a buffer overflow via a U3D TIFF image, leading to code execution. [severity:4/4; BID-49572, CVE-2011-2432, ZDI-11-302]
A PDF document containing a malicious U3D PICT image creates a buffer overflow, leading to code execution. [severity:4/4; BID-49576, CVE-2011-2433, ZDI-11-300]
A PDF document containing a malicious U3D PICT image creates a buffer overflow, leading to code execution. [severity:4/4; BID-49577, CVE-2011-2434, ZDI-11-301]
A PDF document containing a malicious PICT image creates a buffer overflow, leading to code execution. [severity:4/4; BID-49575, CVE-2011-2435, ZDI-11-299]
A PDF document containing a malicious U3D IFF RGBA image creates a buffer overflow, leading to code execution. [severity:4/4; BID-49578, CVE-2011-2436, ZDI-11-298]
A PDF document containing a malicious PCX image creates a buffer overflow, leading to code execution. [severity:4/4; BID-49579, CVE-2011-2437, ZDI-11-297]
A PDF document containing a malicious BMP image creates a buffer overflow, leading to code execution. [severity:4/4; BID-49580, CVE-2011-2438, ZDI-11-296]
An attacker can use a memory management error, in order to execute code. [severity:4/4; BID-49583, CVE-2011-2439]
An attacker can use a freed memory area via JPEG, in order to execute code. [severity:4/4; BID-49584, CVE-2011-2440]
A PDF document containing a malicious font creates a buffer overflow in CoolType.dll, leading to code execution. [severity:4/4; BID-49581, CVE-2011-2441, ZDI-11-310]
A malicious PDF document creates a logic error, leading to code execution. [severity:4/4; BID-49585, CVE-2011-2442]
A malicious PDF document creates an integer overflow in Adobe Reader 9.x on Linux, leading to code execution. [severity:4/4; BID-51557, CVE-2011-4374]
Full Vigil@nce bulletin... (Free trial) |
SAP: several vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities were announced in SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/09/2011.
Revision date: 24/01/2012.
Identifiers: 1529235, 1555523, 1560331, 1563017, 1563062, 1563110, 1567389, 1576764, 1591146, 1591749, 1592757, 1594110, 1604055, 1604056, 1604933, 1607917, 1615784, BID-51645, DSECRG-12-008, DSECRG-12-009, DSECRG-12-010, VIGILANCE-VUL-10984.
Description of the vulnerability
Several vulnerabilities were announced in SAP products.
An attacker can access to the /RWB directory (Runtime Workbench), in order to obtain information. [severity:2/4; 1567389, BID-51645, DSECRG-12-008]
An attacker can detect if a file exists via PFL_CHECK_OS_FILE_EXISTENCE. [severity:2/4; 1591146, BID-51645, DSECRG-12-009]
An attacker can generate a Cross Site Scripting in Text Container Administration Application. [severity:2/4; 1591749, BID-51645, DSECRG-12-010]
Technical details of other vulnerabilities are unknown. [severity:2/4]
Full Vigil@nce bulletin... (Free trial) |
WebSphere AS 7.0: seven vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of WebSphere Application Server.
Impacted products: WebSphere AS Traditional.
Severity: 2/4.
Consequences: administrator access/rights, user access/rights, client access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 13/09/2011.
Revision date: 19/09/2011.
Identifiers: 68570, 68571, 69730, 69731, BID-48305, BID-48709, BID-48710, BID-49362, BID-49766, CERTA-2011-AVI-402, CVE-2010-3271, CVE-2011-1355, CVE-2011-1356, CVE-2011-1359, CVE-2011-1361, CVE-2011-1362, PM35701, PM36620, PM36734, PM40661, PM40733, PM43254, PM45322, VIGILANCE-VUL-10983, was-admcons-info-disclosure, was-cons-csrf, was-incomplete-ivt-xss, was-logoutexitpage-security-bypass.
Description of the vulnerability
Seven vulnerabilities were announced in WebSphere Application Server.
