The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

cybersecurity announce CVE-2006-1141

QmailAdmin: buffer overflow of PATH_INFO

Synthesis of the vulnerability

A network attacker can use a long uri in order to generate an overflow in QmailAdmin.
Severity: 2/4.
Creation date: 07/03/2006.
Identifiers: BID-16994, CERTA-2006-AVI-123, CVE-2006-1141, VIGILANCE-VUL-5674.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The qmail MTA can be administered through QmailAdmin web interface, which uses Apache.

The PATH_INFO environment variable is generated by Apache from uri of CGI. For example:
  http://server/cgi-prog/path
generates a PATH_INFO environment variable with a value of "/path".

The qmailadmin.c file stores the PATH_INFO variable in a fixed size array, without checking its size. An overflow can thus occur.

This vulnerability therefore permits an attacker to use a long uri in order to run code on server.
Full Vigil@nce bulletin... (Free trial)

computer threat alert 5673

Tomcat: vulnerabilities of snoop.jsp

Synthesis of the vulnerability

An attacker can call the snoop.jsp example in order to obtain information or conduct a Cross Site Scripting attack.
Severity: 1/4.
Creation date: 07/03/2006.
Identifiers: 38828, VIGILANCE-VUL-5673.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several examples can be installed with Tomcat:
  /jsp-examples/snp/snoop.jsp
  /jsp-examples/forward/forward.jsp
  etc.

The snoop.jsp example permits an attacker:
 - to obtain the real IP address of server
 - to conduct a Cross Site Scripting attack
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2006-1125

AVG: incorrect file permissions on updated file

Synthesis of the vulnerability

After an antivirus update, files can be accessed by all users.
Severity: 2/4.
Creation date: 06/03/2006.
Identifiers: BID-16952, CVE-2006-1125, VIGILANCE-VUL-5672.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The AVG antivirus software installs its files under following directories:
 - %ProgramFiles%\Grisoft\AVG
 - %windir%\system32\drivers
Permissions of these files do not allow a local user to alter them for example.

However, when this software is updated, permissions of new files become "Full Control" for "Everyone".

A local attacker can thus for example edit these files in order to alter the anti-virus behavior.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2006-0742

Linux kernel: denial of service via die_if_kernel

Synthesis of the vulnerability

A local attacker can generate a call to die_if_kernel() function in order to stop system.
Severity: 1/4.
Creation date: 06/03/2006.
Identifiers: 20060402-01-U, BID-16993, CERTA-2002-AVI-035, CVE-2006-0742, DSA-1097-1, DSA-1103-1, MDKSA-2006:059, RHSA-2006:043, RHSA-2006:0437-01, RHSA-2006:057, RHSA-2006:0575-01, SUSE-SA:2006:028, VIGILANCE-VUL-5671.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The "noreturn" attribute of gcc indicates that a call to the function ends the program, which means the code located after the call is never reached. For example:
  extern void exit(int) __attribute__((noreturn));

On IA64 processors, the die_if_kernel() function is incorrectly tagged as "noreturn", because this function returns when it is called in user mode. Thus the compiler optimizes and suppresses code located after the die_if_kernel() call.

This error leads to a denial of service, but the exact attack method is unknown.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2006-1044

LISTSERV: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities are present in LISTSERV, of which the worse one leads to code execution on the computer.
Severity: 3/4.
Creation date: 06/03/2006.
Identifiers: BID-16951, CVE-2006-1044, VIGILANCE-VUL-5670, VU#841132.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The LISTSERV mailing-list manager has a web administrative and archive interface.

Several vulnerabilities were announced in the web archive interface. The most grave leads to code execution.

This vulnerabilities therefore permit an attacker to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2006-1126 CVE-2006-1127 CVE-2006-1128

Gallery: several vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of Gallery permit an attacker to hide his address, to conduct a Cross Site Scripting attack or to delete files.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 06/03/2006.
Identifiers: BID-16940, BID-16948, BID-17051, CVE-2006-1126, CVE-2006-1127, CVE-2006-1128, VIGILANCE-VUL-5669.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Gallery program displays images as an album on a web server. It has 3 vulnerabilities.

An attacker can use X_FORWARDED_FOR to hide his IP address.

An attacker can use X_FORWARDED_FOR to conduct a Cross Site Scripting attack.

An attacker can use session cookies to delete a file.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2006-1092

Solaris: denial of service via pagedata of /proc

Synthesis of the vulnerability

A local attacker can access to /proc/pid/pagedata in order to use all available memory.
Severity: 1/4.
Creation date: 06/03/2006.
Identifiers: 102159, 6324745, 6330765, BID-16966, CVE-2006-1092, VIGILANCE-VUL-5668.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The /proc/pid/pagedata virtual file permits to track used memory pages.

When a user accesses this file, memory is allocated, but never freed. A local attacker can thus progressively use all system memory.

This vulnerability therefore permits a local attacker to conduct a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2006-0741

Linux kernel: denial of service of ELF on x86_64

Synthesis of the vulnerability

On a x86_64 processor, a local attacker can generate an infinite loop in the kernel.
Severity: 1/4.
Creation date: 02/03/2006.
Identifiers: BID-16925, CERTA-2002-AVI-035, CVE-2006-0741, DSA-1097-1, DSA-1103-1, FEDORA-2006-131, MDKSA-2006:059, MDKSA-2007:025, RHSA-2006:043, RHSA-2006:0437-01, RHSA-2006:049, RHSA-2006:0493-01, SUSE-SA:2006:028, VIGILANCE-VUL-5667.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Executable programs generally use ELF format (Executable and Linkable Format).

On a x86_64 processor, when an ELF program has an invalid entry, an infinite loop occurs in the kernel.

This vulnerability therefore permits a local attacker to conduct a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-0554

Linux kernel: information disclosure on XFS via ftruncate

Synthesis of the vulnerability

A local attacker can obtain sensitive information located on XFS.
Severity: 1/4.
Creation date: 02/03/2006.
Identifiers: BID-16921, CERTA-2002-AVI-035, CVE-2006-0554, DSA-1103-1, MDKSA-2006:059, MDKSA-2006:150, SGI bug 942658, SUSE-SA:2006:028, VIGILANCE-VUL-5666.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ftruncate() function truncates or extents size of a file.

On a XFS filesystem, this function sometimes incorrectly extents the size of the file. Data located at the end of file may thus contain sensitive information.

This vulnerability therefore permits a local attacker to obtain information.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2006-0555

Linux kernel: denial of service of NFS client

Synthesis of the vulnerability

A local attacker can stop system if it is a NFS client.
Severity: 1/4.
Creation date: 02/03/2006.
Identifiers: BID-16922, CERTA-2002-AVI-035, CVE-2006-0555, DSA-1103-1, FEDORA-2006-131, MDKSA-2006:059, MDKSA-2006:116, RHSA-2006:049, RHSA-2006:0493-01, SGI bug 946529, SUSE-SA:2006:028, VIGILANCE-VUL-5665.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The open() and fcntl() functions use flags to specify their behavior:
 - O_RDONLY : read only
 - O_CREATE : file creation
 - O_EXCL : creation of new file only
 - O_DIRECT : data is not stored in memory cache
 - etc.

When the system is a NFS client, a local attacker can use O_DIRECT to generate an error in nfs_get_user_pages() function. This error stops system.

This vulnerability therefore permits a local attacker to conduct a denial of service.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 534 535 536 537 538 539 540 541 542 544 546 547 548 549 550 551 552 553 554 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2930