| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
History of vulnerabilities analyzed by Vigil@nce:
CHM lib: directory traversal
Synthesis of the vulnerability
An attacker can create a malicious CHM archive in order to force extract_chmLib to create files outside current directory.
Severity: 1/4.
Creation date: 08/08/2006.
Identifiers: BID-18511, CVE-2006-3178, DSA-1144-1, VIGILANCE-VUL-6060.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The CHM lib library manipulates Microsoft ITSS/CHM formats. The extract_chmLib program is an example provided with chmlib.
However, this program does not check if CHM archive contains '..', which permits an attacker to escape current directory.
This vulnerability thus permits an attacker to create files with rights of user of extract_chmLib.
Full Vigil@nce bulletin... (Free trial) |
ClamAV: buffer overflow of pefromupx
Synthesis of the vulnerability
An attacker can create a malicious UPX program in order to generate a denial of service or to run code on ClamAV.
Severity: 3/4.
Creation date: 07/08/2006.
Identifiers: BID-19381, CERTA-2006-AVI-336, CVE-2006-4018, DSA-1153-1, MDKSA-2006:138, SUSE-SA:2006:046, VIGILANCE-VUL-6059.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Programs can be packed in order to shrink their size and make their analyze more complex. ClamAV supports UPX packer (Ultimate Packer for eXecutables).
A program compacted with UPX can lead to a buffer overflow in pefromupx() function of libclamav/upx.c.
An attacker can therefore send a compacted program in order to run code or to generate a denial of service.
Full Vigil@nce bulletin... (Free trial) |
ISC DHCP: denial of service via DHCPDISCOVER
Synthesis of the vulnerability
An attacker can send a malicious DHCPDISCOVER packet in order to stop the ISC DHCP daemon version 2.
Severity: 1/4.
Creation date: 04/08/2006.
Identifiers: 380273, BID-19348, CVE-2006-3122, DSA-1143-1, VIGILANCE-VUL-6058.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The ISC DHCP daemon is available in versions 2 and 3. The version 2 is not maintained since year 2000, but a newly discovered vulnerability was published.
The DHCP protocol (RFC 2131 and 2132) uses several message types: DISCOVER, OFFER, REQUEST, DECLINE, etc. The DHCPOFFER type is used to answer a DHCPDISCOVER request.
The Client-identifier option indicates the unique identifier of the client. Its size is variable.
When the ISC DHCP server receives a DHCPDISCOVER message containing a Client-identifier option of exactly 32 bytes, an error occurs during the creation of the DHCPOFFER answer. This error stops server.
This vulnerability therefore permits a network attacker to generate a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Drupal: Cross Site Scripting of user_login
Synthesis of the vulnerability
An attacker can display a message in user_login() in order to conduct a Cross Site Scripting attack.
Severity: 2/4.
Creation date: 03/08/2006.
Identifiers: BID-19325, CVE-2006-4002, DRUPAL-SA-2006-011, DSA-1147-1, VIGILANCE-VUL-6057.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Drupal application permits to create a complete website from a customizable and administrable pattern. The user.module module provides user authentication.
The user_login() function of this module does not filter the welcome message before displaying it.
An attacker can therefore inject script which will be executed in the context of web client connecting to Drupal.
Full Vigil@nce bulletin... (Free trial) |
cfs: integer overflow
Synthesis of the vulnerability
By adding a file of over 2Gb on a CFS filesystem, an integer overflow occurs, which stops daemon.
Severity: 1/4.
Creation date: 03/08/2006.
Identifiers: 371076, BID-19320, CVE-2006-3123, DSA-1138-1, VIGILANCE-VUL-6056.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The CFS filesystem (Cryptographic File System) encrypts stored files.
However, when size of a file is over 2Go, an integer overflow occurs in dodecrypt() function.
A local attacker can thus stop the daemon in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial) |
LibTIFF: several vulnerabilities
Synthesis of the vulnerability
The LibTIFF library contains several vulnerabilities which could lead to code execution.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 02/08/2006.
Identifiers: 103160, 10326, 10332, 20060801-01-P, 20060901-01-P, 201331, 6451119, BID-19282, BID-19283, BID-19284, BID-19285, BID-19286, BID-19287, BID-19288, BID-19290, CERTA-2006-AVI-329, CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465, DSA-1137-1, FEDORA-2006-877, FEDORA-2006-878, FEDORA-2006-952, MDKSA-2006:136, MDKSA-2006:137, RHSA-2006:060, RHSA-2006:0603-01, RHSA-2006:0648-01, SSA:2006-230-01, SUSE-SA:2006:044, VIGILANCE-VUL-6055.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The LibTIFF library provides support for TIFF images (Tagged Image File Format). It contains several vulnerabilities.
Some malicious tags can lead to errors. [severity:3/4; BID-19287, CVE-2006-3465]
Several integer overflows can lead to errors. [severity:3/4; BID-19286, CVE-2006-3464]
An infinite loop can be generated in EstimateStripByteCounts(). [severity:3/4; BID-19284, CVE-2006-3463]
A heap overflow can occur in NeXT RLE. [severity:3/4; BID-19282, CVE-2006-3462]
A heap overflow can occur in PixarLog. [severity:3/4; BID-19290, CVE-2006-3461]
Several buffer overflow can occur in TIFFFetchShortPair() function. [severity:3/4; BID-19283, CERTA-2006-AVI-329, CVE-2006-3459]
A heap overflow can occur in TIFFScanLineSize() function. [severity:3/4; BID-19288, CVE-2006-3460]
These vulnerabilities therefore permit an attacker to conduct a denial of service or to run code with privileges of applications linked to LibTIFF.
