The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability note CVE-2006-0146 CVE-2006-0147

PHP: vulnerabilities of script tests from ADOdb

Synthesis of the vulnerability

When ADOdb test scripts are available, an attacker can use them to run SQL queries or PHP commands.
Impacted products: Debian, PHP, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2006.
Identifiers: BID-16187, CERTA-2002-AVI-001, CERTA-2002-AVI-009, CERTA-2006-AVI-145, CVE-2006-0146, CVE-2006-0147, DSA-1029-1, DSA-1030-1, DSA-1031-1, Secunia Research 09/01/2006, VIGILANCE-VUL-5494.

Description of the vulnerability

The ADOdb abstraction layer is installed with PHP to provide a standard interface to access databases.

ADOdb includes several test scripts. Some of them are vulnerable:
 - server.php can be used to inject a SQL request
 - test/tmssql.php can be used to inject PHP code

These test scripts are notably installed with Mantis, PostNuke, Moodle and Cacti.

An attacker can therefore connect to a web server and use these scripts to increase his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2006-0151

sudo: privilege increase with PYTHONINSPECT

Synthesis of the vulnerability

An attacker, allowed to run sudo, can increase his privileges by setting the PYTHONINSPECT variable.
Impacted products: Debian, Mandriva Linux, Mandriva NF, openSUSE, Slackware, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: privileged access/rights.
Provenance: user shell.
Creation date: 10/01/2006.
Identifiers: BID-16184, CVE-2006-0151, DSA-946-1, DSA-946-2, MDKSA-2006:159, SSA:2006-045-08, SUSE-SR:2006:002, VIGILANCE-VUL-5492.

Description of the vulnerability

Command sudo permits administrator to delegate some privileges to users. Thus, an user can be allowed to run a command with high privileges.

The PYTHONINSPECT environment variable is used to interrupt a Python script in order to inspect it.

As sudo does not filter this environment variable, an attacker can set it to alter the Python script behavior.

A local attacker can therefore run code, with privileges of Python scripts he is allowed to call from sudo.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-0145

NetBSD, OpenBSD: reading memory with lseek

Synthesis of the vulnerability

A local attacker can use lseek to read kernel memory areas.
Impacted products: NetBSD, OpenBSD.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 09/01/2006.
Revision date: 03/02/2006.
Identifiers: BID-16173, CVE-2006-0145, NetBSD-SA2006-001, NetBSD Security Advisory 2006-001, VIGILANCE-VUL-5491.

Description of the vulnerability

The lseek() function is used to position the offset associated to a file descriptor:
  int lseek(int fd, int offset, int whence);

However, kernel does not correctly check offset's value. An attacker can thus use special offset values to read at other memory addresses.

This vulnerability therefore permits a local attacker to obtain sensitive information located in memory.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2005-4352

NetBSD, Linux: system time clock reset

Synthesis of the vulnerability

A local administrator can reset the clock when system is in secure level 2 or greater.
Impacted products: Linux, NetBSD.
Severity: 1/4.
Consequences: data creation/edition, denial of service on server.
Provenance: user shell.
Creation date: 09/01/2006.
Identifiers: BID-16170, CVE-2005-4352, NetBSD-SA2006-002, NetBSD Security Advisory 2006-002, rt-sa-2005-16, VIGILANCE-VUL-5490.

Description of the vulnerability

BSD-securelevels can be used to restrict access to some system features. For example, in level 2 or greater, administrator cannot lower system clock.

On Unix systems, time is between year 1901 (0x80000000, which is negative) and year 2038 (0x7FFFFFFF).

As the administrator is allowed to increase system clock, he can set it to the end of the counter with settimeofday(). Thus, it increments from 0x7FFFFFFF to 0x80000000. So it becomes year 1901.

Changing system clock can lead to unexpected behaviors, such as a denial of service or usage of expired certificates.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2006-0083

smstools: format string attack of syslog

Synthesis of the vulnerability

A format string attack via the use of syslog() function permits an attacker to run code on the machine.
Impacted products: Debian, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 09/01/2006.
Identifiers: CVE-2006-0083, DSA-930-1, DSA-930-2, VIGILANCE-VUL-5487.

Description of the vulnerability

The smstools program permits to send and receive messages using GSM modem.

The writelogfile() function is used several times in smstools. This function calls syslog() function without using a format string.
  syslog(severity,text);
in place of :
  syslog(severity,"%s",text);

This error permits an attacker to use a special string as parameter in order to execute code on computer, with smstools rights.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2006-0117 CVE-2006-0118 CVE-2006-0119

Domino, Notes: several vulnerabilities

Synthesis of the vulnerability

Lotus Domino/Notes version 6.5.5 corrects several vulnerabilities.
Impacted products: Domino, Notes.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/01/2006.
Identifiers: BFEY5SDN22, BID-16158, CERTA-2006-AVI-260, CVE-2006-0117, CVE-2006-0118, CVE-2006-0119, CVE-2006-0120, CVE-2006-0121, ECLD64PPZC, GPKS5YQGPT, GPKS6C9J67, HSAO6A3NZ3, HSAO6BNL6Y, JBUD6FMQST, JGAN6B6TZ3, JPAI6EEQ3D, JPIU68LQKN, KSPR66USSU, KSPR699NBP, LBRD645RQ5, LMEF6B8KWK, LORN67KUEU, LPEE6DMQWJ, LSPR63GNFS, MKIN67MQVW, MKIN693QUT, OABA6AYD3L, SFPN69ET56, THTO68YUBB, VDES66ELRA, VIGILANCE-VUL-5486, YNAI6B55QC.

