The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert CVE-2005-3788

CISCO ASA: denial of service of failover

Synthesis of the vulnerability

An attacker, with an access to LAN, can prevent the standby firewall to replace the active firewall.
Impacted products: ASA.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: LAN.
Creation date: 15/11/2005.
Identifiers: BID-15407, CSCsc34022, CSCsc47618, CVE-2005-3788, VIGILANCE-VUL-5361.

Description of the vulnerability

The ASA failover algorithm uses ARP requests to detect if the active firewall is up. When the active firewall fails, it does not answer to standby firewall, which thus decides to become active.

However, an attacker can send fake ARP replies to standby firewall. When the active firewall fails, the standby firewall still receives replies, and does not become active.

This vulnerability therefore permit an attacker, with access to the LAN, to conduct a denial of service when the active firewall fails.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2005-3347 CVE-2005-3348

phpSysInfo: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of phpSysInfo permit a remote attacker to conduct Cross Site Scripting, HTTP injections or local file inclusion attacks.
Impacted products: Debian, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/11/2005.
Identifiers: BID-15414, CERTA-2005-AVI-468, CVE-2005-3347, CVE-2005-3348, DSA-897-1, DSA-898-1, DSA-899-1, MDKSA-2005:212, VIGILANCE-VUL-5360.

Description of the vulnerability

The phpSysInfo program displays system information in HTML.

This program has three type of error:
 - the HTTP_ACCEPT_LANGUAGE can be used to include a file (variant of VIGILANCE-VUL-3626 vulnerability)
 - the sensor_program variable can be used to conduct a Cross Site Scripting attack (variant of VIGILANCE-VUL-4968 vulnerability)
 - the VERSION variable can be used to conduct a Cross Site Scripting attack
 - HTTP headers can be injected in url

An attacker can therefore obtain information, conduct a Cross Site Scripting attack, or inject HTTP data using phpSysInfo.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 5359

TCP: denial of service with optimistic acknowledgement

Synthesis of the vulnerability

An attacker can prematurely send acknowledgement packets to force remote TCP stack to increase its sending rate.
Impacted products: Juniper E-Series, Juniper J-Series, JUNOSe, Junos OS, NetScreen Firewall, ScreenOS, TCP protocol.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 14/11/2005.
Identifiers: BID-15468, PSN-2005-12-004, VIGILANCE-VUL-5359, VU#102014.

Description of the vulnerability

A TCP stack acknowledges received data by returning an acknowledgement number corresponding to the position of end of data. The remote TCP stack uses these numbers to compute bandwith and thus optimize its sending throughput.

An attacker can acknowledge data not yet received. The remote stack algorithm concludes that throughput rate can be increased.

An attacker can therefore force a remote computer to send numerous data, until eventually the saturation of its internet connection. There exists several attack variants.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2005-3781

Solaris: denial of service of in.named

Synthesis of the vulnerability

An attacker can overload in.named by sending numerous requests related to domain it is not authoritative for.
Impacted products: Solaris.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 14/11/2005.
Identifiers: 102030, 6315143, BID-15384, CVE-2005-3781, VIGILANCE-VUL-5358.

Description of the vulnerability

The configuration of a DNS server generally forbids queries coming from internet and destined to a domain for which the server is not authoritative for.

However, if in.named has IPv6 addresses in its cache, query for these addresses are not rejected. The DNS server even tries to resolve them by querying the root DNS servers.

An attacker can therefore overload in.named DNS server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2005-4158

sudo: privilege increase with PERLLIB, PERL5LIB and PERL5OPT

Synthesis of the vulnerability

An attacker, allowed to run sudo, can increase his privileges by setting PERLLIB, PERL5LIB and PERL5OPT variables.
Impacted products: Debian, Fedora, Mandriva Linux, Mandriva NF, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 14/11/2005.
Identifiers: BID-15394, CERTA-2005-AVI-495, CVE-2005-4158, DSA-946-1, DSA-946-2, FEDORA-2005-1147, MDKSA-2005:234, MDKSA-2006:159, SUSE-SR:2006:002, VIGILANCE-VUL-5357.

Description of the vulnerability

Command sudo permits administrator to delegate some privileges to users. Thus, an user can be allowed to run a command with high privileges.

The PERLLIB and PERL5LIB environment variable indicates directories where Perl modules are located. The PERL5OPT variable indicates Perl options.

As sudo does not filter these environment variables, an attacker can set them to alter the Perl script behavior.

A local attacker can therefore run code, with privileges of Perl scripts he is allowed to call from sudo.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2005-3779

HP-UX: privilege increase with xterm

Synthesis of the vulnerability

A local attacker can use xterm to increase his privileges.
Impacted products: HP-UX.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/11/2005.
Identifiers: BID-15412, c00555516, CVE-2005-3779, CVE-2006-2125-REJECT, HPSBUX02075, SSRT051074, VIGILANCE-VUL-5356.