Full Vigil@nce bulletin... (Free trial) |
Mantis: several Cross Site Scripting
Synthesis of the vulnerability
Several Cross Site Scripting can be exploited in Mantis.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 02/08/2006.
Identifiers: BID-16561, BID-17326, CVE-2006-0664, CVE-2006-0665, CVE-2006-0841, CVE-2006-1577, DSA-1133-1, VIGILANCE-VUL-6054.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Mantis environment manages application bugs, using a MySQL database and PHP generated webpages.
Several vulnerabilities are corrected in version 1.0.2 of Mantis:
- config_defaults_inc.php [severity:2/4; BID-16561, CVE-2006-0664]
- query_store.php, manage_proj_create.php [severity:2/4; CVE-2006-0665]
- view_all_set.php, manage_user_page.php, view_filters_page.php, proj_doc_delete.php [severity:2/4; CVE-2006-0841]
- view_all_set.php [severity:2/4; BID-17326, CVE-2006-1577]
Full Vigil@nce bulletin... (Free trial) |
VirusScan: code execution via Subscription Manager
Synthesis of the vulnerability
A remote attacker can execute code on system via McAfee products using the Subscription Manager ActiveX.
Severity: 3/4.
Creation date: 01/08/2006.
Revisions dates: 02/08/2006, 08/08/2006, 10/05/2007.
Identifiers: AD2006807, BID-19265, BID-23909, CVE-2006-3961, EEYEB-20060719, VIGILANCE-VUL-6053, VU#481212.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Subscription Manager ActiveX checks if user license of McAfee products is valid:
- McAfee AntiSpyware
- McAfee Internet Security Suite 2006
- McAfee Personal Firewall Plus
- McAfee Privacy Service
- McAfee SpamKiller
- McAfee VirusScan
- McAfee Wireless Home Network Security
This ActiveX, McSubMgr.dll, is "safe for scripting".
However, McSubMgr.dll contains several buffer overflows. An attacker can therefore create a malicious web document calling this ActiveX, and invite user to read it, in order to generate an overflow.
This vulnerability therefore permits an attacker to execute code on user's computer when a malicious web document is displayed.
Full Vigil@nce bulletin... (Free trial) |
Informix DS: several vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities of Informix Dynamic Server permit a local attacker to generate a denial of service or to execute code.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 01/08/2006.
Revision date: 16/08/2006.
Identifiers: 1242921, BID-19264, CVE-2006-3853, CVE-2006-3854, CVE-2006-3855, CVE-2006-3856, CVE-2006-3857, CVE-2006-3858, CVE-2006-3859, CVE-2006-3860, CVE-2006-3861, CVE-2006-3862, NISR02082006, NISR02082006A, NISR02082006B, NISR02082006C, NISR02082006D, VIGILANCE-VUL-6052.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Informix Dynamic Server product has 14 vulnerabilities. IBM's announce contains a detailed table, summarized below.
A buffer overflow can occur in DBINFO() function.
A buffer overflow can occur in LOTOFILE() function.
A buffer overflow can occur in FILETOCLOB() function.
An attacker can execute commands using dbimp and dbexp procedures.
A buffer overflow can occur under Windows when a long username is entered.
An attacker can execute commands using SET DEBUG FILE.
A buffer overflow can occur in SET DEBUG FILE.
A buffer overflow can occur in getname() function.
An attacker can elevate his privileges via "C code UDR".
Two similar denial of service can be generated.
User passwords are stored in plain text in shared memory.
Any user has permissions to create a database.
A buffer overflow can occur in ifx_file_to_file() function.
A buffer overflow can occur via SQLIDEBUG environment variable.
A local attacker can therefore generate a denial of service, execute code or obtain information.
Full Vigil@nce bulletin... (Free trial) |
Asterisk: denial of service
Synthesis of the vulnerability
An attacker can send numerous spoofed request in order to overload Asterisk.
Severity: 1/4.
Creation date: 01/08/2006.
Identifiers: 228, VIGILANCE-VUL-6051.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Asterisk PBX product implements the IAX2 protocol (Inter-Asterisk Exchange version 2) to transmit streaming over IP. This protocol uses the 4569/udp port.
An attacker, knowing an user name, can send numerous connection requests using this name. As UDP is used, each request can come from a different spoofed address. These requests can use all available resources.
This vulnerability therefore permits a remote attacker to generate a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Previous page Next page Direct access to page
1
21
41
61
81
101
121
141
161
181
201
221
241
261
281
301
321
341
361
381
401
421
441
461
481
501
521
541
561
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
601
621
641
661
681
701
721
741
761
781
801
821
841
861
881
901
921
941
961
981
1001
1021
1041
1061
1081
1101
1121
1141
1161
1181
1201
1221
1241
1261
1281
1301
1321
1341
1361
1381
1401
1421
1441
1461
1481
1501
1521
1541
1561
1581
1601
1621
1641
1661
1681
1701
1721
1741
1761
1781
1801
1821
1841
1861
1881
1901
1921
1941
1961
1981
2001
2021
2041
2061
2081
2101
2121
2141
2161
2181
2201
2221
2241
2261
2281
2301
2321
2341
2361
2381
2401
2421
2441
2461
2481
2501
2521
2541
2561
2581
2601
2621
2641
2661
2681
2701
2721
2741
2761
2781
2801
2821
2841
2861
2881
2901
2921
2927
|