The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability CVE-2011-4114

Perl PAR: code execution

Synthesis of the vulnerability

A local attacker can alter files of a Perl archive, in order to execute code.
Impacted products: Fedora, Perl Module ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data creation/edition.
Provenance: user shell.
Creation date: 02/12/2011.
Identifiers: 69560, CVE-2011-4114, FEDORA-2011-16856, FEDORA-2011-16859, VIGILANCE-VUL-11190.

Description of the vulnerability

The Perl PAR module is used to create a zipped archive containing a Perl module (this is similar to JAR archives which contain Java code).

When a PAR archive is opened, its Perl files are copied in the /tmp/par-userName directory. However an attacker can have previously created this directory where these files are extracted. Then the attacker can delete one of these files (this is allowed because the file is located in a directory controlled by the attacker) and replace it by a malicious Perl file. Then the Perl application which uses this PAR archive will run the code located in attacker's file.

A local attacker can therefore alter files of a Perl archive, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-4634

phpMyAdmin: three Cross Site Scripting

Synthesis of the vulnerability

An attacker can use three Cross Site Scripting of phpMyAdmin, in order to execute JavaScript code in the context of the web site.
Impacted products: Fedora, phpMyAdmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 02/12/2011.
Identifiers: BID-51099, CVE-2011-4634, FEDORA-2011-16768, FEDORA-2011-16786, MDVSA-2011:198, PMASA-2011-18, VIGILANCE-VUL-11189.

Description of the vulnerability

The phpMyAdmin program is used to administer a MySQL database. It is impacted by three vulnerabilities.

An attacker can use a malicious database name, in order to create a Cross Site Scripting in the Database Synchronize and Database Rename pages. [severity:2/4]

An attacker can use a malicious SQL query, in order to create a Cross Site Scripting in the query edition page. [severity:2/4]

An attacker can use a malicious column type, in order to create a Cross Site Scripting in the table search and index creation pages. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2011-3606 CVE-2011-3609

JBoss AS: two vulnerabilities of the Console

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting and a Cross Site Request Forgery in the administration Console of JBoss AS.
Impacted products: JBoss AS OpenSource, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/12/2011.
Identifiers: 742984, 743006, BID-50885, BID-50888, CERTA-2011-AVI-671, CVE-2011-3606, CVE-2011-3609, VIGILANCE-VUL-11188.

Description of the vulnerability

Two vulnerabilities were announced in the administration Console of JBoss Application Server.

An attacker can generate a Cross Site Scripting via the OnError event, in order to execute JavaScript code in the context of the web site. [severity:2/4; 742984, BID-50885, CERTA-2011-AVI-671, CVE-2011-3606]

An attacker can use JSON, in order to create a Cross Site Request Forgery, to execute administrative commands. [severity:2/4; 743006, BID-50888, CVE-2011-3609]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 11187

Avast: vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities or security problems impact the Avast antivirus.
Impacted products: Avast AV.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: user shell.
Creation date: 01/12/2011.
Identifiers: VIGILANCE-VUL-11187.

Description of the vulnerability

Several vulnerabilities or security problems were announced in the Avast antivirus.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2011-4354

OpenSSL: obtain the ECC secret key via BN_nist_mod_384

Synthesis of the vulnerability

An attacker can use an error in the BN_nist_mod_384() function, in order to progressively guess the secret key of a TLS server using elliptic curves.
Impacted products: Debian, BIG-IP Hardware, TMOS, OpenSSL.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 01/12/2011.
Identifiers: BID-50882, CVE-2011-4354, DSA-2390-1, SOL15427, VIGILANCE-VUL-11186.

Description of the vulnerability

OpenSSL can be used to create an encrypted session using elliptic curves:
 - ECDH : elliptic curves and Diffie-Hellman
 - ECDHE : elliptic curves and Ephemeral Diffie-Hellman
Elliptic curves are defined by the NIST: P-256 et P-384.

The BN_nist_mod_384() function of OpenSSL computes a modulo operation, for P-256 and P-384. However, due to an optimization, some values generate invalid results on a 32 bit processor.

An attacker can use these special values, in order to progressively guess the secret key. Note: with ECDHE and SSL_OP_SINGLE_ECDH_USE, this secret key in only used once.

An attacker can therefore use an error in the BN_nist_mod_384() function, in order to guess the secret key of a TLS server using elliptic curves.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 11185

FreeBSD: code execution via ftpd or ProFTPD

Synthesis of the vulnerability

When the directory of the ftp user allows FTP clients to create files, an attacker can upload a library, in order to execute code.
Impacted products: FreeBSD, ProFTPD.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 01/12/2011.
Identifiers: BID-51185, FreeBSD-SA-11:07.chroot, VIGILANCE-VUL-11185.

Description of the vulnerability

When the ftp service of FreeBSD allows anonymous sessions, clients are chrooted in the /home/ftp directory.

