The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert 5351

lynx: command injection with lynxcgi

Synthesis of the vulnerability

An attacker can run shell commands using lynxcgi, lynxexec or lynxprog.
Impacted products: Fedora, Mandriva Linux, Mandriva NF, RHEL, RedHat Linux, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 14/11/2005.
Identifiers: 20051101-01-U, 2005-2929, BID-15395, FEDORA-2005-1078, FEDORA-2005-1079, FLSA:152832, FLSA-2005:152832, iDefense Security Advisory 11.11.05, MDKSA-2005:211, RHSA-2005:839, RHSA-2005:839-01, VIGILANCE-VUL-5351.

Description of the vulnerability

The lynx program downloads web documents. It supports several extensions, such as uri like:
  lynxcgi:cgi_script
This extension is used to directly run a CGI script without connecting to a web server. The lynxexec and lynxprog features are similar.

An attacker can create a web document using a lynxcgi uri. The indicated script is then run when the web document is downloaded with lynx.

This vulnerability therefore permits to run code on computer of users using lynx to download a malicious document.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2005-2629 CVE-2005-2630 CVE-2005-3677

RealPlayer: several vulnerabilities

Synthesis of the vulnerability

An attacker can run code on computer of RealPlayer users.
Impacted products: Debian, Windows (platform) ~ not comprehensive, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 14/11/2005.
Identifiers: BID-15381, BID-15382, CERTA-2005-AVI-480, CVE-2005-2629, CVE-2005-2630, CVE-2005-3677, DSA-915-1, EEYEB-20050510, EEYEB-20050701, SUSE-SR:2005:026, VIGILANCE-VUL-5350.

Description of the vulnerability

The RealPlayer software displays multimedia documents. Three vulnerabilities were announced.

A video in Real Media format (.rm extension) leads to a stack overflow.

A RealPlayer skin (.rjs extension) leads to a heap overflow in dunzip32.dll DLL.

A skin containing a malicious image leads to memory corruption.

These overflow permit to execute code on user computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2005-3351

SpamAssassin: denial of service with a lot of To addresses

Synthesis of the vulnerability

An attacker can create an email stopping one SpamAssassin process in order to let the mail go through the filter.
Impacted products: Fedora, Mandriva Linux, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 10/11/2005.
Identifiers: 4570, BID-15373, CERTA-2005-AVI-457, CVE-2005-3351, FEDORA-2005-1065, FEDORA-2005-1066, MDKSA-2005:221, RHSA-2006:012, RHSA-2006:0129-01, SUSE-SR-2005:027, VIGILANCE-VUL-5349.

Description of the vulnerability

When an email is analyzed, SpamAssassin converts recipient list (To header) to a regular expression.

However, if email contains numerous recipients, this regular expressions becomes too complex and Perl stops. If this email contains spam, it is not detected.

This vulnerability therefore permits an attacker to create spam emails which are not blocked by SpamAssassin.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2005-3354

Sylpheed: buffer overflow of ldif_get_line

Synthesis of the vulnerability

An attacker can create a malicious LDIF file leading to code execution on computers of users opening it with Sylpheed.
Impacted products: Debian, Fedora, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 10/11/2005.
Identifiers: BID-15363, CERTA-2005-AVI-452, CVE-2005-3354, DSA-906-1, DSA-908-1, FEDORA-2005-1063, SUSE-SR:2005:028, VIGILANCE-VUL-5348.

Description of the vulnerability

The Sylpheed program is a mail client.

The LDIF format (Lightweight Directory Interchange Format) is used to exchange data between two LDAP servers.

Sylpheed can import an address book in LDIF format. The ldif_get_line() function reads each line of file and stores them in an array of size LDIFBUFSIZE. However, size of line is not checked.

An attacker can therefore create a LDIF file containing lines too long, in order to cause an overflow leading to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2005-2709

Linux kernel: denial of service during unregistration of a network interface

Synthesis of the vulnerability

When a network interface is unregistered, a local attacker can cause a denial of service, and could execute privileged code.
Impacted products: Debian, Fedora, Linux, Mandriva Linux, RHEL, RedHat Linux.
Severity: 1/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 09/11/2005.
Identifiers: BID-15365, CERTA-2002-AVI-006, CVE-2005-2709, DSA-1017-1, DSA-1018-1, DSA-1018-2, FEDORA-2005-1067, FEDORA-2005-1104, FLSA:157459-2, FLSA-2006:157459-1, FLSA-2006:157459-2, FLSA-2006:157459-3, FLSA-2006:157459-4, MDKSA-2006:059, RHSA-2006:010, RHSA-2006:0101-01, RHSA-2006:014, RHSA-2006:0140-01, RHSA-2006:019, RHSA-2006:0190-01, RHSA-2006:0191-01, VIGILANCE-VUL-5347.

