The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

weakness announce CVE-2005-4585

Ethereal: denial of service of GTP

Synthesis of the vulnerability

An attacker can send malicious GTP packets in order to generate an infinite loop in Ethereal.
Severity: 2/4.
Creation date: 28/12/2005.
Identifiers: 20060201-01-U, BID-16076, CVE-2005-4585, ENPA-SA-00022, FEDORA-2005-000, RHSA-2006:015, RHSA-2006:0156-01, SUSE-SR:2006:004, VIGILANCE-VUL-5456.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Ethereal captures packets, in order to help administrator solving network problems.

When Ethereal captures a special GTP (GPRS Tunnelling Protocol) packet, an infinite loop occurs.

An attacker can therefore send a malicious GTP packet in order to conduct a denial of service of Ethereal.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2005-4552

Solaris: file corruption with slsmgr of PC Netlink 2.0

Synthesis of the vulnerability

During slsmgr usage, a local attacker can alter a file.
Severity: 1/4.
Creation date: 28/12/2005.
Identifiers: 102122, 6215629, BID-16059, CVE-2005-4552, VIGILANCE-VUL-5454.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Solaris PC NetLink software is used to interconnect Solaris and Windows computers.

The /opt/lanman/sbin/slsmgr program uses a temporary file in an insecure manner. A local attacker can create a symlink pointing to a system file. This file will be corrupted with temporary data.

An local attacker can thus use this vulnerability to alter a file with root rights.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2005-4552

Solaris: file corruption with slsadmin of PC Netlink 2.0

Synthesis of the vulnerability

During slsadmin usage, a local attacker can alter a file.
Severity: 1/4.
Creation date: 28/12/2005.
Identifiers: 102117, 6215631, BID-16059, CVE-2005-4552, VIGILANCE-VUL-5453.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Solaris PC NetLink software is used to interconnect Solaris and Windows computers.

The /etc/init.d/slsadmin script uses a temporary file in an insecure manner. A local attacker can create a symlink pointing to a system file. This file will be corrupted with temporary data.

An local attacker can thus use this vulnerability to alter a file with root rights.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2005-3345

rssh: privilege increase with rssh_chroot_helper

Synthesis of the vulnerability

A local attacker can increase his privileges using rssh_chroot_helper.
Severity: 2/4.
Creation date: 28/12/2005.
Identifiers: BID-16050, CVE-2005-3345, VIGILANCE-VUL-5452.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The rssh restricted shell is used with OpenSSH to limit access to scp or sftp.

The rssh_chroot_helper program is installed suid root and permits to create a chrooted environment.

However, a local attacker can use this program to chroot to arbitrary locations. He can thus:
 - create a hard link located in the environment, and linked to a suid root program
 - use ld preload to load a malicious library
The code in library is then run with root rights.

This vulnerability therefore permits a local attacker to gain root privileges.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2005-4268

cpio: memory corruption

Synthesis of the vulnerability

When creating a big archive, an overflow can occur in cpio.
Severity: 1/4.
Creation date: 28/12/2005.
Identifiers: 172669, BID-16057, CERTA-2006-AVI-006, CVE-2005-4268, FreeBSD-SA-06:03.cpio, MDKSA-2005:237, RHSA-2007:0245-02, RHSA-2010:0145-01, SUSE-SR:2006:010, VIGILANCE-VUL-5451, VMSA-2010-0013, VMSA-2010-0013.1, VMSA-2010-0013.2, VMSA-2010-0013.3.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The cpio program can be used to copy or transfer files, and to create archives.

When cpio creates archive of a file of more than 99999999 bytes, an overflow occurs in header creation. Indeed, size is stored under 8 digits only.

Thus, if cpio is called automatically, an attacker can conduct a denial of service or eventually run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2005-4549 CVE-2005-4550

Oracle AS: vulnerabilities of Discussion Forum Portlet

Synthesis of the vulnerability

An attacker can use Discussion Forum Portlet example to conduct a Cross Site Scripting attack or to read a file.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/12/2005.
Identifiers: 20051223-0, 20051223-1, BID-16048, CVE-2005-4549, CVE-2005-4550, SEC Consult SA-20051223-0, SEC Consult SA-20051223-1, VIGILANCE-VUL-5450.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several examples can be installed on Oracle application server.

The "Discussion Forum Portlet" example has several vulnerabilities:
 - the RowKeyValue parameter can be used to conduct a Cross Site Scripting attack
 - the forum message body can be used to conduct a Cross Site Scripting attack
 - the df_next_page parameter can be used to include a file in order to read its content
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2005-3660

Linux kernel: denial of service with socket pairs

Synthesis of the vulnerability

A local attacker can progressively use all system memory by creating numerous socket pairs.
Severity: 1/4.
Creation date: 23/12/2005.
Identifiers: BID-16041, CVE-2005-3660, iDefense Security Advisory 12.22.05, VIGILANCE-VUL-5449.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The socketpair() function permits to create a pair of connected sockets, used to create a bi-directional pipe between two processes. The setsockopt() function can be used to change send and receive buffer sizes.

An attacker can create a socket pair, define a big buffer size, and cause a process to enter a zombie state. In this case, memory buffer is not freed.

A local attacker can therefore progressively use all system memory.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2005-4505

McAfee VirusScan: program execution by naPrdMgr.exe

Synthesis of the vulnerability

An attacker can store a program on system, in order to make it run by naPrdMgr.exe.
Severity: 1/4.
Creation date: 23/12/2005.
Identifiers: BID-16040, CVE-2005-4505, VIGILANCE-VUL-5448.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The naPrdMgr.exe program periodically runs, with Local System rights:
  C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE

However, this path is not enclosed between quotes. When permissions permit it, an attacker can thus create a program with a short name:
  C:\Program.exe
  C:\Program Files\Network.exe

This program is then run with system rights.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2005-4499

Cisco ACS: incorrect management of RADIUS Downloadable ACL

Synthesis of the vulnerability

RADIUS Downloadable ACL are not securely sent by Cisco ACS.
Severity: 1/4.
Creation date: 22/12/2005.
Identifiers: 61965, BID-16025, CSCee92021, CSCef21184, CSCeh22447, CSCin79018, CSCsc89235, CVE-2005-4499, VIGILANCE-VUL-5447.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

When a Cisco PIX or Cisco VPN Concentrator user is authenticated, specific ACL can be applied. These ACL are transferred using a special user named "#ACSACL#-IP-uacl-random".

However :
 - this username is sent in clear
 - its password is the same as its name

An attacker can therefore capture the name and use it to authenticate on Cisco Secure Access Control Server Radius server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2005-3534

nbd: buffer overflow

Synthesis of the vulnerability

An attacker can send a long request in order to generate an overflow in nbd server.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/12/2005.
Identifiers: BID-16029, CVE-2005-3354-ERROR, CVE-2005-3534, DSA-924-1, FEDORA-2011-1097, FEDORA-2011-1108, SUSE-SR:2006:001, VIGILANCE-VUL-5446.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The nbd program (Network Block Device) creates a virtual block device on a remote computer. The client can then access it like for a local hard drive.

When server receives a request, it checks its size, but without checking header's size. An attacker can thus send a long request leading to an overflow.

This vulnerability therefore permits a remote attacker to run code on computer.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 515 516 517 518 519 520 521 522 523 525 527 528 529 530 531 532 533 534 535 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2926