The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability 5565

Cisco VPN 3000: denial of service by crafted HTTP packets attack

Synthesis of the vulnerability

An attacker can force the VPN concentrator to reset and disconnect user by sending malicious HTTP packets.
Impacted products: Cisco VPN Concentrator.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 27/01/2006.
Identifiers: BID-16394, cisco-sa-20060126-vpn, CSCsb77324, VIGILANCE-VUL-5565.

Description of the vulnerability

Cisco VPN 3000 concentrators have a HTTP access configured as default.

If the HTTP access is configured on the concentrator, it is possible to send a malicious HTTP packet which resets the concentrator and causes the disconnection of the users.


An attacker can repeat this operation several times in order to prevent every new connection to the concentrator, and thus cause a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2005-4601

Imagemagick: commands shell injection in an image filename

Synthesis of the vulnerability

An attacker can run shell commands with the user's right by injecting these commands in an image's filename.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, Solaris, RHEL, Slackware.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user shell.
Creation date: 27/01/2006.
Identifiers: 10279, 20060301-01-U, 231321, 345238, 5106135, 6387973, 6387975, CERTA-2006-AVI-049, CVE-2005-4601, DSA-957-1, DSA-957-2, FEDORA-2007-1340, MDKSA-2006:024, RHSA-2006:017, RHSA-2006:0178-01, SSA:2006-045-03, SUSE-SR:2006:006, VIGILANCE-VUL-5564.

Description of the vulnerability

ImageMagick is a command line viewer and image converter.

The InvokeDelegate() function of the delegate.c file in imagemagick call the filename of the viewed file. No control is done on the characters used in the filename which permits to run shell commands with the rights of the user viewing the image.

An attacker can thus execute commands on the machine by inviting a user to open images with imagemagick.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2005-3973 CVE-2005-3974 CVE-2005-3975

drupal: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities have been discovered in drupal, which permit a remote attacker to bypass access controls, realize cross-site scripting attacks or run HTML code.
Impacted products: Debian, Drupal Core.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/01/2006.
Identifiers: CVE-2005-3973, CVE-2005-3974, CVE-2005-3975, DSA-958-1, VIGILANCE-VUL-5563.

Description of the vulnerability

The drupal application permits to create a complete website from a customizable and administrable pattern.

Several vulnerabilities have been discovered:
 - several pages are vulnerable to cross-site scripting attacks,
 - when drupal is used with PHP5, privileges management is not correctly done,
 - it is possible to execute web scripts or HTML code in files with .gif or .jpeg extensions.

These vulnerabilities permit an attacker to run code or bypass access controls.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 5562

Cisco IOS: command execution with tclsh

Synthesis of the vulnerability

A local attacker can use tclsh to bypass AAA restrictions or to execute privileged commands.
Impacted products: IOS by Cisco, Cisco Router.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 27/01/2006.
Identifiers: 68840, BID-16383, CSCef77770, CSCeh73049, CSCsd28570, VIGILANCE-VUL-5562.

Description of the vulnerability

The tclsh shell (Tool Command Language) is used to create programs in Tcl language, in order to provide advanced features. Its implementation in IOS has 2 vulnerabilities.

The tclsh shell does not check the AAA policy, which permits an attacker to run forbidden commands (CSCeh73049).

When a user does not end his session with tclquit, the tclsh process stays active and available for the next connecting user (CSCef77770).

A local attacker can therefore use tclsh to bypass AAA restrictions or to execute commands with privileges of previous users.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2005-0106

Perl: usage of an insecure entropy source in Net-SSLeay

Synthesis of the vulnerability

A local attacker can provide an entropy source to programs using Net::SSLeay when the EGD_PATH environment variable is undefined.
Impacted products: Mandriva Linux.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: user shell.
Creation date: 27/01/2006.
Identifiers: CVE-2005-0106, MDKSA-2006:023, VIGILANCE-VUL-5561.

Description of the vulnerability

The Perl module Net::SSLeay implements cryptographic functionalities required by the SSL protocol.

The egd daemon is an alternative entropy source which exchanges data with the help of an Unix socket. This daemon can be used by Net::SSLeay.