An attacker can send a malicious query to the Administration Console, in order to generate an error, which displays the stack trace. [severity:2/4; 68571, BID-48709, CVE-2011-1356, PM36620, was-admcons-info-disclosure]
An attacker can use a Cross Site Request Forgery on the administrative console of WebSphere Application Server, in order to do operations with privileges of the administrator who is connected to the web site (VIGILANCE-VUL-10754). [severity:2/4; 69730, BID-48305, BID-49766, CVE-2010-3271, CVE-2011-1361, PM36734, was-cons-csrf]
An attacker can use a vulnerability of the Dojo console. [severity:2/4; PM40661]
An attacker can use a vulnerability of the administration console of WebSphere Application Server, in order to read a file (VIGILANCE-VUL-10951). [severity:2/4; BID-49362, CVE-2011-1359, PM45322]
The vulnerability PM20393 (VIGILANCE-VUL-10516 and VIGILANCE-VUL-10278) is a Cross Site Scripting of Installation Verification Tool (IVT). However, it was not fully corrected by versions 6.1.0.37 and 7.0.0.15. An attacker can therefore still create a Cross Site Scripting in IVT. [severity:1/4; 69731, CVE-2011-1362, PM40733, was-incomplete-ivt-xss]
An attacker can use the logoutExitPage parameter, in order to create a redirection. [severity:2/4; 68570, BID-48710, CERTA-2011-AVI-402, CVE-2011-1355, PM35701, was-logoutexitpage-security-bypass]
An attacker can alter SOAP message, without changing their SAML (Security Assertion Markup Language) signature. [severity:2/4; PM43254]
Full Vigil@nce bulletin... (Free trial) |
Windows: privilege elevation via WINS ECommEndDlg
Synthesis of the vulnerability
When WINS is enabled on a Windows server, a local attacker can send a malicious query, to corrupt the memory, in order to create a denial of service or to execute privileged code.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user account.
Creation date: 13/09/2011.
Identifiers: 2571621, BID-49523, CERTA-2011-AVI-510, CORE-2011-0526, CVE-2011-1984, MS11-070, VIGILANCE-VUL-10982.
Description of the vulnerability
The WINS (Windows Internet Name Service) protocol is used to find the IP address of a computer from its NetBIOS name. This service is not enabled by default. It runs with SYSTEM privileges on Windows 2003.
Clients request a NetBIOS name resolution by connecting to the port 137/udp. WINS servers replicate their database by mutually connecting on ports 42/tcp and 42/udp. During the replication, a dynamic port is opened, and listens on the loopback (127.0.0.1) interface.
Replication messages sent to the dynamic port are processed by the ECommEndDlg() function of the WINS service. These replication messages contain the offset of data to process. However, the WINS service does not check this offset before converting it to a pointer.
When WINS is enabled on a Windows server, a local attacker can therefore send a malicious query, to corrupt the memory, in order to create a denial of service or to execute privileged code.
Full Vigil@nce bulletin... (Free trial) |
QEMU: buffer overflow of scsi_disk_emulate_command
Synthesis of the vulnerability
A privileged attacker located in a QEMU guest system can use a malicious SCSI command, in order to stop the host service.
Impacted products: RHEL, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: privileged shell.
Creation date: 12/09/2011.
Identifiers: 736038, BID-49545, CVE-2011-3346, RHSA-2011:1401-01, VIGILANCE-VUL-10981.
Description of the vulnerability
The QEMU virtualization environment can emulate a SCSI device (hard drive, etc.).
The scsi_disk_emulate_command() function of the hw/scsi-disk.c file emulates commands of the virtual SCSI controller:
- TEST UNIT READY : check if the device is ready
- READ CAPACITY : read the disk size
- etc.
This function uses memset() to initialize the storage area for READ CAPACITY. However, the size of this area comes from the user's query. An attacker can thus replace the content of a memory area by zeros.
A privileged attacker located in a QEMU guest system can therefore use a malicious SCSI command, in order to stop the host service.
Full Vigil@nce bulletin... (Free trial) |
FFmpeg: four vulnerabilities
Synthesis of the vulnerability
An attacker can create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Impacted products: Debian, MES, Mandriva Linux, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/09/2011.
Revision date: 21/09/2011.
Identifiers: CERTA-2003-AVI-008, CVE-2011-3504, CVE-2011-3973, CVE-2011-3974, CVE-2011-4031, DSA-2336-1, MDVSA-2012:074, MDVSA-2012:074-1, MDVSA-2012:075, MDVSA-2012:076, MSVR-11-0088, MSVR11-011, MSVR11-012, VIGILANCE-VUL-10980.
Description of the vulnerability
The FFmpeg suite contains several libraries to process multimedia data. It is impacted by four vulnerabilities.
