The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability 11920

XnView: vulnerability via TIFF

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious TIFF (or JPEG) image with XnView, in order to stop it or to execute code.
Impacted products: XnView.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 06/09/2012.
Identifiers: BID-55482, VIGILANCE-VUL-11920.

Description of the vulnerability

The XnView software displays and converts images in various formats.

An attacker can invite the victim to open a malicious TIFF (or JPEG) image with XnView, in order to stop it or to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-1666

VMWare Tools: privilege elevation via tpfc.dll

Synthesis of the vulnerability

A local attacker can create a malicious DLL, and use VMWare Tools, in order to obtain administration privileges.
Impacted products: ESX, VMware Player, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 06/09/2012.
Identifiers: CERTA-2012-AVI-479, CVE-2012-1666, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, VIGILANCE-VUL-11919, VMSA-2012-0005.2, VMSA-2012-0011, VMSA-2012-0013.

Description of the vulnerability

VMWare Tools are for example used to configure the display, or printing features.

The Windows printer configuration is done through ThinPrint tools. However, these tools load the library tpfc.dll, which does not exist on the system.

A local attacker can therefore create a malicious DLL with this name, and use VMWare Tools, in order to obtain administration privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-3494 CVE-2012-3495 CVE-2012-3496

Xen: several vulnerabilities

Synthesis of the vulnerability

An attacker, who is located in a Xen guest system, can use several vulnerabilities, in order to create a denial of service on the host, or to execute code.
Impacted products: XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 7.
Creation date: 05/09/2012.
Identifiers: BID-55400, BID-55406, BID-55410, BID-55411, BID-55412, BID-55413, BID-55414, CERTA-2012-AVI-485, CTX134708, CVE-2012-3494, CVE-2012-3495, CVE-2012-3496, CVE-2012-3497-REJECT, CVE-2012-3498, CVE-2012-3515, CVE-2012-3516, CVE-2012-6030, CVE-2012-6031, CVE-2012-6032, CVE-2012-6033, CVE-2012-6034, CVE-2012-6035, CVE-2012-6036, DSA-2542-1, DSA-2543-1, DSA-2544-1, DSA-2545-1, FEDORA-2012-13434, FEDORA-2012-13443, FEDORA-2012-15606, FEDORA-2012-15740, MDVSA-2013:121, openSUSE-SU-2012:1153-1, openSUSE-SU-2012:1170-1, openSUSE-SU-2012:1172-1, openSUSE-SU-2012:1174-1, openSUSE-SU-2012:1176-1, openSUSE-SU-2012:1572-1, openSUSE-SU-2012:1573-1, RHSA-2012:1233-01, RHSA-2012:1234-01, RHSA-2012:1235-01, RHSA-2012:1236-01, RHSA-2012:1262-01, RHSA-2012:1325-01, SOL13405416, SUSE-SU-2012:1129-1, SUSE-SU-2012:1132-1, SUSE-SU-2012:1133-1, SUSE-SU-2012:1135-1, SUSE-SU-2012:1162-1, SUSE-SU-2012:1203-1, SUSE-SU-2012:1205-1, SUSE-SU-2012:1486-1, SUSE-SU-2012:1487-1, SUSE-SU-2012:1503-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-11916, XSA-12, XSA-13, XSA-14, XSA-15, XSA-16, XSA-17, XSA-18.

Description of the vulnerability

Several vulnerabilities were announced in Xen.

An attacker, who is located in a paravirtualized 64 bit guest system, can change the debug register DR7. [severity:1/4; BID-55400, CVE-2012-3494, XSA-12]

The PHYSDEVOP_get_free_pirq hypercall of Xen 4.1, which is used to obtain the structure physdev_get_free_pirq, uses the return code of the get_free_pirq() function as an array index. However, if the function fails, the error code is an invalid index, which corrupts the memory, and could lead to code execution. An attacker, who is located in a guest system, can try to access to a physical IRQ, to exploit this vulnerability. [severity:2/4; BID-55406, CVE-2012-3495, XSA-13]

An attacker, who is located in a paravirtualized guest system, can call XENMEM_populate_physmap with an invalid parameter, in order to stop the host system. [severity:1/4; BID-55412, CVE-2012-3496, XSA-14]