Description of the vulnerability

The /usr/bin/X11/xterm command is installed suid root. A vulnerability affects xterm when following patches are installed:
  HP-UX B.11.00 : PHSS_32109
  HP-UX B.11.11 : PHSS_30791, PHSS_33589
  HP-UX B.11.23 : PHSS_31833, PHSS_32366

 This vulnerability permits a local attacker to increase his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2005-3570

Horde: Cross Site Scripting of error messages

Synthesis of the vulnerability

An attacker can use Horde to conduct a Cross Site Scripting attack.
Impacted products: Debian, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 14/11/2005.
Identifiers: BID-15409, CVE-2005-3570, DSA-914-1, VIGILANCE-VUL-5355.

Description of the vulnerability

The Horde environment proposes features permitting web application development.

Some horde error messages are created using original parameters. As these parameters are not sanitized, script code can be inserted.

An attacker can therefore inject script which will be executed in the context of web client connecting to Horde.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 5354

AIX: privilege increase with diagela.sh

Synthesis of the vulnerability

A local attacker can increase his privileges using diagela.sh script.
Impacted products: AIX.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 14/11/2005.
Identifiers: BID-1539, IY78800, IY78801, IY78926, VIGILANCE-VUL-5354.

Description of the vulnerability

Script /usr/lpp/diagnostics/bin/diagela.sh contains one vulnerability. Its technical details are unknown.

This vulnerability could be related to usage of shell commands without using their full absolute path.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2005-3325

ACID, BASE: SQL injection

Synthesis of the vulnerability

An attacker can use a malicious url leading to SQL injection in ACID or BASE.
Impacted products: Debian, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 14/11/2005.
Identifiers: BID-15199, CVE-2005-3325, DSA-893-1, VIGILANCE-VUL-5353.

Description of the vulnerability

The ACID program (Analysis Console for Intrusion Databases) analyzes logfiles in order to track intrusion attempts. The BASE program (Basic Analysis and Security Engine) if a fork of ACID.

The base_qry_main.php and acid_qry_main.php scripts do not correctly check their "sig" parameter. An attacker, with access to these scripts, can thus inject SQL code.

This vulnerability therefore permit an attacker to run SQL queries with rights of database user.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2005-3666 CVE-2005-3667 CVE-2005-3668

IPSec: vulnerabilities of some ISAKMP protocol implementations

Synthesis of the vulnerability

Several implementations of ISAKMP protocol are affected by the same vulnerabilities.
Impacted products: FW-1, VPN-1, ASA, Cisco Catalyst, IOS by Cisco, Cisco Router, Cisco VPN Concentrator, Debian, Fedora, Tru64 UNIX, HP-UX, Juniper E-Series, Juniper J-Series, JUNOSe, Junos OS, Mandriva Linux, NETASQ, NetBSD, openSUSE, Openswan, Solaris, RHEL, SEF, SGS, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 14.
Creation date: 14/11/2005.
Revision date: 22/11/2005.
Identifiers: 102040, 102246, 10310, 20060501-01-U, 273756, 273756/NISCC/ISAKMP, 6317027, 6348585, 68158, BID-15401, BID-15402, BID-15416, BID-15420, BID-15474, BID-15479, BID-15516, BID-15523, BID-17030, BID-17902, c00602119, CERTA-2005-AVI-458, CERTA-2005-AVI-504, CQ/68020, CSCed94829, CSCei14171, CSCei15053, CSCei19275, CSCei46258, CSCsb15296, CVE-2005-3666, CVE-2005-3667, CVE-2005-3668, CVE-2005-3669, CVE-2005-3670, CVE-2005-3671, CVE-2005-3672, CVE-2005-3673, CVE-2005-3674, CVE-2005-3675, CVE-2005-3732, CVE-2005-3733, CVE-2005-3768, CVE-2006-2298, DSA-965-1, FEDORA-2005-1092, FEDORA-2005-1093, FLSA:190941, FLSA-2006:190941, HPSBTU02100, HPSBUX02076, MDKSA-2006:020, NetBSD-SA2006-003, NISCC/ISAKMP/273756, PR/61076, PR/61779, PSN-2005-11-007, RHSA-2006:026, RHSA-2006:0267-01, SEF8.0-20051114-00, sk31316, SSRT050979, SUSE-SA:2005:070, SYM05-025, VIGILANCE-VUL-5352, VU#226364.

Description of the vulnerability

The IPSec protocol is used to create VPN. To create an IPSec tunnel, SA (Security Associations: algorithm, key size, etc.) has to be shared between both ends. The SA can be set by administrator, or automatically exchanged. In this later case, IKE protocol (Internet Key Exchange) is used. IKE is based on ISAKMP (and Oakley/Skeme). The ISAKMP protocol (Internet Security Association and Key Management Protocol) defines a generic frame (format and mechanism). ISAKMP uses two phases: setup a secure connection (phase1, main mode or aggressive mode), then this connection is used to exchange one or several SA (phase 2, quick mode). The aggressive mode uses less packets than main mode, and is therefore not recommended.

Several products incorrectly implement phase 1 of ISAKMP/IKEv1 protocol. They contain buffer overflow, format string or denial of service vulnerabilities.

Depending on products, these vulnerabilities lead to code execution or to a denial of service.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2900