The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability CVE-2014-3537

CUPS: privilege escalation via RSS

Synthesis of the vulnerability

An attacker, member of the lp group, can create a symbolic link, and then read the RSS feed of CUPS, in order to escalate his privileges.
Severity: 2/4.
Creation date: 21/07/2014.
Identifiers: 4450, CVE-2014-3537, DSA-2990-1, FEDORA-2014-8351, FEDORA-2014-9703, MDVSA-2014:151, MDVSA-2015:108, RHSA-2014:1388-02, USN-2293-1, VIGILANCE-VUL-15074.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The CUPS product offers a web service, with a RSS information feed.

RSS information originate from the /var/cache/cups/rss/ directory. However, an attacker member of the lp group can create a symbolic link in this directory pointing to an external file. This file is then read with root privileges, and displayed in the RSS feed.

By linking /var/run/cups/certs/0, an attacker can also gain privileges of the CUPS @SYSTEM group.

An attacker, member of the lp group, can therefore create a symbolic link, and then read the RSS feed of CUPS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2014-4954 CVE-2014-4955 CVE-2014-4986

phpMyAdmin: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/07/2014.
Revision date: 21/07/2014.
Identifiers: CERTFR-2014-AVI-330, CVE-2014-4954, CVE-2014-4955, CVE-2014-4986, CVE-2014-4987, MDVSA-2014:143, openSUSE-SU-2014:1069-1, PMASA-2014-4, PMASA-2014-5, PMASA-2014-6, PMASA-2014-7, VIGILANCE-VUL-15073.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in phpMyAdmin.

An attacker can trigger a Cross Site Scripting in Database Structure, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-4954, PMASA-2014-4]

An attacker can trigger a Cross Site Scripting in Database Triggers, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-4955, PMASA-2014-5]

An attacker can trigger a Cross Site Scripting in AJAX Confirmation Messages, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-4986, PMASA-2014-6]

An attacker can read the MySQL user list, in order to obtain sensitive information. [severity:2/4; CVE-2014-4987, PMASA-2014-7]
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2014-6064

McAfee Web Gateway: password hash disclosure

Synthesis of the vulnerability

An attacker, who is allowed to see the Accounts tab, can obtain the hash of administrators' passwords of McAfee Web Gateway, in order to perform a brute force.
Severity: 1/4.
Creation date: 18/07/2014.
Identifiers: CVE-2014-6064, SB10080, VIGILANCE-VUL-15072.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The McAfee Web Gateway product provides an administration interface.

However, the Accounts tab of this interface contains SHA1 hashes of administrator passwords.

An attacker, who is allowed to see the Accounts tab, can therefore obtain the hash of administrators' passwords of McAfee Web Gateway, in order to perform a brute force.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2014-5015

bozohttpd: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions in bozohttpd, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 18/07/2014.
Identifiers: CVE-2014-5015, DLA-490-1, NetBSD-SA2014-007, VIGILANCE-VUL-15071.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The NetBSD product offers a web service based on bozohttpd.

A ".htpasswd" file is used to filter the access to the directory where it is located. However, an attacker can use an access path especially build to be too long, so "path/.htpasswd" is truncated, and then ignored.

An attacker can therefore bypass access restrictions in bozohttpd, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-0231

Apache httpd: denial of service via mod_cgid

Synthesis of the vulnerability

An attacker, who is allowed to upload a malicious CGI script on the server, can block mod_cgid of Apache httpd, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 17/07/2014.
Identifiers: 1690185, 1695392, 7036319, c04686230, c04832246, CERTFR-2015-AVI-286, CVE-2014-0231, DSA-2989-1, FEDORA-2014-8742, FEDORA-2014-9057, HPSBUX03337, HPSBUX03512, JSA10685, MDVSA-2014:142, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0920-01, RHSA-2014:0921-01, RHSA-2014:0922-01, RHSA-2014:1019-01, RHSA-2014:1020-01, RHSA-2014:1021-01, RHSA-2014:1086-01, RHSA-2014:1087-01, RHSA-2014:1088-01, SSA:2014-204-01, SSRT102066, SSRT102254, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2299-1, VIGILANCE-VUL-15070.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The mod_cgid module of Apache httpd manages CGI scripts.

However, if a CGI script does not consume its standard input, the child process hangs indefinitely.