The asfrtp_parse_packet() function of the libavformat/rtpdec_asf.c file does not check if the size to allocate overflows, which corrupts the memory. [severity:2/4; CVE-2011-4031, MSVR-11-0088, MSVR11-012]
An attacker can create a denial of service via cavsdec. [severity:1/4; CVE-2011-3973, CVE-2011-3974]
An attacker can generate an allocation error in the av_probe_input_buffer() function, in order to corrupt the memory. [severity:1/4]
An attacker can create a malicious Matroska document, in order to create a memory allocation error, leading to code execution. [severity:2/4; CVE-2011-3504, MSVR11-011]
An attacker can therefore create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Full Vigil@nce bulletin... (Free trial) |
Evolution: no TLS encryption of Sent
Synthesis of the vulnerability
When the directory of sent messages is stored on a remote server, the session is not encrypted by Evolution, even if the configuration requests it.
Impacted products: Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: client access/rights, data reading.
Provenance: LAN.
Creation date: 12/09/2011.
Identifiers: 648277, BID-49547, CVE-2011-3355, VIGILANCE-VUL-10979.
Description of the vulnerability
The Evolution program is a messaging client. It can access to a remote IMAP mailbox through a TLS encrypted session.
The directory of sent messages can be stored locally, or on the remote IMAP server. However, the session which stores sent messages is never encrypted by TLS. An attacker can therefore capture emails, or obtain the password used to connect to the IMAP server.
When the directory of sent messages is stored on a remote server, the session is therefore not encrypted by Evolution, even if the configuration requests it.
Full Vigil@nce bulletin... (Free trial) |
Cyrus IMAPd: buffer overflow de NNTP
Synthesis of the vulnerability
An attacker can use a malicious NNTP command, in order to create an overflow in the NNTP service of Cyrus IMAPd, which leads to a denial of service or to code execution.
Impacted products: Debian, Fedora, MES, Mandriva Linux, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 09/09/2011.
Identifiers: BID-49534, CERTA-2003-AVI-005, CERTA-2011-AVI-505, CVE-2011-3208, DSA-2318-1, FEDORA-2011-13860, FEDORA-2011-13869, MDVSA-2011:149, MDVSA-2011:150, openSUSE-SU-2011:1036-1, RHSA-2011:1317-01, SUSE-SU-2011:1034-1, SUSE-SU-2011:1034-2, VIGILANCE-VUL-10978.
Description of the vulnerability
The Cyrus IMAPd product implements an IMAP server and a NNTP server (because the format of commands of both protocols are similar).
The NNTP (RFC 3977) protocol defines WILDMAT (wildcard match) which are used to search a message. For example:
a*,!*b,*c*
tx.*
They are used in NNTP commands:
NEWNEWS a*,!*b,*c* date time
LIST ACTIVE.TIMES tx.*
The split_wildmats() function of the imap/nntpd.c file splits WILDMAT fields containing several patterns separated by comas (for example "a*,!*b,*c*" contains three patterns). These patterns are stored in a 1024 (MAX_MAILBOX_BUFFER) bytes array. However, if the size of a pattern added to the "newsprefix" variable is larger than the size of the array, an overflow occurs.
An attacker can therefore use a malicious NNTP command, in order to create an overflow in the NNTP service of Cyrus IMAPd, which leads to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial) |
Avast: vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities or security problems impact the Avast antivirus.
Impacted products: Avast AV.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 09/09/2011.
Identifiers: VIGILANCE-VUL-10977.
Description of the vulnerability
Several vulnerabilities or security problems were announced in the Avast antivirus.
Full Vigil@nce bulletin... (Free trial) |
Wireshark 1.4: two vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code.
Impacted products: Debian, Fedora, openSUSE, Solaris, SUSE Linux Enterprise Desktop, SLES, Wireshark.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/09/2011.
Identifiers: BID-49377, BID-49528, CERTA-2002-AVI-275, CERTA-2011-AVI-503, CVE-2011-3266, CVE-2011-3360, DSA-2324-1, FEDORA-2011-12403, FEDORA-2011-12423, MSVR11-014, openSUSE-SU-2011:1142-1, openSUSE-SU-2011:1263-1, SUSE-SU-2011:1145-1, SUSE-SU-2011:1262-1, VIGILANCE-VUL-10976, wnpa-sec-2011-13, wnpa-sec-2011-15.
Description of the vulnerability
The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.
An attacker can send a special IKE packet, in order to create an infinite loop in Wireshark (VIGILANCE-VUL-10878). [severity:1/4; BID-49377, CERTA-2011-AVI-503, CVE-2011-3266, wnpa-sec-2011-13]
An attacker can invite the victim to open a PCAP/CAP file, in order to execute a Lua script. [severity:2/4; BID-49528, CVE-2011-3360, MSVR11-014, wnpa-sec-2011-15]
Full Vigil@nce bulletin... (Free trial) |
Previous page Next page Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2742
|