The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

security threat CVE-2013-0311

Linux kernel: memory corruption via vhost

Synthesis of the vulnerability

A privileged attacker, located in a guest KVM system, can corrupt the memory of vhost, in order to stop the host system, or to execute code.
Severity: 2/4.
Creation date: 20/02/2013.
Identifiers: BID-58053, CERTA-2013-AVI-375, CVE-2013-0311, MDVSA-2013:176, openSUSE-SU-2013:1187-1, RHSA-2013:0496-02, RHSA-2013:0579-01, RHSA-2013:0882-01, RHSA-2013:0928-01, SOL15732, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, VIGILANCE-VUL-12441.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The vhost driver is used to simulate devices for HVM.

The translate_desc() function of the drivers/vhost/vhost.c file converts guest memory addresses (Guest Virtual Address) to host addresses (Host Virtual Address). However, during this operation, the computed size is sometimes too large.

A privileged attacker, located in a guest KVM system, can therefore corrupt the memory of vhost, in order to stop the host system, or to execute code.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2013-0310

Linux kernel: denial of service via IPOPT_CIPSO

Synthesis of the vulnerability

A local attacker can create a socket with the CIPSO IP option, in order to stop the system.
Severity: 1/4.
Creation date: 20/02/2013.
Identifiers: BID-58052, CVE-2013-0310, RHSA-2013:0496-02, VIGILANCE-VUL-12440.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The CIPSO (Commercial Internet Protocol Security Option) IP option is used to define the sensitivity level (Multi Level Security) of a network message.

The Linux kernel implements this option. However, this implementation is invalid, and triggers a NULL pointer dereference.

A local attacker can therefore create a socket with the CIPSO IP option, in order to stop the system.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2013-0309

Linux kernel: denial of service via pmd_present

Synthesis of the vulnerability

A local attacker can use Transparent Huge Pages, in order to stop the system.
Severity: 1/4.
Creation date: 20/02/2013.
Identifiers: BID-58046, CVE-2013-0309, openSUSE-SU-2013:0396-1, RHSA-2013:0496-02, VIGILANCE-VUL-12439.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A THP (Transparent Huge Page) allows the usage of a large memory area.

However, when a THP is protected (mprotect) with PROT_NONE, the pmd_present() function of the arch/x86/include/asm/pgtable.h file uses invalid flags, which leads to a call of the BUG_ON() macro.

A local attacker can therefore use Transparent Huge Pages, in order to stop the system.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2013-0765 CVE-2013-0772 CVE-2013-0773

Firefox, Thunderbird, SeaMonkey: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Firefox, Thunderbird and SeaMonkey can be used by an attacker to execute code on victim's computer.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 20/02/2013.
Identifiers: BID-58030, BID-58034, BID-58036, BID-58037, BID-58038, BID-58040, BID-58041, BID-58042, BID-58043, BID-58044, BID-58047, BID-58048, BID-58049, BID-58050, BID-58051, CERTA-2013-AVI-144, CERTA-2013-AVI-147, CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, CVE-2013-0783, CVE-2013-0784, DSA-2699-1, FEDORA-2013-2773, FEDORA-2013-2794, FEDORA-2013-2988, FEDORA-2013-2992, MFSA 2013-21, MFSA 2013-22, MFSA 2013-23, MFSA 2013-24, MFSA 2013-25, MFSA 2013-26, MFSA 2013-27, MFSA 2013-28, openSUSE-SU-2013:0323-1, openSUSE-SU-2013:0324-1, openSUSE-SU-2014:1100-1, RHSA-2013:0271-01, RHSA-2013:0272-01, SSA:2013-050-01, SSA:2013-050-02, SSA:2013-056-01, SUSE-SU-2013:0410-1, VIGILANCE-VUL-12438.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.

