The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability note CVE-2005-3885

Inkscape: file corruption with ps2epsi.sh

Synthesis of the vulnerability

A local attacker can create a symlink in order to overwrite a file with rights of ps2epsi.sh users.
Impacted products: Debian.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 07/12/2005.
Identifiers: BID-14522, CVE-2005-3885, DSA-916-1, VIGILANCE-VUL-5414.

Description of the vulnerability

The Inkscape program is a vector graphics editor. The ps2epsi.sh program converts a PostScript file to EPSI (Encapsulated PostScript Interchange).

During ps2epsi.sh usage, a temporary file named /tmp/tmpepsifile.epsi is used in an insecure manner.

A local attacker can therefore create a symlink in order to overwrite a file with rights of ps2epsi.sh users.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2005-3737

Inkscape: overflow of SVG image

Synthesis of the vulnerability

An attacker can create a malicious SVG image in order to execute code in Inkscape.
Impacted products: Debian, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 07/12/2005.
Identifiers: BID-15507, CVE-2005-3737, DSA-916-1, SUSE-SR:2005:028, VIGILANCE-VUL-5413.

Description of the vulnerability

The Inkscape program is a vector graphics editor.

An overflow occurs in Inkscape during import of a SVG (Scalable Vector Graphics) document with a long property.

This vulnerability permit an attacker to run code with rights of Inkscape users opening a malicious SVG image.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2005-3665 CVE-2005-4079

phpMyAdmin: file inclusion and Cross Site Scripting

Synthesis of the vulnerability

An attacker can use global variables to include a file or conduct a Cross Site Scripting attack under phpMyAdmin.
Impacted products: Debian, openSUSE, phpMyAdmin.
Severity: 1/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/12/2005.
Identifiers: BID-15735, BID-15761, CERTA-2005-AVI-484, CVE-2005-3665, CVE-2005-4079, DSA-1207-1, PMASA-2005-8, SUSE-SA:2006:004, VIGILANCE-VUL-5412.

Description of the vulnerability

The phpMyAdmin program is used to administer a MySQL database.

This program emulates the global variable management, needed when PHP register_globals directive is deactivated. Sensitive variables are blacklisted.

However, an attacker can overwrite import_blacklist variable to use his own variables.

An attacker can then include PHP interpreted files, or conduct Cross Site Scripting attacks.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2005-4093

SecureClient NGX: bypassing security policy

Synthesis of the vulnerability

An attacker, with a VPN access, can alter security policy of server.
Impacted products: VPN-1.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 07/12/2005.
Revision date: 15/12/2005.
Identifiers: BID-15757, CVE-2005-4093, VIGILANCE-VUL-5411.

Description of the vulnerability

When SecureClient connects to a server, it downloads the local.scv security policy. This policy indicates for example the necessary client configuration.

However, an attacker can replace this file by a less restrictive policy.

During connection, the attacker can therefore overwrite server policy, by his own policy.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2005-4077

libcurl: url overflow

Synthesis of the vulnerability

An attacker can generate an overflow in libcurl by inviting user download a special url.
Impacted products: curl, Debian, Fedora, Mandriva Linux, RHEL, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 07/12/2005.
Identifiers: 342339, 342696, BID-15756, CERTA-2005-AVI-482, CVE-2005-4077, DSA-919-1, FEDORA-2005-1129, FEDORA-2005-1130, FEDORA-2005-1136, FEDORA-2005-1137, MDKSA-2005:224, RHSA-2005:875, RHSA-2005:875-01, VIGILANCE-VUL-5410.

Description of the vulnerability

The libcurl library implements an HTTP client. The curl program uses this library.

When url size exceeds 256 characters, libcurl allocates two memory buffers of size equal to url's size.

However, two cases lead to an overflow of these buffers:
 - a malformed url leads to an overflow of one byte
 - an url starting with '?' leads to an overflow of two additional characters

When user downloads a malicious url, these overflow can lead to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2005-4068

AIX: vulnerability of umountall

Synthesis of the vulnerability

The umountall command has a vulnerability.
Impacted products: AIX.
Severity: 1/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 07/12/2005.
Identifiers: BID-15758, CVE-2005-4068, IY75283, IY75294, IY79485, VIGILANCE-VUL-5409.

Description of the vulnerability

The umountall command unmounts all file systems, excepted /, /proc, /usr and /var.

IBM announced a vulnerability in this command. Its technical details are unknown.

