The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability announce CVE-2006-0226

FreeBSD: IEEE 802.11 buffer overflow

Synthesis of the vulnerability

An attacker can broadcast a corrupted IEEE 802.11 beacon to execute code on a machine scanning for wireless networks.
Impacted products: FreeBSD.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: radio connection.
Creation date: 18/01/2006.
Identifiers: BID-16296, CERTA-2006-AVI-033, CVE-2006-0226, FreeBSD-SA-06:05.80211, VIGILANCE-VUL-5532.

Description of the vulnerability

The IEEE 802.11 network subsystem of FreeBSD implements the protocol negotiation used for wireless networking.

An integer overflow in the handling of corrupt IEEE 802.11 beacon or probe response frames when scanning for existing wireless networks can result in the frame overflowing a buffer.

An attacker can broadcast corrupted IEEE 802.11 beacon in order to run code on machines scanning for wireless networks.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2005-3106

Linux Kernel: denial of service by deadlock

Synthesis of the vulnerability

A race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
Impacted products: Debian, Fedora, Mandriva NF, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 17/01/2006.
Identifiers: CVE-2005-3106, DSA-922-1, FLSA-2006:157459-3, MDKSA-2006:072, RHSA-2006:010, RHSA-2006:0101-01, VIGILANCE-VUL-5531.

Description of the vulnerability

A race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-0035 CVE-2006-0036 CVE-2006-0037

Linuk Kernel: several denials of service

Synthesis of the vulnerability

The 2.6.15.1 version of the linux kernel corrects three vulnerabilities which permits to lead to a denial of service of the machine.
Impacted products: Linux.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/01/2006.
Identifiers: BID-16414, CVE-2006-0035, CVE-2006-0036, CVE-2006-0037, VIGILANCE-VUL-5529.

Description of the vulnerability

The version 2.6.15.1 of the linux kernel is available.

It corrects three vulnerabilities :
 - A missing validation of the "nlmsg_len" value in "netlink_rcv_skb()" can cause an infinite loop. This can be exploited by local users to cause a DoS by setting the value to 0.
 - An error in the PPTP NAT helper in the handling of inbound PPTP_IN_CALL_REQUEST packets can cause an error in offset calculation. This can be exploited to cause random memory corruption and can crash the kernel.
 - An error exists in the PPTP NAT helper when calculating offsets based on the difference between two pointers to the header. This can result in the wrong offset being used, which can potentially crash the kernel via illegal memory access.

This new version also corrects several other minor bugs.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2005-3658 CVE-2005-3659

Networker: several vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities have been discovered on networker. The first one permits to realize a denial of service, and the other two permit to run code.
Impacted products: NetWorker.
Severity: 1/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/01/2006.
Revision date: 18/01/2006.
Identifiers: BID-16275, CVE-2005-3658, CVE-2005-3659, iDefense Security Advisory 01.17.06, VIGILANCE-VUL-5528.

Description of the vulnerability

EMC Legato NetWorker is a cross-platform backup and recovery application.

Three vulnerabilities have been discovered on networker:
  - A denial of service by sending a malformed RPC request which leads to use of a NULL pointer.
  - Code execution on the machine due to a malformed RPC request which leads to overwriting of a portions of heap memory.
  - A third vulnerability similar to the previous one.

These three vulnerabilities are corrected by the last version of NetWorker.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2006-0236

Thunderbird: attached file type spoofing

Synthesis of the vulnerability

It is possible to trick user by spoofing the file extension of an attached file.
Impacted products: Mandriva Linux, Thunderbird.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: document.
Creation date: 17/01/2006.
Identifiers: 300246, BID-16271, CVE-2006-0236, MDKSA-2006:021, VIGILANCE-VUL-5527.

Description of the vulnerability

The Mozilla Thunderbird program is a mail client.

Due to a wrong display of attached files, it is possible, by using a combination of overly long filenames containing whitespaces and "Content-Type" headers, to spoof the file type. This manipulation modifies the associated file type icon too.

