The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert CVE-2013-0809

Oracle Java JRE: code execution via 2D

Synthesis of the vulnerability

An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer.
Impacted products: Fedora, HP-UX, Domino, Notes, Tivoli System Automation, WebSphere AS Traditional, WebSphere MQ, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 05/03/2013.
Identifiers: BID-58296, c03714148, c03725347, c03735640, CERTA-2013-AVI-163, CVE-2013-0809, FEDORA-2013-3467, FEDORA-2013-3468, HPSBUX02857, HPSBUX02864, HPSBUX02867, IC90659, KLYH95CMCJ, MDVSA-2013:021, MDVSA-2013:095, openSUSE-SU-2013:0430-1, openSUSE-SU-2013:0438-1, openSUSE-SU-2013:0509-1, RHSA-2013:0600-01, RHSA-2013:0601-01, RHSA-2013:0602-01, RHSA-2013:0603-01, RHSA-2013:0604-01, RHSA-2013:0605-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT101103, SSRT101156, SUSE-SU-2013:0434-1, SUSE-SU-2013:0701-1, SUSE-SU-2013:0701-2, SUSE-SU-2013:0710-1, swg21627634, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12481, VU#688246, ZDI-13-148.

Description of the vulnerability

An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer.



This vulnerability does not impact servers using Java.
Full Vigil@nce bulletin... (Free trial)

vulnerability 12480

IE, Opera: denial of service via localStorage

Synthesis of the vulnerability

An attacker can create a malicious web site, and invite the victim to display it, in order to quickly fill his hard drive, which leads to a denial of service.
Impacted products: IE, Opera.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: internet server.
Creation date: 04/03/2013.
Identifiers: VIGILANCE-VUL-12480.

Description of the vulnerability

The localStorage object of HTML 5 is used to store data (similar to cookies) on computers of users who browse the web site.

The size of this data is usually limited to 5 MB for each server (www.example.com). Moreover, the HTML5 standard also requires to limit the cumulated size for similar servers (www2.example.com, www3.example.com, etc.). However, this second limit is not implemented in Internet Explorer and Opera. An attacker can then use a lot of virtual domains, and store 5 MB per domain, in order to rapidly reach 1 GB (in 16 seconds on a Solid State Drive).

An attacker can therefore create a malicious web site, and invite the victim to display it, in order to quickly fill his hard drive, which leads to a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-0872 CVE-2013-0873 CVE-2013-0874

FFmpeg: several vulnerabilities

Synthesis of the vulnerability

An attacker can create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Impacted products: Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 04/03/2013.
Identifiers: BID-58237, BID-58240, BID-58287, CVE-2013-0872, CVE-2013-0873, CVE-2013-0874, CVE-2013-0875, CVE-2013-0876, CVE-2013-0877, CVE-2013-0878, CVE-2013-2276, CVE-2013-2277, VIGILANCE-VUL-12479.

Description of the vulnerability

The FFmpeg suite contains several libraries to process multimedia data.

However, several vulnerabilities impact FFmpeg.

An attacker can therefore create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-1493

Oracle Java JRE: code execution via 2D

Synthesis of the vulnerability

An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer.
Impacted products: Fedora, HP-UX, Domino, Notes, Tivoli System Automation, WebSphere AS Traditional, WebSphere MQ, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 04/03/2013.
Identifiers: BID-58238, c03714148, c03725347, c03735640, CERTA-2013-AVI-163, CVE-2013-1493, FEDORA-2013-3467, FEDORA-2013-3468, HPSBUX02857, HPSBUX02864, HPSBUX02867, IC90659, KLYH95CMCJ, MDVSA-2013:021, MDVSA-2013:095, openSUSE-SU-2013:0430-1, openSUSE-SU-2013:0438-1, openSUSE-SU-2013:0509-1, RHSA-2013:0600-01, RHSA-2013:0601-01, RHSA-2013:0602-01, RHSA-2013:0603-01, RHSA-2013:0604-01, RHSA-2013:0605-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT101103, SSRT101156, SUSE-SU-2013:0434-1, SUSE-SU-2013:0701-1, SUSE-SU-2013:0701-2, SUSE-SU-2013:0710-1, swg21627634, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12478, VU#688246, ZDI-13-142, ZDI-13-149.

Description of the vulnerability

An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer.

 The vulnerability is located in Color Management classes.

This vulnerability does not impact servers using Java.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-0931

RSA Authentication Agent: access via Quick PIN Unlock

Synthesis of the vulnerability

When the Quick PIN Unlock feature is enabled on RSA Authentication Agent for Microsoft Windows XP/2003, an attacker can unlock the screensaver using the PIN only, even if the timeout expired.
Impacted products: RSA Authentication Agent.
Severity: 1/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user console.
Creation date: 04/03/2013.
Identifiers: BID-58248, CERTA-2013-AVI-161, CVE-2013-0931, ESA-2013-012, VIGILANCE-VUL-12477.

Description of the vulnerability

The Quick PIN Unlock feature is used to rapidly unlock a screen.

This feature should only be available until a timeout expires. However, this timeout is not honored.

When the Quick PIN Unlock feature is enabled on RSA Authentication Agent for Microsoft Windows XP/2003, an attacker can therefore unlock the screensaver using the PIN only, even if the timeout expired.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-1016

MIT krb5: denial of service of KDC via PKINIT KDF

Synthesis of the vulnerability

An attacker can send a malformed packets to MIT krb5, in order to stop the KDC.
Impacted products: Fedora, MIT krb5, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 04/03/2013.
Identifiers: BID-58532, CERTA-2013-AVI-543, CVE-2012-1016, FEDORA-2013-3116, FEDORA-2013-3147, openSUSE-SU-2013:0498-1, openSUSE-SU-2013:0523-1, RHSA-2013:0656-01, USN-2310-1, VIGILANCE-VUL-12476.