When TMEM (Transcendent Memory) is enabled via the option "tmem" on the hypervisor command line, an attacker located in a guest can corrupt the host memory, in order to execute code on the host. [severity:2/4; BID-55410, CVE-2012-3497-REJECT, CVE-2012-6030, CVE-2012-6031, CVE-2012-6032, CVE-2012-6033, CVE-2012-6034, CVE-2012-6035, CVE-2012-6036, XSA-15]

An attacker, who is located in a HVM guest system, can use PHYSDEVOP_map_pirq with the parameter MAP_PIRQ_TYPE_GSI, in order to stop the host system. [severity:1/4; BID-55414, CVE-2012-3498, XSA-16]

An attacker, who is located in a HVM guest system, can use a malicious VT100 sequence, in order to corrupt the memory, to elevate his privileges. [severity:2/4; BID-55413, CVE-2012-3515, XSA-17]

An attacker, who is a located in the Xen 4.2RC guest system, can use GNTTABOP_swap_grant_ref to stop the host, and possibly to execute code on the host. [severity:2/4; BID-55411, CVE-2012-3516, XSA-18]

An attacker, who is located in a Xen guest system, can therefore use several vulnerabilities, in order to create a denial of service on the host, or to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2012-4398

Linux kernel: denial of service via request_module

Synthesis of the vulnerability

A local attacker can force a call to request_module(), to disable the Out-Of-Memory-Killer, in order to overload the memory.
Impacted products: Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 03/09/2012.
Identifiers: 963685, BID-55361, CVE-2012-4398, openSUSE-SU-2015:0566-1, RHSA-2012:1282-01, RHSA-2013:0223-01, RHSA-2013:1348-01, SUSE-SU-2014:1693-1, SUSE-SU-2014:1693-2, SUSE-SU-2014:1695-1, SUSE-SU-2014:1695-2, SUSE-SU-2014:1698-1, SUSE-SU-2015:0481-1, VIGILANCE-VUL-11915.

Description of the vulnerability

The request_module() function is used by the kernel to load a module. It is for example called during the creation of a socket using a module.

The Out-Of-Memory-Killer monitors processes consuming memory, and decides to kill them, in order to free memory for other processes. So, a malicious application cannot block the system.

However, if a loaded process forces a call to request_module(), the Out-Of-Memory-Killer cannot kill the process which uses a state TASK_UNINTERRUPTIBLE. The Out-Of-Memory-Killer is then disabled.

A local attacker can therefore force a call to request_module(), to disable the Out-Of-Memory-Killer, in order to overload the memory.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-3552

Linux kernel: denial of service via ip_options

Synthesis of the vulnerability

A local attacker can create a multi-threaded program to manage IP options on a socket, in order to stop the system.
Impacted products: Debian, Linux, RHEL, ESX.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 03/09/2012.
Identifiers: BID-55359, CERTA-2013-AVI-657, CVE-2012-3552, DSA-2668-1, ESX410-201312001, ESX410-201312401-SG, ESX410-201312403-SG, RHSA-2012:1304-01, RHSA-2012:1540-01, VIGILANCE-VUL-11914, VMSA-2013-0007.1, VMSA-2013-0015.

Description of the vulnerability

An IPv4 packet can contain options.

The kernel stores these IP options in the structure ip_options (inet->opt).

The ip_make_skb() function calls ip_setup_cork(), which copies inet->opt. However, if another thread changed IP options associated to the socket, the first thread can dereference a freed pointer.

A local attacker can therefore create a multi-threaded program to manage IP options on a socket, in order to stop the system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2011-3389

fetchmail: obtaining HTTP headers

Synthesis of the vulnerability

An attacker, who can control HTTPS connections of fetchmail and which has a sufficient bandwidth, can use several SSL sessions in order to compute HTTP headers.
Impacted products: Mandriva Linux, Solaris, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 03/09/2012.
Identifiers: CVE-2011-3389, fetchmail-SA-2012-01, fetchmail-SA-2012-02, MDVSA-2012:149, MDVSA-2013:037, VIGILANCE-VUL-11913.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11014 describes a vulnerability of OpenSSL which can be used by an attacker to obtain HTTPS cookies.

This vulnerability is corrected in recent versions of OpenSSL, however fetchmail uses the SSL_OP_ALL bitmask which disables this protection.

An attacker, who can control HTTPS connections of fetchmail and which has a sufficient bandwidth, can therefore use several SSL sessions in order to compute HTTP headers.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-2288

EMC NetWorker: format string in nsrd

Synthesis of the vulnerability

A network attacker can send a malicious message to EMC NetWorker, in order to generate a format string attack, leading to code execution.
Impacted products: NetWorker.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 31/08/2012.
Identifiers: BID-55330, CERTA-2012-AVI-481, CVE-2012-2288, EIP-2012-0001, ESA-2012-038, VIGILANCE-VUL-11912.

