| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
History of vulnerabilities analyzed by Vigil@nce:
ImageMagick: four vulnerabilities
Synthesis of the vulnerability
An attacker can invite the victim to open a malicious image with ImageMagick, in order to stop the application or possibly to execute code.
Impacted products: Debian, Fedora, Mandriva Linux, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 05/04/2012.
Identifiers: 807993, 807994, 807997, BID-52898, CERTA-2013-AVI-543, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2012-0259, CVE-2012-0260, CVE-2012-1610, CVE-2012-1798, DSA-2462-1, DSA-2462-2, FEDORA-2012-9313, MDVSA-2012:077, MDVSA-2012:078, RHSA-2012:0544-01, RHSA-2012:0545-01, SUSE-SU-2012:0763-1, SUSE-SU-2012:0764-1, USN-2132-1, VIGILANCE-VUL-11522.
Description of the vulnerability
The ImageMagick application is used to process images. It is impacted by four vulnerabilities.
When a JPEG image contains a special EXIF XResolution field, a string is not ended by '\0', so a read is done at an invalid memory address. [severity:1/4; 807993, CVE-2012-0259]
When a JPEG image contains numerous restart sequences (RST0 to RST7), the JPEGWarningHandler() function is called too many times, and consumes resources. [severity:1/4; 807994, CVE-2012-0260]
When a TIFF image contains a special EXIF IFD field, a long memory copy is done. [severity:2/4; 807997, CVE-2012-1798]
When a JPEG image contains an EXIF XResolution field, an integer overflow can occur. [severity:2/4; CVE-2012-1610]
An attacker can therefore invite the victim to open a malicious image with ImageMagick, in order to stop the application or possibly to execute code.
Full Vigil@nce bulletin... (Free trial) |
libtiff: integer overflow via tile/strip
Synthesis of the vulnerability
An attacker can invite the victim to open a malicious TIFF image, in order to create a denial of service or to execute code in applications linked to libtiff.
Impacted products: Debian, Fedora, LibTIFF, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 05/04/2012.
Identifiers: BID-52891, CERTA-2012-AVI-192, CERTA-2012-AVI-343, CVE-2012-1173, DSA-2447-1, FEDORA-2012-5406, FEDORA-2012-5410, MDVSA-2012:054, openSUSE-SU-2012:0539-1, RHSA-2012:0468-01, SSA:2012-098-01, SUSE-SU-2012:0516-1, SUSE-SU-2012:0525-1, VIGILANCE-VUL-11521.
Description of the vulnerability
The libtiff library is used to process TIFF images.
The gtTileSeparate() function of the libtiff/tif_getimage.c file decodes images composed of tiles (rectangles). The gtStripSeparate() function decodes images composed of strips (lines).
Both functions allocate a memory area which is 3 (RGB colors) or 4 (RGB and alpha) times larger than the size of the tile/strip indicated in the image. However, this multiplication can overflow, and the memory area becomes to short to store data.
An attacker can therefore invite the victim to open a malicious TIFF image, in order to create a denial of service or to execute code in applications linked to libtiff.
Full Vigil@nce bulletin... (Free trial) |
HP Business Availability Center: Cross Site Scripting
Synthesis of the vulnerability
An attacker can generate a Cross Site Scripting in HP Business Availability Center, in order to execute JavaScript code in the context of the web site.
Impacted products: HPE BAC.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 04/04/2012.
Identifiers: BID-52880, c03242623, CERTA-2012-AVI-194, CVE-2012-0132, HPSBMU02749, SSRT100793, VIGILANCE-VUL-11520.
Description of the vulnerability
An attacker can generate a Cross Site Scripting in HP Business Availability Center, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Joomla 2.5: two vulnerabilities
Synthesis of the vulnerability
An attacker can use two vulnerabilities of Joomla, in order to obtain information or to generate a Cross Site Scripting.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/04/2012.
Identifiers: 20120306, 20120307, 20120308, BID-52859, CVE-2012-1599, CVE-2012-1611, CVE-2012-1612, VIGILANCE-VUL-11519.
Description of the vulnerability
Two vulnerabilities were announced in Joomla.
An attacker can see administrative information. [severity:2/4; 20120306, 20120307, CVE-2012-1599, CVE-2012-1611]
An attacker can generate a Cross Site Scripting in the Update Manager. [severity:2/4; 20120308, BID-52859, CVE-2012-1612]
Full Vigil@nce bulletin... (Free trial) |
HP-UX: code execution via DCE
Synthesis of the vulnerability
A network attacker can send a malicious query to a DCE service, in order to stop it or to execute code.
Impacted products: HP-UX.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 03/04/2012.
Identifiers: BID-52860, c03261413, CERTA-2012-AVI-189, CVE-2012-0131, HPSBUX02758, SSRT100774, VIGILANCE-VUL-11518.
Description of the vulnerability
The OSF DCE (Distributed Computing Environment from OSF/OpenGroup) environment provides various components:
- DCE Threads
- RPC (Remote Procedure Call)
- etc.
Developers can use these basic features to create their programs.
However, a network attacker can send a malicious query to a DCE service, in order to stop it or to execute code.
