The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

threat note CVE-2012-5510

Xen: denial of service via the grant tables

Synthesis of the vulnerability

A local attacker, who is administrator in a guest system, can modify the version of the tables that store permissions for shared memory pages, in order to make the hypervisor halt.
Severity: 2/4.
Creation date: 04/12/2012.
Identifiers: BID-56794, CERTA-2012-AVI-703, CTX135777, CVE-2012-5510, DSA-2582-1, FEDORA-2012-19717, FEDORA-2012-19828, openSUSE-SU-2012:1685-1, openSUSE-SU-2012:1687-1, openSUSE-SU-2013:0133-1, openSUSE-SU-2013:0636-1, openSUSE-SU-2013:0637-1, SUSE-SU-2012:1615-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-12200, XSA-26.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker, who is administrator in a guest system, can modify the version of the tables that store permissions for shared memory pages, in order to make the hypervisor halt.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2012-5611 CVE-2012-5612 CVE-2012-5613

MySQL: five vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of MySQL can be used by a remote attacker to create a denial of service, raise its privileges, or execute some code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 03/12/2012.
Identifiers: 881064, 882600, 882606, 882607, 882608, BID-56766, BID-56768, BID-56769, BID-56771, BID-56776, bulletinoct2015, CERTA-2012-ALE-007, CERTA-2012-ALE-007-001, CERTA-2012-AVI-701, cpuapr2013, cpujan2013, CVE-2012-5579-REJECT, CVE-2012-5611, CVE-2012-5612, CVE-2012-5613, CVE-2012-5614, CVE-2012-5615, DSA-2581-1, DSA-3054-1, FEDORA-2012-19823, FEDORA-2012-19833, FEDORA-2014-14791, MDVSA-2012:178, MDVSA-2013:008, MDVSA-2013:102, MDVSA-2015:091, openSUSE-SU-2013:0011-1, openSUSE-SU-2013:0013-1, openSUSE-SU-2013:0014-1, openSUSE-SU-2013:0135-1, openSUSE-SU-2013:0156-1, openSUSE-SU-2013:1412-1, RHSA-2012:1551-01, RHSA-2013:0180-01, RHSA-2014:1937-01, RHSA-2014:1940-01, SSA:2013-022-01, SUSE-SU-2013:0262-1, SUSE-SU-2015:0620-1, SUSE-SU-2015:0743-1, USN-2384-1, VIGILANCE-VUL-12198.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Five vulnerabilities have been announced in MySQL.

When the server checks the access rights of the logged user, a buffer overflow related to the handling of the targeted database name occurs. [severity:3/4; 881064, BID-56769, CERTA-2012-ALE-007, CERTA-2012-ALE-007-001, CERTA-2012-AVI-701, CVE-2012-5579-REJECT, CVE-2012-5611]

An attacker can cause a buffer overflow in the heap, in order to execute code. [severity:3/4; 882600, BID-56768, CVE-2012-5612]

An attacker that have the privilege FILE, may use special requests, in order to create or change file with the database administrator rights. [severity:1/4; 882606, BID-56771, CVE-2012-5613]

An attacker can make the server stop. [severity:2/4; 882607, BID-56776, CVE-2012-5614]

An attacker can use the authentication mechanisms from MySQL 4 against MySQL 5,n in order to check validity of a given username. [severity:1/4; 882608, BID-56766, CVE-2012-5615]
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2012-5134

libxml2: buffer overflow via entities references

Synthesis of the vulnerability

An attacker can create an XML file containing malicious entities references, in order to execute code.
Severity: 2/4.
Creation date: 03/12/2012.
Identifiers: CERTA-2013-AVI-208, CERTA-2013-AVI-337, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CERTFR-2015-AVI-023, CVE-2012-5134, DSA-2580-1, ESX400-201305001, ESX400-201305402-SG, ESX400-201305404-SG, ESX410-201304001, ESX410-201304401-SG, ESXi400-201305001, ESXi400-201305401-SG, ESXi410-201304001, ESXi410-201304401-SG, ESXi500-201303001, ESXi500-201303101-SG, ESXi500-201303102-SG, ESXi510-201304101-SG, JSA10669, MDVSA-2012:176, MDVSA-2013:056, openSUSE-SU-2012:1637-1, openSUSE-SU-2012:1647-1, openSUSE-SU-2013:0178-1, RHSA-2012:1512-01, RHSA-2013:0217-01, SSA:2012-341-03, SUSE-SU-2012:1636-1, SUSE-SU-2013:1625-1, SUSE-SU-2013:1627-1, VIGILANCE-VUL-12197, VMSA-2012-0018.2, VMSA-2013-0001.3, VMSA-2013-0001.5, VMSA-2013-0004, VMSA-2013-0004.1, VMSA-2013-0004.2, VMSA-2013-0004.3, VMSA-2013-0007.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

In an XML document, attributes values may contain entity references.

