The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

weakness note 12461

SAP: vulnerability 1819543

Synthesis of the vulnerability

An unknown vulnerability was announced in SAP products.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: 1819543, DOC-8218, VIGILANCE-VUL-12461.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An unknown vulnerability was announced in SAP products.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2013-1362

Nagios: shell command execution via NRPE

Synthesis of the vulnerability

An attacker can request Nagios NRPE to execute a plugin with a special name, in order to execute a shell command on the server.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: CVE-2013-1362, FEDORA-2013-9836, FEDORA-2013-9848, MDVSA-2014:003, openSUSE-SU-2013:0621-1, openSUSE-SU-2013:0624-1, OSEC-2013-01, SUSE-SU-2013:1219-1, VIGILANCE-VUL-12460.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Nagios NRPE (Nagios Remote Plugin Executor) service executes plugins remotely.

The Bash shell interpreter supports the "$(command)" sequence to execute a command.

The src/nrpe.c file filters special characters, before executing a shell command. However, the sequence "$()" is not forbidden.

An attacker can therefore request Nagios NRPE to execute a plugin with a special name, in order to execute a shell command on the server.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-1763

Linux kernel: privilege elevation via NETLINK_SOCK_DIAG

Synthesis of the vulnerability

A local attacker can send a malicious message on a NETLINK_SOCK_DIAG socket, in order to execute code with kernel privileges.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: BID-58137, CERTA-2013-AVI-155, CERTA-2013-AVI-375, CVE-2013-1763, FEDORA-2013-3086, FEDORA-2013-3106, MDVSA-2013:176, openSUSE-SU-2013:0395-1, openSUSE-SU-2013:0824-1, RHSA-2013:0622-01, VIGILANCE-VUL-12459.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A NETLINK_SOCK_DIAG socket is used to obtain network information.

The SOCK_DIAG_BY_FAMILY message filters information depending on the socket family, which is indicated in the sdiag_family parameter. The __sock_diag_rcv_msg() function of the net/core/sock_diag.c file uses this parameter to search an array containing function pointers.

However, if this parameter is larger than AF_MAX (maximal index value for the family), the kernel uses a function located outside the sock_diag_handlers array. If the attacker previously stored code at this memory address, his code is executed.

A local attacker can therefore send a malicious message on a NETLINK_SOCK_DIAG socket, in order to execute code with kernel privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2012-4558

Apache httpd: Cross Site Scripting of mod_proxy_balancer

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: BID-58165, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CERTFR-2015-AVI-286, CVE-2012-4558, DSA-2637-1, FEDORA-2013-4541, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, VIGILANCE-VUL-12458.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache httpd mod_proxy_balancer module is used to balance the load between several mod_proxy services.

However, the manager interface of this module does not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2012-3499

Apache httpd: Cross Site Scripting of modules

Synthesis of the vulnerability

An attacker can trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: BID-58165, c03734195, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2012-3499, DSA-2637-1, FEDORA-2013-4541, HPSBUX02866, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, SSRT101139, VIGILANCE-VUL-12457.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache httpd service can use several modules.

However, the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules do not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-1821

Ruby: denial of service of REXML via entities

Synthesis of the vulnerability

An attacker can transmit malicious XML data to a Ruby REXML application, in order to force it to allocate large memory resources.
Severity: 2/4.
Creation date: 22/02/2013.
Identifiers: BID-58141, bulletinjul2015, CVE-2013-1821, DSA-2738-1, DSA-2809-1, FEDORA-2013-3037, FEDORA-2013-3038, MDVSA-2013:124, MDVSA-2013:200, openSUSE-SU-2013:0603-1, openSUSE-SU-2013:0614-1, RHSA-2013:0611-01, RHSA-2013:0612-01, RHSA-2013:1147-01, RHSA-2013:1185-01, SSA:2013-075-01, SUSE-SU-2014:0843-1, SUSE-SU-2014:0844-1, VIGILANCE-VUL-12456.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Ruby REXML parser processes XML data.

An XML entity (such as "&abc;") is used to define an alias of a text string.

However, if the same large entity is called several thousand times in an XML document, REXML consumes numerous resources to store the XML tree.

An attacker can therefore transmit malicious XML data to a Ruby REXML application, in order to force it to allocate large memory resources.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-0269

Ruby: denial of service via JSON

Synthesis of the vulnerability

An attacker can use JSON data, in order to force a Ruby application to progressively use all its memory.
Severity: 2/4.
Creation date: 22/02/2013.
Identifiers: CVE-2013-0269, FEDORA-2013-3050, FEDORA-2013-3052, openSUSE-SU-2013:0603-1, RHSA-2013:0686-01, RHSA-2013:0698-01, RHSA-2013:0699-01, RHSA-2013:0701-01, RHSA-2013:1147-01, RHSA-2013:1185-01, SSA:2013-075-01, VIGILANCE-VUL-12455.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The JSON format is used to represent a data structure, using text.

However, memory areas used to store data are never freed.

An attacker can therefore use JSON data, in order to force a Ruby application to progressively use all its memory.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2013-0349

Linux kernel: information disclosure via Bluetooth HIDP

Synthesis of the vulnerability

When the Linux kernel is compiled with the Bluetooth HIDP support, a local attacker can use the HIDPCONNADD ioctl in order to obtain a memory fragment.
Severity: 1/4.
Creation date: 22/02/2013.
Identifiers: BID-58112, CERTA-2013-AVI-269, CVE-2013-0349, DSA-2668-1, RHSA-2013:0744-01, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, VIGILANCE-VUL-12454.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Linux kernel can be compiled with the support of Bluetooth (HCONFIG_BT) and HIDP (CONFIG_BT_HIDP) (Human Interface Device Protocol).

The HIDPCONNADD ioctl adds a connection. The hidp_setup_hid() function of the net/bluetooth/hidp/core.c file configures it. However, if the requested device name contains more than 128 not-null characters, it copies data located after, until it finds a null ('\0') character.

When the Linux kernel is compiled with the Bluetooth HIDP support, a local attacker can therefore use the HIDPCONNADD ioctl in order to obtain a memory fragment.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2013-0337

nginx: log file reading

Synthesis of the vulnerability

A local attacker can read nginx log files, in order to obtain potentially sensitive information.
Severity: 1/4.
Creation date: 22/02/2013.
Identifiers: BID-58105, CVE-2013-0337, FEDORA-2013-2955, FEDORA-2013-2974, VIGILANCE-VUL-12453.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The nginx web server logs its events in the access.log file.

However, this file is created with the 0644 mode.

A local attacker can therefore read nginx log files, in order to obtain potentially sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness announce 12452

expat: file reading via an entity

Synthesis of the vulnerability

An attacker can transmit malicious XML data to an application linked to expat, in order to force it to include a file, which can then be returned to the attacker.
Severity: 2/4.
Creation date: 22/02/2013.
Identifiers: BID-58233, CVE-2013-0341-REJECT, swg22010778, VIGILANCE-VUL-12452.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature thus must be disabled to process XML data coming from an untrusted source.

However, by default, expat loads external entities. The configuration is thus vulnerable by default. It is the responsibility of the application to explicitly disable external entities.

An attacker can therefore transmit malicious XML data to an application linked to expat, in order to force it to include a file, which can then be returned to the attacker.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1175 1176 1177 1178 1179 1180 1181 1182 1183 1185 1187 1188 1189 1190 1191 1192 1193 1194 1195 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2930