Full Vigil@nce bulletin... (Free trial) |
ArcGIS: code execution via TeeChart Professional
Synthesis of the vulnerability
An attacker can create a web page calling the TeeChart Professional ActiveX, which is installed by ArcGIS products, in order to execute code on computers of victims loading this page with Internet Explorer.
Impacted products: ArcGIS ArcView, ArcGIS for Desktop, ArcGIS for Server.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 03/04/2012.
Identifiers: BID-49125, NIM074916, SS-2011-007, VIGILANCE-VUL-11517.
Description of the vulnerability
ArcGIS products install the TeeChart Professional ActiveX in order to draw statistic graphs.
The AddSeries() method of TeeChart.TChart.9 adds a series of numbers for graphs. However, a parameter is used to compute the address of a callback function. An attacker can thus force the usage of a malicious function, in order to execute code.
An attacker can therefore create a web page calling the TeeChart Professional ActiveX, which is installed by ArcGIS products, in order to execute code on computers of victims loading this page with Internet Explorer.
Full Vigil@nce bulletin... (Free trial) |
LibreOffice, OpenOffice: integer overflow via JPEG
Synthesis of the vulnerability
An attacker can invite the victim to open a document containing a malicious JPEG image with LibreOffice/OpenOffice, in order to execute code on his computer.
Impacted products: OpenOffice, Debian, Fedora, LibreOffice, Mandriva Linux, RHEL, SUSE Linux Enterprise Desktop.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 03/04/2012.
Revision date: 16/05/2012.
Identifiers: BID-53570, CERTA-2012-AVI-285, CVE-2012-1149, DSA-2473-1, DSA-2487-1, FEDORA-2012-8042, FEDORA-2012-8114, MDVSA-2012:090, MDVSA-2012:091, RHSA-2012:0705-01, SUSE-SU-2012:0457-1, SUSE-SU-2012:0481-1, VIGILANCE-VUL-11516.
Description of the vulnerability
An office document can contain an image in JPEG format.
However, when LibreOffice/OpenOffice opens this document, an integer overflow occurs.
An attacker can therefore invite the victim to open a document containing a malicious JPEG image, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial) |
libpng: memory corruption via png_set_text_2
Synthesis of the vulnerability
An attacker can invite the victim to open a malicious PNG image with an application linked to libpng, in order to corrupt the memory, leading to code execution.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, libpng, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 30/03/2012.
Identifiers: BID-52830, CERTA-2012-AVI-183, CERTFR-2014-AVI-502, CVE-2011-3048, DSA-2446-1, FEDORA-2012-5079, FEDORA-2012-5080, FEDORA-2012-5515, FEDORA-2012-5518, MDVSA-2012:046, openSUSE-SU-2012:0491-1, RHSA-2012:0523-01, SOL15881, SSA:2012-206-01, SUSE-SU-2012:0732-1, VIGILANCE-VUL-11515.
Description of the vulnerability
A PNG image can contain text elements stored in iTXt, tEXt and zTXt chunks.
The png_set_text_2() function of the pngset.c file decodes these fields, and store them in memory. When the memory area is too short, this function allocates a new memory area. However, if the allocation fails (for example if the size indicated in the fragment is too high), the function frees the previous memory area. If the image then contains another text fragment, its data are thus stored at a freed memory area.
An attacker can therefore invite the victim to open a malicious PNG image with an application linked to libpng, in order to corrupt the memory, leading to code execution.
Full Vigil@nce bulletin... (Free trial) |
Tivoli Directory Server: Cross Site Scripting via Web Admin Tool
Synthesis of the vulnerability
An attacker can generate a Cross Site Scripting in the Web Admin Tool of Tivoli Directory Server.
Impacted products: Tivoli Directory Server.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 30/03/2012.
Identifiers: BID-52844, CMVC 112529, IO14508, IO16016, VIGILANCE-VUL-11514.
Description of the vulnerability
The Web Admin Tool interface of Tivoli Directory Server is used to manage the service.
An attacker can generate a Cross Site Scripting in the Web Admin Tool of Tivoli Directory Server.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via kvm_apic_accept_pic_intr
Synthesis of the vulnerability
A local attacker can invert the creation of KVM devices, in order to force the kernel to dereference a NULL pointer, which stops it.
Impacted products: Debian, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 30/03/2012.
Identifiers: BID-53488, CVE-2012-1601, DSA-2469-1, openSUSE-SU-2013:0925-1, openSUSE-SU-2013:0927-1, RHSA-2012:0571-01, RHSA-2012:0676-01, SUSE-SU-2012:1679-1, SUSE-SU-2013:0786-1, VIGILANCE-VUL-11513.
Description of the vulnerability
The KVM_CREATE_VCPU ioctl is used to create a virtual processor.
The KVM_CREATE_IRQCHIP ioctl creates an interruption controller (APIC: Advanced Programmable Interrupt Controller).
Normally, IRQCHIP should be called before VCPU. However, if a local attacker first calls VCPU, the call to IRQCHIP reinitializes the vcpu->arch.apic variable. A NULL pointer is then dereferenced.
A local attacker can therefore invert the creation of KVM devices, in order to force the kernel to dereference a NULL pointer, which stops it.
Full Vigil@nce bulletin... (Free trial) |
Previous page Next page Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2846
|