The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability note CVE-2013-0268

Linux kernel: privilege elevation via MSR

Synthesis of the vulnerability

A local attacker, who has the uid 0, can access to /dev/cpu/*/msr, in order to execute code with kernel privileges.
Impacted products: Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX.
Severity: 1/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 07/02/2013.
Identifiers: BID-57838, CERTA-2013-AVI-454, CVE-2013-0268, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, FEDORA-2013-1961, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:1187-1, RHSA-2013:0621-01, RHSA-2013:0622-01, RHSA-2013:0630-01, SUSE-SU-2013:0674-1, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, VIGILANCE-VUL-12389, VMSA-2013-0009, VMSA-2013-0009.2.

Description of the vulnerability

Intel processors have specific MSR (Model Specific Register) registers.

A root user (uid 0) can access to the special "/dev/cpu/*/msr" file. The msr_open() function of the arch/x86/kernel/msr.c file allows this access. However, it does not check if the user also has the CAP_SYS_RAWIO capability.

A local attacker, who has the uid 0, but not CAP_SYS_RAWIO, can therefore access to /dev/cpu/*/msr, in order to execute code with kernel privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-0256

Ruby: Cross Site Scripting via RDoc

Synthesis of the vulnerability

When an HTML document was generated by Ruby RDoc, an attacker can trigger a Cross Site Scripting via the darkfish.js script.
Impacted products: Fedora, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 07/02/2013.
Identifiers: BID-57785, CVE-2013-0256, FEDORA-2013-2131, FEDORA-2013-2143, openSUSE-SU-2013:0303-1, openSUSE-SU-2013:0376-1, RHSA-2013:0686-01, RHSA-2013:0698-01, RHSA-2013:0699-01, RHSA-2013:0701-01, RHSA-2013:0728-01, VIGILANCE-VUL-12388.

Description of the vulnerability

The Ruby RDoc tool generates HTML documentation.

The highlightTarget() function of the darkfish.js file highlights words associated to the visited anchor. However, the name of the anchor is directly used without being filtered.

When an HTML document was generated by Ruby RDoc, an attacker can therefore trigger a Cross Site Scripting via the darkfish.js script.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-0844 CVE-2013-0845 CVE-2013-0846

FFmpeg: several vulnerabilities

Synthesis of the vulnerability

An attacker can create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Impacted products: Debian, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 26.
Creation date: 07/02/2013.
Identifiers: BID-57868, BID-62397, CVE-2013-0844, CVE-2013-0845, CVE-2013-0846, CVE-2013-0847, CVE-2013-0848, CVE-2013-0849, CVE-2013-0850, CVE-2013-0851, CVE-2013-0852, CVE-2013-0853, CVE-2013-0854, CVE-2013-0855, CVE-2013-0856, CVE-2013-0857, CVE-2013-0858, CVE-2013-0859, CVE-2013-0860, CVE-2013-0861, CVE-2013-0862, CVE-2013-0863, CVE-2013-0864, CVE-2013-0865, CVE-2013-0866, CVE-2013-0867, CVE-2013-0868, CVE-2013-0869, DSA-2793-1, DSA-2855-1, DSA-3003-1, MDVSA-2014:227, USN-2309-1, VIGILANCE-VUL-12387.

Description of the vulnerability

The FFmpeg suite contains several libraries to process multimedia data.

However, several vulnerabilities impact FFmpeg.

An attacker can therefore create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-1111

Cisco ATA 187: command execution via Telnet

Synthesis of the vulnerability

An unauthenticated network attacker can connect to the Telnet service of Cisco ATA 187, in order to execute privileged commands.
Impacted products: Cisco ATA.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 06/02/2013.
Identifiers: 27921, BID-57782, CERTA-2013-AVI-100, cisco-sa-20130206-ata187, CSCtz67038, CVE-2013-1111, VIGILANCE-VUL-12385.

Description of the vulnerability

A Telnet service listens on port 7870/tcp of the Cisco ATA 187 product.

However, an attacker can bypass the authentication of this service. Moreover, he can execute some privileged commands.

An unauthenticated network attacker can therefore connect to the Telnet service of Cisco ATA 187, in order to execute privileged commands.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-0254

Qt: memory read and write via Shared Memory

Synthesis of the vulnerability

A local attacker can access the shared memory pages, which are created by Qt applications, in order to read or alter their contents.
Impacted products: Fedora, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 06/02/2013.
Identifiers: BID-57772, CVE-2013-0254, FEDORA-2013-1997, FEDORA-2013-2041, openSUSE-SU-2013:0403-1, openSUSE-SU-2013:0404-1, openSUSE-SU-2013:0411-1, RHSA-2013:0669-01, VIGILANCE-VUL-12384.

Description of the vulnerability

The shmget() system call is used to obtain a shared memory area. Access privileges are for example 0400 or 0600 (Unix mode).

The Qt library uses shmget() twice:
 - in the QSharedMemory class
 - in the X11 protocol, to share data between the X server and its clients

However, Qt defines the mode 0444 or 0666, so all local users can read or write in these memory areas.