The parsing of such entities references is incorrect. Technicals details are unknown. Notably, upstream changes referenced in the information source do not match the most often used description of the error.

An attacker can therefore create an XML file containing malicious entities references, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer threat announce 12196

McAfee Email Gateway: two vulnerabilities

Synthesis of the vulnerability

Two vulnerabilities have been announced in McAfee Email Gateway.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/11/2012.
Identifiers: BID-56751, CERTA-2012-AVI-700, SB10037, VIGILANCE-VUL-12196.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Two vulnerabilities have been announced in McAfee Email Gateway.

The filename of attached files in an email is recorded in a message header. However, the product Secure Web Delivery Client does not rightly validate this header. An attacker can therefore send messages that contains JavaScript code in this field, in order to make the recipient host run it in the context of the "web mail" site. [severity:2/4; SB10037]

Secure Web Mail Client does not rightly check the access rights to composition functions. An attacker can therefore create messages that will be marked as originating from the appliance, in order to, for instance fulfill the disk space, or even send spam. [severity:3/4; SB10037]
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2012-4557

Apache httpd: denial of service via mod_proxy_ajp

Synthesis of the vulnerability

When a Web server is made of Apache httpd with mod_proxy_ajp and a Tomcat server, an attacker can send a request requiring much processing time, in oder to make httpd disconnect the Tomcat server.
Severity: 3/4.
Creation date: 30/11/2012.
Identifiers: 871685, BID-56753, c03734195, c03820647, CVE-2012-4557, DSA-2579-1, HPSBUX02866, openSUSE-SU-2013:0243-1, openSUSE-SU-2013:0248-1, RHSA-2013:0512-02, SSRT101139, VIGILANCE-VUL-12194.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The mod_proxy module provides a generic proxy service for Apache httpd. The mod_proxy_ajp module adds the AJP13 (Apache JServe Protocol version 1.3) support, which is used with Tomcat.

The mod_proxy_ajp module manage a list of Tomcat servers that it forwards requests to, with their state (working or not). When a Tomcat server does not reply at all or send an invalid response, the module marks it as not working. However, the fonction ajp_ilink_receive() in the file modules/proxy/ajp_link.c does not distinguish between time out (error code APR_TIMEUP) and faultly responses (error code AJP_ENO_HEADER). So, a time-out makes the httpd module considers that the Tomcat process is faultly.

When a Web server is made of Apache httpd with mod_proxy_ajp and a Tomcat server, an attacker can therefore send a request requiring much processing time, in oder to make httpd disconnect the Tomcat server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2012-6052 CVE-2012-6053 CVE-2012-6054

Wireshark: eleven vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 29/11/2012.
Identifiers: CERTA-2012-AVI-692, CERTA-2013-AVI-173, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CVE-2012-5592-REJECT, CVE-2012-5593-REJECT, CVE-2012-5594-REJECT, CVE-2012-5595-REJECT, CVE-2012-5596-REJECT, CVE-2012-5597-REJECT, CVE-2012-5598-REJECT, CVE-2012-5599-REJECT, CVE-2012-5600-REJECT, CVE-2012-5601-REJECT, CVE-2012-5602-REJECT, CVE-2012-6052, CVE-2012-6053, CVE-2012-6054, CVE-2012-6055, CVE-2012-6056, CVE-2012-6057, CVE-2012-6058, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, DLA-497-1, MDVSA-2013:055, openSUSE-SU-2012:1633-1, openSUSE-SU-2013:0151-1, RHSA-2013:1569-02, RHSA-2014:0341-01, VIGILANCE-VUL-12192, wnpa-sec-2012-30, wnpa-sec-2012-31, wnpa-sec-2012-32, wnpa-sec-2012-33, wnpa-sec-2012-34, wnpa-sec-2012-35, wnpa-sec-2012-36, wnpa-sec-2012-37, wnpa-sec-2012-38, wnpa-sec-2012-39, wnpa-sec-2012-40.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can get private information via host name resolution. [severity:1/4; CVE-2012-5592-REJECT, CVE-2012-6052, wnpa-sec-2012-30]

An attacker can generate an infinite loop in the USB dissector. [severity:1/4; CVE-2012-5593-REJECT, CVE-2012-6053, wnpa-sec-2012-31]

An attacker can generate an infinite loop in the sFlow dissector. [severity:1/4; CVE-2012-5594-REJECT, CVE-2012-6054, wnpa-sec-2012-32]

An attacker can generate an infinite loop in the SCTP dissector. [severity:1/4; CVE-2012-5595-REJECT, CVE-2012-6056, wnpa-sec-2012-33]