An attacker can thus trick the user by spoofing the type of and executable file.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2005-3126

antiword: symlink attack

Synthesis of the vulnerability

The use of temporary files in antiword permits symlink attack.
Impacted products: Debian.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 17/01/2006.
Identifiers: BID-16278, CVE-2005-3126, DSA-945-1, VIGILANCE-VUL-5526.

Description of the vulnerability

The antiword utility permits to convert word files to text and postscript files.

Two scripts used by antiword create temporary files.These files are created in an insecure fashion.

An attacker can use these temporary files to realize a symlink attack.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2006-0106

Wine: code execution exploiting WMF files vulnerability

Synthesis of the vulnerability

It is possible to exploit the WMF files vulnerability discovered for Windows to run code on the machine using wine.
Impacted products: Debian, Mandriva Linux, openSUSE.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: document.
Creation date: 17/01/2006.
Identifiers: CVE-2006-0106, DSA-954-1, MDKSA-2006:014, SUSE-SR:2006:002, VIGILANCE-VUL-5524.

Description of the vulnerability

The wine program is a Windows emulator on Unix systems.

The vulnerability discovered on WMF files on Windows permits to run code on a machine using Windows (VIGILANCE-VUL-5459). A bug in gdi/driver.c and gdi/printdrv.c permits to exploit this vulnerability on wine.

An attacker can thus run code with rights of wine on the machine.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2005-4238 CVE-2005-4518 CVE-2005-4519

Mantis: several vulnerabilities

Synthesis of the vulnerability

The version 0.19.4 of Mantis corrects several vulnerabilities.
Impacted products: Debian, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights, data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 17/01/2006.
Identifiers: CVE-2005-4238, CVE-2005-4518, CVE-2005-4519, CVE-2005-4520, CVE-2005-4521, CVE-2005-4522, CVE-2005-4523, CVE-2005-4524, DSA-944-1, VIGILANCE-VUL-5523.

Description of the vulnerability

Mantis environment manages application bugs, using a MySQL database and PHP generated webpages.

Several vulnerabilities are corrected in the version 0.19.4 of Mantis:
  CVE-2005-4238: web script or HTML injection due to missing input sanitising.
  CVE-2005-4518: bypass of the file upload size restriction.
  CVE-2005-4519: SQL injection.
  CVE-2005-4520: unspecified "port injection" vulnerabilities in filters.
  CVE-2005-4521: HTTP response splitting attacks.
  CVE-2005-4522: cross-site scripting vulnerabilities.
  CVE-2005-4523: leak of sensitive information via RSS feeds.
  CVE-2005-4524: private information leak.

This version corrects some other minor bugs.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2006-0227

Sun Solaris: data suppression and denial of service of lpsched

Synthesis of the vulnerability

A local unprivileged user have the ability to delete any file or disable the LP print service on a system configured as a print server.
Impacted products: Solaris, Trusted Solaris.
Severity: 1/4.
Consequences: data deletion, denial of service on service.
Provenance: user shell.
Creation date: 16/01/2006.
Identifiers: 102033, 6314243, 6314245, BID-16245, CVE-2006-0227, VIGILANCE-VUL-5522.

Description of the vulnerability

Sun Solaris can be configured as a print server.

Security vulnerabilities in lpsched(1M) may allow a local unprivileged user the ability to delete any file or disable the LP print service on a system configured as a print server.

Technicals details are unknown.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-0044

albatross: arbitrary code execution supplied by user via a template

Synthesis of the vulnerability

A design error permits a user to make a template execute code.
Impacted products: Debian.
Severity: 1/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 16/01/2006.
Identifiers: BID-16252, CVE-2006-0044, DSA-942-1, VIGILANCE-VUL-5521.

Description of the vulnerability

The Albatross program is a tools used to create web applications.

Due to a design error, a part of user supplied data is used as part of template execution.

An attacker can thus run code on the machine using Albatross by sending malicious data.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899