A local attacker can therefore access the shared memory pages, which are created by Qt applications, in order to read or alter their contents. He can thus obtain sensitive information, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-0249

cURL: buffer overflow via SASL

Synthesis of the vulnerability

When cURL connects to a malicious POP3, SMTP or IMAP server, an attacker can trigger a buffer overflow, leading to code execution.
Impacted products: curl, Fedora, Slackware.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: intranet server.
Creation date: 06/02/2013.
Identifiers: adv_20130206, BID-57842, CERTA-2013-AVI-107, CVE-2013-0249, FEDORA-2013-2098, SSA:2013-038-01, VIGILANCE-VUL-12383.

Description of the vulnerability

The SASL (Simple Authentication and Security Layer) protocol adds new authentication methods to existing protocols.

The cURL/libcurl product supports the POP3, SMTP and IMAP protocols, in order to download emails. It implements SASL DIGEST-MD5.

The SASL DIGEST-MD5 protocol computes a hash on data coming from the server (username, realm, nonce, etc.). The Curl_sasl_create_digest_md5_message() function of lib/curl_sasl.c performs this hash. However, it stores data coming from the POP3, SMTP or IMAP server in a fixed size array, and does not check its size.

When cURL connects to a malicious POP3, SMTP or IMAP server, an attacker can therefore trigger a buffer overflow, leading to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1772

Linux kernel: denial of service via printk

Synthesis of the vulnerability

A local attacker can force the kernel to log a short message, in order to read at an invalid memory address, which leads to a denial of service.
Impacted products: Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 06/02/2013.
Identifiers: BID-58118, CVE-2013-1772, openSUSE-SU-2013:1187-1, RHSA-2013:0566-01, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, VIGILANCE-VUL-12382.

Description of the vulnerability

The Linux kernel uses the printk() function to display important messages.

The call_console_drivers() function displays the message on the console. It calls the log_prefix() function, which decodes the syslog "<priority>" prefix. However, when the message is too short, the log_prefix() function reads after the end of the storage buffer, to search the '>' character for example.

A local attacker can therefore force the kernel to log a short message, in order to read at an invalid memory address, which leads to a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 12381

Webmin: Cross Site Scripting of miniserv

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in the miniserv.pl web server of Webmin, in order to execute JavaScript code in the context of the website.
Impacted products: Webmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 05/02/2013.
Identifiers: VIGILANCE-VUL-12381.

Description of the vulnerability

The Webmin product uses the miniserv.pl web server.

However, this server does not filter parameters of error pages, before injecting them in generated HTML pages.

An attacker can therefore trigger a Cross Site Scripting in the miniserv.pl web server of Webmin, in order to execute JavaScript code in the context of the website.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-0231

Xen: denial of service via pciback

Synthesis of the vulnerability

An attacker, who is located in a guest system, can trigger numerous PCI errors, in order to overload the host system.
Impacted products: XenDesktop, XenServer, Debian, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 05/02/2013.
Identifiers: BID-57740, CERTA-2013-AVI-098, CERTA-2013-AVI-158, CERTA-2013-AVI-259, CERTA-2013-AVI-412, CERTA-2013-AVI-496, CTX136540, CTX138633, CVE-2013-0231, DSA-2632-1, FEDORA-2013-2728, MDVSA-2013:194, openSUSE-SU-2013:0395-1, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:0925-1, openSUSE-SU-2013:1619-1, RHSA-2013:0747-01, SUSE-SU-2013:0674-1, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, SUSE-SU-2013:0786-1, SUSE-SU-2019:14051-1, VIGILANCE-VUL-12380, XSA-43.

Description of the vulnerability

The pciback_enable_msi() function of the drivers/xen/pciback/conf_space_capability_msi.c file is used to enable MSI (Message Signaled Interrupts) on PCI. It is called via the XEN_PCI_OP_enable_msi operation.

If MSI cannot be enabled, this function calls printk() to display a kernel error message. However, there is no limit on the number of times that this function can be called.

An attacker, who is located in a guest system, can therefore trigger numerous PCI errors, in order to overload the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-0216 CVE-2013-0217

Xen: denials of service via netback

Synthesis of the vulnerability

A local attacker, who is located in a Xen guest system, can trigger two denials of service via netback.
Impacted products: XenDesktop, XenServer, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/02/2013.
Identifiers: BID-57743, BID-57744, CERTA-2013-AVI-098, CERTA-2013-AVI-158, CERTA-2013-AVI-259, CERTA-2013-AVI-375, CERTA-2013-AVI-496, CTX136540, CTX138633, CVE-2013-0216, CVE-2013-0217, MDVSA-2013:176, openSUSE-SU-2013:0395-1, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:0925-1, RHSA-2013:0747-01, SUSE-SU-2013:0674-1, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, SUSE-SU-2013:0786-1, SUSE-SU-2019:14051-1, VIGILANCE-VUL-12379, XSA-39.

Description of the vulnerability

The netback driver of Xen is located in the kernel of Dom0, and it is connected to virtual network devices of DomU systems. It is impacted by two vulnerabilities.

An attacker can trigger a large loop. [severity:1/4; BID-57743, CVE-2013-0216]

An attacker can trigger a memory leak. [severity:1/4; BID-57744, CVE-2013-0217]

A local attacker, who is located in a Xen guest system, can therefore trigger two denials of service via netback.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899