When a client sends some FTP commands, such as STAT, the ftpd daemon executes the /bin/ls command in order to obtain the result.

In a chrooted environment, if the /home/ftp/etc/nsswitch.conf file indicates to use the "compat" mode (passwd and group), then the execution of /bin/ls loads the /home/ftp/lib/nss_compat.so.1 library. Note: the /bin/ls command is not executed, but its core is directly called, which loads nss_compat to resolve user names (passwd) and groups.

An attacker, who is allowed to create via FTP the /home/ftp/etc/nsswitch.conf and /home/ftp/lib/nss_compat.so.1 files, can then execute code via the STAT command. As the /bin/ls core is called with root privileges (uid root and euid ftp), the code runs with elevated privileges.

When the directory of the ftp user allows FTP clients to create files, an attacker can therefore upload a library, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-4363

Perl Proc-ProcessTable: file corruption

Synthesis of the vulnerability

A local attacker can create a symbolic link when a Perl program using the Proc::ProcessTable module is used, in order to alter a file.
Impacted products: Fedora, Perl Module ~ not comprehensive.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 01/12/2011.
Identifiers: 650500, BID-50868, CVE-2011-4363, FEDORA-2013-13617, FEDORA-2013-13635, MDVSA-2013:216, VIGILANCE-VUL-11184.

Description of the vulnerability

The Perl Proc::ProcessTable module is used to access to the table of Unix processes.

The cache_ttys parameter of the ProcessTable constructor indicates to memorize the association between tty names and their device numbers. These information are stored in the /tmp/TTYDEVS temporary file.

However, this file name is constant, it is located in a publicly writable directory, and ProcessTable does not check if there is a symbolic link with this name.

A local attacker can therefore create a symbolic link when a Perl program using the Proc::ProcessTable module is used, in order to alter a file.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2011-4364

FFmpeg: memory corruption via VMD

Synthesis of the vulnerability

An attacker can create a malicious VMD document, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Impacted products: Debian, Mandriva Linux, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 30/11/2011.
Identifiers: BID-50880, CVE-2011-4364, DSA-2378-1, MDVSA-2012:074, MDVSA-2012:074-1, MDVSA-2012:075, MDVSA-2012:076, VIGILANCE-VUL-11183.

Description of the vulnerability

The FFmpeg suite contains several libraries to process multimedia data.

The VMD (Sierra Video and Music Data) format starts by a header indicating the size of frames.

However, the vmd_decode() function of FFmpeg accepts to copy data outside the memory area associated to these frames.

An attacker can therefore create a malicious VMD document, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-4355

GNU gdb: code execution via .debug_gdb_scripts

Synthesis of the vulnerability

When the victim debugs a program coming from an untrusted source with GNU gdb, this program can contain a ".debug_gdb_scripts" section indicating scripts to execute.
Impacted products: Fedora, RHEL, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 29/11/2011.
Identifiers: BID-50829, CVE-2011-4355, FEDORA-2012-6614, RHSA-2013:0522-02, VIGILANCE-VUL-11182.

Description of the vulnerability

The GNU gdb tool is used to debug a program. It can for example run a program coming from an untrusted source in step-by-step mode, in order to check if the program contains Trojan code.

An ELF program can contain a ".debug_gdb_scripts" section which indicates the name of scripts to call when the program is loaded. These Python scripts can for example be used to display complex structures ("pretty printers").

However, an untrusted program can be provided with associated scripts. When the program is opened in gdb, these scripts can be run without the user approval.

When the victim debugs a program coming from an untrusted source with GNU gdb, this program can therefore contain a ".debug_gdb_scripts" section indicating scripts to execute.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-4499 CVE-2011-4500 CVE-2011-4501

Technicolor SpeedTouch: internal port scanning via UPnP

Synthesis of the vulnerability

An internet attacker can use the UPnP feature of the Technicolor SpeedTouch modem, in order to alter its configuration.
Impacted products: SpeedTouch.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 25/11/2011.
Identifiers: BID-50810, CVE-2011-4499, CVE-2011-4500, CVE-2011-4501, CVE-2011-4502, CVE-2011-4503, CVE-2011-4504, CVE-2011-4505, CVE-2011-4506, VIGILANCE-VUL-11181, VU#357851.

Description of the vulnerability

The UPnP (Universal Plug and Play) technology is used to automatically configure a device, with no authentication.

Technicolor SpeedTouch modems use UPnP IGD (Internet Gateway Device), so a computer on the LAN can for example configure:
 - AddPortMapping : add a port to translate
 - DeletePortMapping : delete a port
 - etc.

However, some modems accept UPnP IGD queries coming from their WAN interface (internet).

An internet attacker can therefore use the UPnP feature of the Technicolor SpeedTouch modem, in order to alter its configuration. He can thus for example scan the internal network.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899