An attacker can generate an infinite loop in the EIGRP dissector. [severity:1/4; CVE-2012-5596-REJECT, CVE-2012-6057, wnpa-sec-2012-34]

An attacker can halt Wireshark via the ISAKMP dissector. [severity:2/4; CVE-2012-5597-REJECT, CVE-2012-6059, wnpa-sec-2012-35]

An attacker can generate an infinite loop in the iSCSI dissector. [severity:1/4; CVE-2012-5598-REJECT, CVE-2012-6060, wnpa-sec-2012-36]

An attacker can generate an infinite loop in the WTP dissector. [severity:1/4; CVE-2012-5599-REJECT, CVE-2012-6061, wnpa-sec-2012-37]

An attacker can generate an infinite loop in the RTCP dissector. [severity:1/4; CVE-2012-5600-REJECT, CVE-2012-6062, wnpa-sec-2012-38]

An attacker can generate an infinite loop in the 3GPP2 A11 dissector. [severity:1/4; CVE-2012-5601-REJECT, CVE-2012-6055, wnpa-sec-2012-39]

An attacker can generate an infinite loop in the ICMPv6 dissector. [severity:1/4; CVE-2012-5602-REJECT, CVE-2012-6058, wnpa-sec-2012-40]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-5581

libtiff: buffer overflow via the tags DOTRANGE

Synthesis of the vulnerability

An attacker can build a TIFF file containing a malicious tag DOTRANGE, in order to execute some code.
Severity: 3/4.
Creation date: 29/11/2012.
Identifiers: 867235, BID-56715, CERTA-2013-AVI-543, CVE-2012-5581, DSA-2589-1, FEDORA-2012-20404, MDVSA-2012:184, MDVSA-2013:046, openSUSE-SU-2013:0187-1, RHSA-2012:1590-01, VIGILANCE-VUL-12191.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The image file format TIFF is partially based on a sequence of blocs <tag, data>.

One of the defined tags is named DOTRANGE and its value is expected to be a pair of integer. However, during the packing of a tag sequence, the routine _TIFFVSetField() from the source file libtiff/tif_dir.c uses an integer variable as it was an array of size two, which leads to overwrite neighbor variables.

An attacker can therefore build a TIFF file containing a malicious tag DOTRANGE, in order to execute some code.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2012-5580

libproxy: invalid format string

Synthesis of the vulnerability

An attacker who controls a configuration file used by libproxy can make it use a malicious format string, in order to execute some code.
Severity: 2/4.
Creation date: 29/11/2012.
Identifiers: 791086, BID-56712, CVE-2012-5580, FEDORA-2012-20092, VIGILANCE-VUL-12190.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The libproxy library is used to encapsulate details of proxy configuration in proxy clients programs.

In soma cases, the parsed configuration is displayed with the help of formating routines of the standard C library, in the routine print_proxies(). However, the configuraiton file content is directly used as a format string for printf(), which allows the attacker to inject code.

An attacker who controls a configuration file used by libproxy can therefore make it use a malicious format string, in order to execute some code.
Full Vigil@nce bulletin... (Free trial)

threat alert 12189

AIX: kernel data leakage via UDP packets processing

Synthesis of the vulnerability

An attacker can send specially chosen UDP packets, in order to get information from the kernel memory.
Severity: 2/4.
Creation date: 28/11/2012.
Identifiers: IV31961, IV31962, VIGILANCE-VUL-12189.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

When the AIX kernel receives a special kind of UDP packets, it forwards to the listening user process, some data from the kernel memory instead of only the exact packet content.



An attacker can therefore send specially chosen UDP packets, in order to get information from the kernel memory.
Full Vigil@nce bulletin... (Free trial)

weakness announce 12188

OpenBSD 5: denial of service of portmap

Synthesis of the vulnerability

An attacker can open several connections on the portmap port of OpenBSD 5.1 and 5.2, in order to stop the service.
Severity: 2/4.
Creation date: 27/11/2012.
Revision date: 29/11/2012.
Identifiers: BID-56671, VIGILANCE-VUL-12188.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The portmap service listens on port 111, and indicates clients where to connect in order to access to a requested RPC service.

The src/lib/libc/rpc/svc_tcp.c file of OpenBSD implements RPC. Since December 2003, it uses poll() instead of select(), and implements an optimization ("pack svc_pollfd") when there are too many connections. However, this optimization is incompatible with the poll() function of the libc from recent OpenBSD versions. Accurate technical details are unknown.

An attacker can therefore open several connections on the portmap port of OpenBSD 5.1 and 5.2, in order to stop the service.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1151 1152 1153 1154 1155 1156 1157 1158 1159 1161 1163 1164 1165 1166 1167 1168 1169 1170 1171 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2922