Several memory corruptions lead to code execution. [severity:4/4; BID-58037, BID-58040, CVE-2013-0783, CVE-2013-0784, MFSA 2013-21]

A malformed GIF image triggers a read at an invalid memory area, which stops the application. [severity:2/4; BID-58034, CVE-2013-0772, MFSA 2013-22]

A WebIDL object can be wrapped twice, which corrupts the memory. [severity:4/4; BID-58036, CVE-2013-0765, MFSA 2013-23]

An attacker can bypass security features of Chrome Object Wrappers (COW) and System Only Wrappers (SOW). [severity:3/4; BID-58041, CVE-2013-0773, MFSA 2013-24]

An attacker can obtain information on files via JavaScript Workers. [severity:2/4; BID-58038, CVE-2013-0774, MFSA 2013-25]

A freed memory area can be used by nsImageLoadingContent. [severity:4/4; BID-58042, CVE-2013-0775, MFSA 2013-26]

An attacker can use an HTTP 407 reply, in order to alter the content of the address bar. [severity:2/4; BID-58044, CVE-2013-0776, MFSA 2013-27]

Several memory corruptions of the Address Sanitizer lead to code execution. [severity:4/4; BID-58043, BID-58047, BID-58048, BID-58049, BID-58050, BID-58051, CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782, MFSA 2013-28]
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2013-0169 CVE-2013-1484 CVE-2013-1485

Oracle JRE, JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Oracle JRE and JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 20/02/2013.
Identifiers: BID-57778, BID-58027, BID-58028, BID-58029, BID-58031, c03714148, c03735640, CERTA-2013-AVI-142, CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, FEDORA-2013-2764, FEDORA-2013-2813, HPSBUX02857, HPSBUX02867, IC90659, javacpufeb2013update, KLYH95CMCJ, MDVSA-2013:014, MDVSA-2013:095, openSUSE-SU-2013:0375-1, openSUSE-SU-2013:0378-1, RHSA-2013:0273-01, RHSA-2013:0274-01, RHSA-2013:0275-01, RHSA-2013:0531-01, RHSA-2013:0532-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SB10041, SSRT101103, SUSE-SU-2013:0328-1, SUSE-SU-2013:0440-1, SUSE-SU-2013:0440-4, SUSE-SU-2013:0440-6, SUSE-SU-2013:0456-1, SUSE-SU-2013:0456-2, SUSE-SU-2013:0456-3, SUSE-SU-2013:0456-4, SUSE-SU-2013:0701-2, swg21627634, swg21633311, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12437, ZDI-13-040, ZDI-13-041, ZDI-13-042.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle JRE and JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-58031, CVE-2013-1487]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-58029, CVE-2013-1486]

An attacker can use a vulnerability of Proxy.newProxyInstance and setUncaughtExceptionHandler, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-58027, CVE-2013-1484, ZDI-13-040, ZDI-13-042]

An attacker can use a vulnerability of doPrivilegedWithCombiner, in order to alter information. [severity:2/4; BID-58028, CVE-2013-1485, ZDI-13-041]

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session (VIGILANCE-VUL-12374). [severity:1/4; BID-57778, CVE-2013-0169]
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2013-4720 CVE-2013-4721 CVE-2013-4746

TYPO3: vulnerabilities of extensions

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject code.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 19/02/2013.
Identifiers: BID-58054, BID-58055, BID-58056, BID-58057, BID-60939, BID-62013, CVE-2013-4720, CVE-2013-4721, CVE-2013-4746, CVE-2013-5322, CVE-2013-5323, CVE-2013-5569, TYPO3-EXT-SA-2013-003, TYPO3-EXT-SA-2013-004, TYPO3-EXT-SA-2013-005, VIGILANCE-VUL-12436.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in TYPO3 extensions.

An attacker can trigger an SQL injection in the CoolURI (cooluri) extension. [severity:2/4; BID-58055, CVE-2013-5322, TYPO3-EXT-SA-2013-003]

An attacker can trigger a Cross Site Scripting in the Static Info Tables (static_info_tables) extension. [severity:2/4; BID-58056, CVE-2013-5323, TYPO3-EXT-SA-2013-004]

An attacker can inject commands in the Fluid Extbase Development Framework (fed) extension. [severity:2/4; TYPO3-EXT-SA-2013-005]

An attacker can trigger an SQL injection in the WEC Discussion Forum (wec_discussion) extension. [severity:2/4; BID-58054, CVE-2013-4720, TYPO3-EXT-SA-2013-005]

An attacker can trigger an SQL injection in the RSS feed from records (push2rss_3ds) extension. [severity:2/4; CVE-2013-4721, TYPO3-EXT-SA-2013-005]

An attacker can trigger an SQL injection in the Slideshare (slideshare) extension. [severity:2/4; BID-62013, CVE-2013-5569, TYPO3-EXT-SA-2013-005]