Description of the vulnerability

When a network interface is enabled, some configuration parameters are available through files containing booleans and located in directory:
  /proc/sys/net/ipv4/conf/interface_name

When an interface is unregistered, this tree is suppressed. However, if user has previously opened one of these files, and reads its contents after unregistration, kernel tries to access a memory area which has just been freed.

Kernel uses proc_handler field of ctl_table structure. If value of this field is invalid, kernel stops. If value of this field is set by attacker, allocating and initializing memory, malicious code can execute.

This vulnerability, which requires unregistration of an interface, therefore leads to a denial of service, and to code execution in some cases.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2005-2659

chmlib: buffer overflow of LZX decompression

Synthesis of the vulnerability

An attacker can create a malicious CHM file leading to code execution in chmlib.
Impacted products: Debian, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 09/11/2005.
Identifiers: BID-15338, CVE-2005-2659, DSA-886-1, VIGILANCE-VUL-5346.

Description of the vulnerability

Chmlib library supports Microsoft help files in CHM format.

When chmlib analyzes a CHM file, an overflow can occur during LZX decompression.

An attacker can therefore create a malicious CHM file and invite users of a software depending on chmlib to open it. Code then executes with rights of user.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2005-3564

HP-UX: privilege increase with envd

Synthesis of the vulnerability

A local attacker can use envd in order to increase his privileges.
Impacted products: HP-UX.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/11/2005.
Identifiers: BID-15359, c00547561, CVE-2005-3564, HPSBUX02073, SSRT051012, VIGILANCE-VUL-5345.

Description of the vulnerability

The envd daemon launches events when there is a hardware overheat.

Hewlett Packard announced a vulnerability in envd. Its technical details are unknown.

A local attacker can use this vulnerability to increase his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2005-3565

HP-UX: remote access with remshd

Synthesis of the vulnerability

An attacker can use remshd to remotely access system.
Impacted products: HP-UX.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 09/11/2005.
Identifiers: BID-15366, c00543854, CVE-2005-3565, HPSBUX02072, SSRT051014, VIGILANCE-VUL-5344.

Description of the vulnerability

The remshd daemon permits to remotely execute shell commands.

Hewlett Packard announced a vulnerability in remshd. Its technical details are unknown.

A network attacker can use this vulnerability to access system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2005-0803 CVE-2005-2123 CVE-2005-2124

Windows: several vulnerabilities of Graphics Rendering Engine

Synthesis of the vulnerability

Three vulnerabilities of Graphics Rendering Engine permit an attacker to run code on computer of users opening a malicious document.
Impacted products: Windows 2000, Windows 2003, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/11/2005.
Identifiers: BID-15352, BID-15356, CERTA-2005-AVI-445, CVE-2005-0803, CVE-2005-2123, CVE-2005-2124, EEYEB-20050329, EEYEB-20050901, MS05-053, VIGILANCE-VUL-5343, VU#134756, VU#300549, VU#433341.

Description of the vulnerability

The Windows Graphics Rendering Engine (GDI32.DLL) manages images in WMF (Windows Metafile) and EMF (Enhanced Metafile) formats. This engine has three vulnerabilities.

An attacker can create a WMF image containing a negative SetPaletteEntries field. This negative integer leads to allocation of a small memory area, which in turns leads to memory corruption. This vulnerability permits to run code (CAN-2005-2123).

An attacker can create several WMF or EMF images causing integer overflows. These vulnerabilities lead to code execution (CAN-2005-2124).

An attacker can create an EMF image stopping programs using GDI (CAN-2005-0803).

In order to cause these vulnerabilities, attacker has to convince user to see a malicious image: sent by email, view web site, etc.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2005-3560

ZoneAlarm: bypassing "OS Firewall"

Synthesis of the vulnerability

A local attacker can use ShowHTMLDialog() method to send data to a remote server, without detection by "OS Firewall" technology.
Impacted products: ZoneAlarm.
Severity: 1/4.
Consequences: data flow.
Provenance: user console.
Creation date: 08/11/2005.
Identifiers: BID-15347, CVE-2005-3560, VIGILANCE-VUL-5342.

Description of the vulnerability

The "OS Firewall" technology analyzes behavior of programs, and can forbid a program to send data to a remote computer. It blocks malicious programs such as viruses, backdoors or worms.

The mshtml.dll DLL provides ShowHTMLDialog() method. This method opens an HTML page. This HTML page can for example contain a Javascript program sending data to a remote web site.

However, "OS Firewall" does not detect this type of connection, and it allows program to send sensitive data to a remote server.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2892