The EGD_PATH environment variable of Net::SSLeay indicates the path to the socket. When this variable is undefined, Net::SSLeay uses /tmp/entropy.

However, if egd is not used by the system, a local attacker can beforehand create the socket /tmp/entropy and then partially predicate future random data generated by Net::SSLeay.

This vulnerability could thus permit a local attacker to read or modify a SSL session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-0043

Nfs-server: code execution as root user

Synthesis of the vulnerability

A buffer overflow permits a NFS user to run code on the machine as root.
Impacted products: Debian, openSUSE.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 26/01/2006.
Identifiers: BID-16388, CERTA-2006-AVI-050, CVE-2006-0043, DSA-975-1, SUSE-SA:2006:005, VIGILANCE-VUL-5559.

Description of the vulnerability

NFS is the network sharing protocol on Unix systems.

In the realpath() function used by the rpc.mountd service, the size allowed to the buffer is insufficient which cause a buffer overflow.

If an attacker can create a symlink on a filesystem used by rpc.mountd, he can easily run code on the machine
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2006-0353

lshd: denial of service and session keys cracking

Synthesis of the vulnerability

A local attacker can easily realize a denial of service of lshd and potentially crack session key of other users.
Impacted products: Debian.
Severity: 1/4.
Consequences: data reading, denial of service on service.
Provenance: user shell.
Creation date: 26/01/2006.
Identifiers: CVE-2006-0353, DSA-956-1, VIGILANCE-VUL-5556.

Description of the vulnerability

The lshd server implements the SSH2 secure protocol.

Some files used by lshd to store information about users session keys are available for users connected on the server via lsh. These files can be read or corrupted.

A local attacker can thus prevent the server from starting or try to decrypt session key using information stored in these files.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2006-0381

FreeBSD, NetBSD: denial of service of pf

Synthesis of the vulnerability

If pf is configured to use 'scrub fragment crop' or 'scrub fragment drop-ovl' rules, an attacker can send a carefully crafted sequence of IP packet fragments to cause a denial of service of pf.
Impacted products: FreeBSD, NetBSD.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 25/01/2006.
Identifiers: BID-16375, CERTA-2006-AVI-045, CVE-2006-0381, FreeBSD-SA-06:07.pf, NetBSD-SA2006-004, VIGILANCE-VUL-5555.

Description of the vulnerability

The pf tool is an IP packet filter originally written for OpenBSD.

When the 'scrub fragment crop' or 'scrub fragment drop-ovl' rules are used, an error in the pf cache management can result in a duplicate insertion of an IP packet and cause pf to crash.

An attacker can thus send a carefully crafted sequence of IP packet fragments to cause a denial of service of pf.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2006-0379 CVE-2006-0380

FreeBSD: copy of data potentially sensitive in the "userland"

Synthesis of the vulnerability

Two bugs have been discovered which permit an user to read data which were not addressed to him.
Impacted products: FreeBSD.
Severity: 1/4.
Consequences: privileged access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/01/2006.
Identifiers: BID-16373, CERTA-2006-AVI-044, CVE-2006-0379, CVE-2006-0380, FreeBSD-SA-06:06.kmem, VIGILANCE-VUL-5554.

Description of the vulnerability

Two vulnerabilities have been discovered in the "userland" managing of FreeBSD.

 - Data coming from the kernel stack are not completely initialized before being copied in "userland".
 - Too much data are copied in the "userland", due to an error in the buffer size.

These two vulnerabilities permit an attacker to read information potentially sensitive.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2005-3334

Flyspray: cross-site scripting attack into the index page

Synthesis of the vulnerability

The index page is vulnerable to cross-site scripting attacks.
Impacted products: Debian.
Severity: 2/4.
Consequences: client access/rights.
Provenance: internet client.
Creation date: 25/01/2006.
Identifiers: CVE-2005-3334, DSA-953-1, VIGILANCE-VUL-5553.

Description of the vulnerability

The flyspray application is a bug tracking tool.

The index page (index.php) is vulnerable to cross-site scripting attacks.

An attacker can thus invite a user to run code on the index page of flyspray.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2900