Description of the vulnerability

The PKINIT (Public Key Cryptography for Initial Authentication) protocol allows the usage of an X.509 certificate or of a smart card, instead of a password. The PKINIT extension is enabled when the kdc.conf/krb5.conf configuration file contains pkinit_identity and pkinit_anchors.

The PKINIT format extension Draft 9 uses KDF (Key Derivation Functions). When the KDC receives a PKINIT Draft 9 query, the pkinit_server_return_padata() function of the plugins/preauth/pkinit/pkinit_srv.c file dereferences the "rep->u.dh_Info.kdfID" pointer. However, this pointer can be NULL.

An attacker can therefore send a malformed packets to MIT krb5, in order to stop the KDC.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-1635 CVE-2013-1643

PHP: file access via SOAP

Synthesis of the vulnerability

An attacker can use two vulnerabilities of the SOAP feature of PHP, in order to read or to write to a file.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, Solaris, PHP, RHEL, Slackware, SLES.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/02/2013.
Identifiers: BID-58224, BID-58766, CERTFR-2014-AVI-244, CVE-2013-1635, CVE-2013-1643, DSA-2639-1, FEDORA-2013-3891, FEDORA-2013-3927, MDVSA-2013:016, MDVSA-2013:114, openSUSE-SU-2013:1244-1, openSUSE-SU-2013:1249-1, RHSA-2013:1307-01, RHSA-2013:1615-02, RHSA-2013:1814-01, SSA:2013-081-01, SUSE-SU-2013:1285-1, SUSE-SU-2013:1285-2, SUSE-SU-2013:1317-1, SUSE-SU-2013:1351-1, VIGILANCE-VUL-12475.

Description of the vulnerability

The SOAP (Simple Object Access Protocol) feature is used to call methods on objects. The PHP interpreter implements SOAP, however this implementation is impacted by two vulnerabilities.

An attacker can use the soap.wsdl_cache_dir directive, in order to write a file outside the open_basedir directory. [severity:2/4; CVE-2013-1635]

An attacker can use an external entity, in order to read a server file. [severity:2/4; CVE-2013-1643]

An attacker can therefore use two vulnerabilities of the SOAP feature of PHP, in order to read or to write to a file.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-1133 CVE-2013-1134

Cisco Unified Communications Manager: denials of service

Synthesis of the vulnerability

A remote attacker can trigger two denials of service in Cisco Unified Communications Manager.
Impacted products: Cisco CUCM.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/02/2013.
Identifiers: 28034, BID-58219, BID-58221, CERTA-2013-AVI-157, cisco-sa-20130227-cucm, CSCtx43337, CSCub28920, CVE-2013-1133, CVE-2013-1134, VIGILANCE-VUL-12474.

Description of the vulnerability

Two vulnerabilities were announced in Cisco Unified Communications Manager.

An attacker can send a special UDP packet on a closed port, leading to an infinite loop. [severity:3/4; BID-58219, CSCtx43337, CVE-2013-1133]

An attacker can fill in the LBM (Location Bandwidth Manager) cache, in order to trigger a denial of service. [severity:3/4; BID-58221, CSCub28920, CVE-2013-1134]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-1135

Cisco Prime Central for HCS Assurance: denial of service via TLS

Synthesis of the vulnerability

An attacker can send a malformed TLS message to Cisco Prime Central for Hosted Collaboration Solution Assurance, in order to create an infinite loop.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 27/02/2013.
Identifiers: 28034, BID-58206, CERTA-2013-AVI-157, cisco-sa-20130227-hcs, CSCuc07155, CVE-2013-1135, VIGILANCE-VUL-12473.

Description of the vulnerability

The Cisco Prime Central for Hosted Collaboration Solution Assurance product listen with TLS on ports 9043/tcp and 9443/tcp.

However, a special message triggers an infinite loop.

An attacker can therefore send a malformed TLS message to Cisco Prime Central for Hosted Collaboration Solution Assurance, in order to create an infinite loop.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1776 CVE-2013-2776 CVE-2013-2777

Sudo: authenticating via ttyname

Synthesis of the vulnerability

A local attacker, who used Sudo during the last 5 minutes, can use Sudo on another terminal without authenticating, even if "tty_tickets" is configured.
Impacted products: Debian, Fedora, openSUSE, Solaris, RHEL, Slackware, Sudo, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/02/2013.
Identifiers: BID-58207, CERTA-2013-AVI-190, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, DSA-2642-1, FEDORA-2013-3270, FEDORA-2013-3297, MDVSA-2013:026, MDVSA-2013:054, openSUSE-SU-2013:0495-1, openSUSE-SU-2013:0503-1, RHSA-2013:1353-01, RHSA-2013:1701-02, SSA:2013-065-01, VIGILANCE-VUL-12472.

Description of the vulnerability

When a user authenticates on Sudo, a file is created in the /var/db/sudo/user directory. The Sudo program then looks at the file timestamp to check whether the last user authentication is recent (less than 5 minutes), in order to not request a new authentication.

When the "tty_tickets" configuration option is set, the /var/db/sudo/user directory contains one file for each terminal/tty. So, the password has to be entered in each terminal.

However, an attacker, who is located on the terminal B, can close the stdin, stdout and stderr. He can then open the device of the terminal A, and connect them to the file descriptors 0 to 2. This operation deceives the ttyname() function, which indicates that the attacker is located on terminal A.

A local attacker, who used Sudo during the last 5 minutes, can therefore use Sudo on another terminal without authenticating, even if "tty_tickets" is configured.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2892