This vulnerability could result of a call to external commands, without using their full pathname. An attacker then could create a trojan with umount name in order to run code with rights of umountall user.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2005-4090

HP-UX: remote unauthorized access using IPSec

Synthesis of the vulnerability

A remote attacker can access system using IPSec.
Impacted products: HP-UX.
Severity: 4/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 07/12/2005.
Identifiers: BID-15759, c00574124, CVE-2005-4090, HPSBUX02082, SSRT051037, VIGILANCE-VUL-5408.

Description of the vulnerability

The IPSec.IPSEC2-KRN fileset adds support for IPSec protocol.

HP announced a vulnerability in IPSec permitting a remote attacker to access system. Its technical details are unknown.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2005-3191 CVE-2005-3192 CVE-2005-3193

Xpdf, gpdf, cups: several overflows

Synthesis of the vulnerability

An attacker can create a malicious PDF document leading to code execution on computer of users opening it with Xpdf, or its derivatives.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, Solaris, RHEL, RedHat Linux, Slackware, TurboLinux, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 06/12/2005.
Revision date: 06/01/2006.
Identifiers: 102972, 20051201-01-U, 20060101-01-U, 20060201-01-U, 6374946, advisory-20051207-2, BID-15721, BID-15725, BID-15726, BID-15727, BID-16143, CERTA-2005-AVI-483, CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, DSA-936-1, DSA-937-1, DSA-938-1, DSA-940-1, DSA-950-1, DSA-961-1, DSA-962-1, FEDORA-2005-027, FEDORA-2005-037, FEDORA-2005-1121, FEDORA-2005-1122, FEDORA-2005-1125, FEDORA-2005-1126, FEDORA-2005-1127, FEDORA-2005-1132, FEDORA-2005-1141, FEDORA-2005-1142, FEDORA-2005-1146, FEDORA-2005-1169, FEDORA-2005-1170, FEDORA-2005-1171, FLSA:152868, FLSA-2006:152868, FLSA-2006:175404, FLSA-2006:176751, iDefense Security Advisory 12.05.05, MDKSA-2006:003, MDKSA-2006:004, MDKSA-2006:005, MDKSA-2006:006, MDKSA-2006:008, MDKSA-2006:010, MDKSA-2006:011, MDKSA-2006:012, RHSA-2005:840, RHSA-2005:840-01, RHSA-2005:867, RHSA-2005:867-01, RHSA-2005:868, RHSA-2005:868-01, RHSA-2005:878, RHSA-2005:878-01, RHSA-2006:016, RHSA-2006:0160-01, SSA:2006-045-04, SSA:2006-045-09, SSA:2006-142-01, SUSE-SA:2006:001, SUSE-SR:2005:029, SUSE-SR:2006:001, SUSE-SR:2006:002, TLSA-2006-16, TLSA-2006-2, TLSA-2006-8, VIGILANCE-VUL-5407.

Description of the vulnerability

The Xpdf program is used to display PDF documents. Source code of this program is used in several softwares: gpdf, cups, etc.

This program has 4 vulnerabilities in functions:
  DCTStream::readBaselineSOF (CVE-2005-3191)
  DCTStream::readProgressiveSOF (CVE-2005-3191)
  StreamPredictor::StreamPredictor (CVE-2005-3192)
  JPXStream::readCodestream (CVE-2005-3193)

These vulnerabilities permit an attacker to conduct a denial of service or to run code with rights of Xpdf users.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2005-4080

IMP: several Cross Site Scripting

Synthesis of the vulnerability

An attacker can send malicious HTML emails in order to conduct Cross Site Scripting attacks.
Impacted products: Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 06/12/2005.
Identifiers: BID-15730, CVE-2005-4080, VIGILANCE-VUL-5406.

Description of the vulnerability

The IMP program (Internet Messaging Program) accesses IMAP or POP3 accounts, and displays the mailboxes on a web server.

The email messages are not correctly filtered. For example, HTML tags containing 0x00 (nul) character or Unicode attachments can be used to conduct Cross Site Scripting attacks.

An attacker can thus send an HTML email in order to run Javascript code in the web browser context.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2005-3807

Linux kernel: memory leak of VFS

Synthesis of the vulnerability

A local attacker can cause a memory leak in fasync_helper() of VFS.
Impacted products: Fedora, Linux, openSUSE.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 06/12/2005.
Identifiers: BID-15745, CVE-2005-3807, FLSA-2006:157459-3, FLSA-2006:157459-4, SUSE-SA:2005:067, SUSE-SA:2005:068, VIGILANCE-VUL-5405.

Description of the vulnerability

The virtual file system (VFS) is used between the physical system files and the kernel.

The fcntl_setlease() function calls fasync_helper(), but the associated memory is not freed.

A local attacker can thus generate filesystem activities leading to a memory leak in VFS.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2819