Description of the vulnerability

Lotus Domino/Notes version 6.5.5 corrects several vulnerabilities:
 - GPKS6C9J67 : unknown vulnerability
 - HSAO6A3NZ3 : denial of service of HTTP
 - OABA6AYD3L, YNAI6B55QC : buffer overflow of CD to MIME
 - JPAI6EEQ3D : buffer overflow
 - JBUD6FMQST : denial of service of Directory Services
 - ECLD64PPZC : denial of service of Java
 - JPIU68LQKN : denial of service using a malicious attachment
 - THTO68YUBB : buffer overflow of MIME using a long To header
 - VDES66ELRA : denial of service of MIME to CD
 - JGAN6B6TZ3 : unknown vulnerability of Router
 - KSPR699NBP : denial of service of SMTP (VIGILANCE-VUL-5961)
 - LSPR63GNFS : denial of service of Router
 - BFEY5SDN22 : memory leak of SMIME
 - GPKS5YQGPT : unknown vulnerability
 - LMEF6B8KWK : memory corruption
 - MKIN67MQVW, MKIN693QUT : memory leaks of SSL
 - MKIN693QX4 : memory leak with X.509 certificate
 - HSAO6BNL6Y, KSPR66USSU : unknown vulnerability of web server
 - LBRD645RQ5 : denial of service
 - LORN67KUEU : denial of service of web server
 - LPEE6DMQWJ : denial of service of Amgr (VIGILANCE-VUL-5472)

This version also corrects several other bugs.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2006-0105

PostgreSQL: denial of service

Synthesis of the vulnerability

By sending a lot of connection requests, an attacker can force the "postmaster" to exit.
Impacted products: PostgreSQL.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 09/01/2006.
Identifiers: BID-16201, CERTA-2006-AVI-014, CERTA-2006-AVI-024, CVE-2006-0105, VIGILANCE-VUL-5485.

Description of the vulnerability

The postmaster program is the PostgreSQL multi-user database server.

On a Windows server using PostgreSQL, if too many connections are established at the same time, the postmaster quits, and has to be manually restarted to allow other users to connect to the database.

An attacker can thus realize a denial of service of the application by sending a lot of connections to the database.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 5484

ImageMagick: overflow of DisplayImageCommand

Synthesis of the vulnerability

An attacker can invite user to open a malicious picture with ImageMagick in order to run code on his computer.
Impacted products: Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 06/01/2006.
Identifiers: 345595, VIGILANCE-VUL-5484.

Description of the vulnerability

ImageMagick is a command line viewer and image converter.

The DisplayImageCommand function of libMagick allocate an array to store indexes. However, its size is not increased if the number of parameters augments. This error leads to an overflow.

This vulnerability permits an attacker to execute code with the right of the application using ImageMagick.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2005-3538 CVE-2005-3539

HylaFAX: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of HylaFAX can be used by an attacker to use the service or to run code.
Impacted products: Debian, Mandriva Linux, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/01/2006.
Identifiers: BID-16150, BID-16151, CERTA-2006-AVI-031, CVE-2005-3538, CVE-2005-3539, DSA-933-1, MDKSA-2006:015, VIGILANCE-VUL-5483.

Description of the vulnerability

HylaFAX is a program used to send and receive facsimiles.

This program has 3 vulnerabilities:
 - When PAM support is deactivated, all passwords are allowed (CVE-2005-3538).
 - The notify script does not sanitize its data before calling eval() function, which leads to code execution (CVE-2005-3539).
 - The faxrcvd script does not sanitize its data before calling eval() function, which leads to code execution (CVE-2005-3539).

These vulnerabilities can therefore be used by an attacker to use the service or to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2005-3656

mod_auth_pgsql2: several format string attacks

Synthesis of the vulnerability

Several format string attacks of mod_auth_pgsql2 can be used by an attacker to run code on Apache server.
Impacted products: Apache httpd, Debian, Fedora, Mandriva Linux, RHEL.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: internet client.
Creation date: 06/01/2006.
Revision date: 10/01/2006.
Identifiers: 177042, 20060101-01-U, BID-16153, CERTA-2006-AVI-020, CVE-2005-3656, DSA-935-1, FEDORA-2005-014, FEDORA-2005-015, FLSA-2006:177326, iDefense Security Advisory 01.09.06, MDKSA-2006:009, RHSA-2006:016, RHSA-2006:0164-01, VIGILANCE-VUL-5482.

Description of the vulnerability

The mod_auth_pgsql2 module manages Apache users authentication stored in a PostgreSQL database.

When this module logs its events, several format string attacks can occur.

For example, the ap_log_error() function is used without format string parameters. This function is indirectly used when an attacker enters an incorrect username.

This vulnerability therefore permits a network attacker to run code on the web server with Apache rights.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899