An attacker, who is allowed to upload a malicious CGI script on the server, can therefore block mod_cgid of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2014-3523

Apache httpd: memory leak via WinNT MPM

Synthesis of the vulnerability

An attacker can create a memory leak in WinNT MPM of Apache httpd, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 17/07/2014.
Identifiers: CVE-2014-3523, VIGILANCE-VUL-15069.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The WinNT MPM (Multi-Processing Module) is used when Apache httpd is installed on Windows.

However, the memory allocated to process some queries is never freed.

An attacker can therefore create a memory leak in WinNT MPM of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0117

Apache httpd: denial of service via mod_proxy

Synthesis of the vulnerability

An attacker can send a malicious query to mod_proxy of Apache httpd, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 17/07/2014.
Revision date: 22/07/2014.
Identifiers: CVE-2014-0117, FEDORA-2014-8742, FEDORA-2014-9057, MDVSA-2015:093, openSUSE-SU-2014:1044-1, RHSA-2014:0921-01, RHSA-2014:0922-01, SSA:2014-204-01, USN-2299-1, VIGILANCE-VUL-15068.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The mod_proxy module is used to configure Apache httpd as a proxy, in order to access to an internal web server.

However, when httpd is configured as a Threaded MPM, a Connection header containing only a semicolon triggers an infinite loop in the find_conn_headers() function, which allocates indefinitely memory.

An attacker can therefore send a malicious query to mod_proxy of Apache httpd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2014-0118

Apache httpd: denial of service via mod_deflate

Synthesis of the vulnerability

An attacker can send special data to Apache httpd with mod_deflate as an Input Filter, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 17/07/2014.
Identifiers: 1690185, 1695392, 7036319, c04686230, c04832246, CERTFR-2015-AVI-286, CVE-2014-0118, DSA-2019-131, DSA-2989-1, FEDORA-2014-8742, FEDORA-2014-9057, HPSBUX03337, HPSBUX03512, JSA10685, MDVSA-2014:142, MDVSA-2015:093, RHSA-2014:0920-01, RHSA-2014:0921-01, RHSA-2014:0922-01, RHSA-2014:1019-01, RHSA-2014:1020-01, RHSA-2014:1021-01, RHSA-2014:1086-01, RHSA-2014:1087-01, RHSA-2014:1088-01, SSA:2014-204-01, SSRT102066, SSRT102254, USN-2299-1, VIGILANCE-VUL-15067.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The mod_deflate module of Apache httpd compresses/uncompresses data.

The decompression of the HTTP body is for example enabled with:
  <Location /dav-area>
    SetInputFilter DEFLATE
  </Location>

However, in this case, special data lead to the consumption of several resources.

An attacker can therefore send special data to Apache httpd with mod_deflate as an Input Filter, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2014-0226

Apache httpd: buffer overflow of mod_status

Synthesis of the vulnerability

An attacker can generate a buffer overflow in mod_status of Apache httpd, in order to trigger a denial of service, and possibly to execute code.
Severity: 2/4.
Creation date: 17/07/2014.
Identifiers: 1690185, 1695392, 7036319, c04686230, c04832246, CERTFR-2015-AVI-286, CVE-2014-0226, DSA-2989-1, FEDORA-2014-8742, FEDORA-2014-9057, HPSBUX03337, HPSBUX03512, JSA10685, MDVSA-2014:142, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0920-01, RHSA-2014:0921-01, RHSA-2014:0922-01, RHSA-2014:1019-01, RHSA-2014:1020-01, RHSA-2014:1021-01, RHSA-2014:1086-01, RHSA-2014:1087-01, RHSA-2014:1088-01, SSA:2014-204-01, SSRT102066, SSRT102254, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2299-1, VIGILANCE-VUL-15066, ZDI-14-236.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The mod_status module can be enabled on Apache httpd:
  <Location /server-status>
    SetHandler server-status
    Require host example.com
  </Location>
Its access is usually restricted.

The ScoreBoard of httpd stores information related to current processes and sessions. The mod_status module reads the ScoreBoard. However, data are not correctly synchronized: when two queries are sent on /server-status and a normal page, the size of data (client, request, vhost) can be inconsistent.

An attacker can therefore generate a buffer overflow in mod_status of Apache httpd, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2014-4960

Joomla com_youtubegallery: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla com_youtubegallery, in order to read or alter data.
Severity: 2/4.
Creation date: 17/07/2014.
Identifiers: CVE-2014-4960, VIGILANCE-VUL-15065.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Joomla com_youtubegallery product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla com_youtubegallery, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1411 1412 1413 1414 1415 1416 1417 1418 1419 1421 1423 1424 1425 1426 1427 1428 1429 1430 1431 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2927