An attacker can trigger an SQL injection and a Cross Site Scripting in the My quiz and poll (myquizpoll) extension. [severity:2/4; BID-58057, BID-60939, CVE-2013-4746, TYPO3-EXT-SA-2013-005]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-0288

nss-pam-ldapd: memory corruption via FD_SET

Synthesis of the vulnerability

An attacker can open several files with an application using nss-pam-ldapd, in order to stop the service, and possibly to execute code.
Severity: 2/4.
Creation date: 18/02/2013.
Identifiers: BID-58007, CVE-2013-0288, DSA-2628-1, DSA-2628-2, FEDORA-2013-2754, MDVSA-2013:106, openSUSE-SU-2013:0522-1, openSUSE-SU-2013:0522-2, openSUSE-SU-2013:0524-1, RHSA-2013:0590-01, VIGILANCE-VUL-12434.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The nss-pam-ldapd module processes the LDAP authentication.

The select() system call monitors events (read/write) on a list of file descriptors (a "fd_set").

A fd_set is an array containing FD_SETSIZE items. The FD_SET(fd, &the_fd_set) macro indicates that the file descriptor number "fd" has to be monitored in a fd_set. In order to do so, it sets a flag at index fd of the fd_set array.

An application which uses FD_SET() has to check that the number of the file descriptor is positive and inferior to FD_SETSIZE (otherwise FD_SET sets the flag outside the array). However, several nss-pam-ldapd does not perform this check. This error case occurs when several files are opened (fd >= FD_SETSIZE) or if an open operation failed (fd == -1).

An attacker can therefore open several files with an application using nss-pam-ldapd, in order to stop the service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2013-1125

Cisco Secure ACS, Prime: privilege elevation

Synthesis of the vulnerability

An authenticated attacker can use a vulnerability of the CLI (command-line interface), in order to execute a shell command with root privileges.
Severity: 2/4.
Creation date: 18/02/2013.
Identifiers: BID-58063, CSCud95790, CSCue46001, CSCue46013, CSCue46021, CSCue46023, CSCue46025, CSCue46031, CSCue46035, CSCue46042, CSCue46058, CVE-2013-1125, VIGILANCE-VUL-12433.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An authenticated attacker can use a vulnerability of the CLI (command-line interface), in order to execute a shell command with root privileges.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2013-1129

Cisco Unity Connection: denial of service via TCP

Synthesis of the vulnerability

An attacker can open several TCP sessions on Cisco Unity Connection, in order to deplete memory resources, to progressively create a denial of service.
Severity: 2/4.
Creation date: 18/02/2013.
Identifiers: CSCud59736, CVE-2013-1129, VIGILANCE-VUL-12432.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can open several TCP sessions on Cisco Unity Connection, in order to deplete memory resources, to progressively create a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2013-0871

Linux kernel: privilege elevation via PTRACE_SETREGS

Synthesis of the vulnerability

A local attacker can create a program using ptrace(), in order to alter the execution procedure, to elevate his privileges.
Severity: 2/4.
Creation date: 18/02/2013.
Identifiers: BID-57986, CERTA-2013-AVI-155, CERTA-2013-AVI-454, CVE-2013-0871, DSA-2632-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:0925-1, openSUSE-SU-2013:0927-1, RHSA-2013:0567-01, RHSA-2013:0621-01, RHSA-2013:0622-01, RHSA-2013:0661-01, RHSA-2013:0662-01, RHSA-2013:0695-01, RHSA-2013:0741-01, SUSE-SU-2013:0341-1, SUSE-SU-2013:0674-1, SUSE-SU-2013:0786-1, VIGILANCE-VUL-12431, VMSA-2013-0009, VMSA-2013-0009.2.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The systrace() system call tracks and controls the execution of a process. The PTRACE_GETREGS and PTRACE_SETREGS options obtain and change values in registers.

When a process receives the SIGKILL signal, it stops. However, when the schedule() function runs, if the tracer process alters registers with PTRACE_SETREGS, values which are unstacked contain an incorrect RIP (address of the next instruction).

A local attacker can therefore create a program using ptrace(), in order to alter the execution procedure, to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1173 1174 1175 1176 1177 1178 1179 1180 1181 1183 1185 1186 1187 1188 1189 1190 1191 1192 1193 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2930