Description of the vulnerability

The RPC nsrd service of EMC NetWorker processes save and restore operations.

However, the RPC procedure 0x06 of service 0x5F3DD version 0x02 directly transmits the received parameter to the lg_sprintf() function. An attacker can thus send a format parameter to this procedure, in order to corrupt the memory with "%n".

A network attacker can therefore send a malicious message to EMC NetWorker, in order to generate a format string attack, leading to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-2186 CVE-2012-4737

Asterisk: two vulnerabilities

Synthesis of the vulnerability

An authenticated attacker can use two vulnerabilities of Asterisk, in order to execute a shell command, or to bypass ACL.
Impacted products: Asterisk Open Source, Debian, Fedora.
Severity: 2/4.
Consequences: user access/rights, data flow.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 31/08/2012.
Identifiers: AST-2012-012, AST-2012-013, BID-55335, BID-55351, CERTA-2012-AVI-478, CVE-2012-2186, CVE-2012-4737, DSA-2550-1, DSA-2550-2, FEDORA-2012-13338, FEDORA-2012-13437, VIGILANCE-VUL-11911.

Description of the vulnerability

Two vulnerabilities were announced in Asterisk.

An authenticated attacker can use the action AMI Originate with the application ExternalIVR, in order to execute a shell command. [severity:2/4; AST-2012-012, BID-55351, CVE-2012-2186]

An attacker, who is authenticated with ARA (Asterisk Realtime Architecture), can make an IAX2 call bypassing ACL rules. [severity:2/4; AST-2012-013, BID-55335, CVE-2012-4737]

An authenticated attacker can therefore use two vulnerabilities of Asterisk, in order to execute a shell command, or to bypass ACL.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-0547

Java JRE/JDK: aggravate vulnerability via AWT

Synthesis of the vulnerability

An attacker can use a vulnerability of Java AWT, in order to aggravate the severity of another vulnerability.
Impacted products: Fedora, HP-UX, Mandriva Linux, Windows (platform) ~ not comprehensive, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Creation date: 31/08/2012.
Identifiers: BID-55339, c03533078, c03538957, CERTA-2012-AVI-595, CVE-2012-0547, FEDORA-2012-13127, HPSBUX02824, HPSBUX02825, MDVSA-2012:150, MDVSA-2012:150-1, openSUSE-SU-2012:1154-1, openSUSE-SU-2012:1175-1, RHSA-2012:1221-01, RHSA-2012:1222-01, RHSA-2012:1223-01, RHSA-2012:1225-01, RHSA-2012:1392-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100970, SSRT100974, SUSE-SU-2012:1148-1, SUSE-SU-2012:1231-1, VIGILANCE-VUL-11910.

Description of the vulnerability

The java.awt package is used to create user interfaces.

An attacker can use a vulnerability of Java AWT, in order to aggravate the severity of another vulnerability.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-1682 CVE-2012-3136 CVE-2012-4681

Java JRE/JDK 7: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HP-UX, Mandriva Linux, Windows (platform) ~ not comprehensive, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 31/08/2012.
Identifiers: BID-55213, BID-55336, BID-55337, c03533078, CERTA-2012-ALE-005, CERTA-2012-AVI-473, CERTA-2012-AVI-595, CVE-2012-1682, CVE-2012-3136, CVE-2012-4681, FEDORA-2012-13127, HPSBUX02824, MDVSA-2012:150, MDVSA-2012:150-1, openSUSE-SU-2012:1154-1, openSUSE-SU-2012:1175-1, RHSA-2012:1221-01, RHSA-2012:1222-01, RHSA-2012:1223-01, RHSA-2012:1225-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100970, SUSE-SU-2012:1148-1, SUSE-SU-2012:1231-1, VIGILANCE-VUL-11909, VU#636312, ZDI-12-197.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use ClassFinder and getField, in order to execute code on victim's computer (VIGILANCE-VUL-11897). [severity:3/4; BID-55213, CERTA-2012-ALE-005, CERTA-2012-AVI-473, CVE-2012-4681, VU#636312]

An attacker can use a vulnerability of Beans, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-55336, CVE-2012-1682, ZDI-12-197]

An attacker can use a vulnerability of Beans, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-55337, CVE-2012-3136]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899