The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability note CVE-2006-5784 CVE-2006-5785

SAP Web AS: several vulnerabilities

Synthesis of the vulnerability

A remote attacker can read a file or generate a denial of service, and a local attacker can elevate his privileges.
Impacted products: SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: privileged access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 02/11/2006.
Revision date: 09/02/2007.
Identifiers: BID-20873, BID-20877, CVE-2006-5784, CVE-2006-5785, VIGILANCE-VUL-6274.

Description of the vulnerability

The SAP Application Server product has three vulnerabilities.

A remote attacker can read a file with rights of SAP. [severity:2/4; BID-20877, CVE-2006-5784]

A remote attacker can stop the enserver.exe process. [severity:2/4; BID-20873, CVE-2006-5785]

A local attacker can obtain privileges of the SAPServiceJ2E user under Windows 2000 pre-SP4, Windows XP pre-SP2 and Windows NT. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2006-5397

libX11: descriptor leak

Synthesis of the vulnerability

A file descriptor is unnecessarily opened in libX11, but permits an attacker to access a file.
Impacted products: Mandriva Linux, XOrg Bundle ~ not comprehensive, libX11.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 02/11/2006.
Identifiers: 8699, BID-20845, CVE-2006-5397, MDKSA-2006:199, VIGILANCE-VUL-6273.

Description of the vulnerability

The modules/im/ximcp/imLcIm.c file of libX11 manages input methods (generally used for Asian characters).

The XCOMPOSEFILE environment variable indicates the name of a file defining how to compose characters, by pressing several keys.

The file indicated by this variable is incorrectly opened twice in the XimCreateDefaultTree() function of imLcIm.c. The first file descriptor is never closed.

A local attacker can thus set XCOMPOSEFILE, then run a suid/sgid program linked with libX11 (such as xterm), in order to open the file, then to access its descriptor. The attacker can thus read its content.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2006-5718

phpMyAdmin: Cross Site Scripting of the error displaying script

Synthesis of the vulnerability

An attacker can use the error displaying script to inject HTML code in phpMyAdmin.
Impacted products: openSUSE, phpMyAdmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 02/11/2006.
Identifiers: BID-20856, CVE-2006-5718, PMASA-2006-6, SUSE-SA:2006:071, VIGILANCE-VUL-6272.

Description of the vulnerability

The phpMyAdmin program is used to administer a MySQL database. One of its script displays error messages.

However, this script does not check the character encoding used for the error message. An attacker can for example encode malicious data in UTF-7.

This vulnerability therefore permits an attacker to conduct a Cross Site Scripting attack.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-5721 CVE-2006-7160

Outpost Firewall: denial of service of SandBox

Synthesis of the vulnerability

A local attacker can send malicious data to the Sandbox driver in order to stop Outpost Firewall.
Impacted products: Outpost Firewall.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/11/2006.
Revision date: 16/11/2006.
Identifiers: BID-20860, BID-21097, CVE-2006-5721, CVE-2006-7160, VIGILANCE-VUL-6271.

Description of the vulnerability

The Outpost firewall has a sandbox to simulate the execution of programs. It is reachable via \Device\SandBox. This Sandbox uses the SSDT (System Service Descriptor Table) to hook (redirect) functions.

However, hooks for NtAssignProcessToJobObject, NtCreateKey, NtCreateThread, NtDeleteFile, NtLoadDriver, NtOpenProcess, NtProtectVirtualMemory, NtReplaceKey, NtTerminateProcess, NtTerminateThread, NtUnloadDriver and NtWriteVirtualMemory functions do not correctly check their parameters.

A local attacker can therefore create a program using these functions with malicious parameters, in order to stop the firewall.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2006-5663 CVE-2006-5664

Informix DS: vulnerabilities during the installation

Synthesis of the vulnerability

A local attacker can alter files during the installation of Informix DS.
Impacted products: Informix Server.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/11/2006.
Identifiers: 1247438, CVE-2006-5663, CVE-2006-5664, VIGILANCE-VUL-6270.

Description of the vulnerability

Two vulnerabilities can be used by a local attacker during the installation of several Informix products.

Permissions of installation scripts permit a local attacker to edit them, in order for example to insert a Trojan horse. [severity:1/4; CVE-2006-5663]

Temporary files are not created in a secure manner under /tmp, which permits a local attacker to use a symlink to force the corruption of another file. [severity:1/4; CVE-2006-5664]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-5619

Linux kernel: denial of service of /proc/net/ip6_flowlabel

Synthesis of the vulnerability

A local attacker can access to /proc/net/ip6_flowlabel in order to generate an infinite loop or to stop the system.
Impacted products: Debian, Linux, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, RHEL, SLES.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 02/11/2006.
Identifiers: BID-20847, CERTA-2006-AVI-478, CVE-2006-5619, DSA-1233-1, MDKSA-2007:002, MDKSA-2007:012, MDKSA-2007:025, RHSA-2007:0014-01, SUSE-SA:2006:079, VIGILANCE-VUL-6269.

Description of the vulnerability

The RFC 3697 proposes an IPv6 header named Flow Label to manage sessions. A session is then identified by the triplet {source address, destination address, flow label}. The label is stored on 20 bits.

The /proc/net/ip6_flowlabel file permits to obtain the labels in use. However, accessing to this file generates an infinite loop.

A local attacker can thus generate a denial of service on systems where IPv6 is activated.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2006-5654

Sun Java Web, AS, DS: denial of service of NSS

Synthesis of the vulnerability

A remote attacker can stop service by using a malicious SSLv2 session.
Impacted products: Oracle Directory Server, Oracle iPlanet Web Server, Sun AS.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 02/11/2006.
Revision date: 30/04/2007.
Identifiers: 102670, 102896, 6240422, 6289081, 6421471, BID-20846, CVE-2006-5654, VIGILANCE-VUL-6268, VU#594904.

Description of the vulnerability

The NSS libraries (Network Security Services) implement cryptographic features for SSL, TLS, PKCS, etc. Sun Java System Web Server, Sun ONE Application Server and Sun Java System Directory Server products use NSS.

The VIGILANCE-VUL-6770 bulletin describes a memory leak of NSS.

A remote attacker can use VIGILANCE-VUL-6770 vulnerability to stop services with SSLv2 activated.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2006-0436

HP-UX: vulnerability of su

Synthesis of the vulnerability

A local attacker can use a vulnerability of the su command in order to obtain root privileges.
Impacted products: HP-UX.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 02/11/2006.
Identifiers: c00591401, CVE-2006-0436, HPSBUX02091, SSRT061099, VIGILANCE-VUL-6267.

Description of the vulnerability

The su program permits users to execute a command with privileges of another user.

This program does not correctly check its input parameters. Technical details are unknown, but it could be a buffer overflow or a format string attack.

A local attacker can use this vulnerability to elevate his privileges on the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2006-4704

Visual Studio 2005, IE: code execution via WMI Object Broker

Synthesis of the vulnerability

A vulnerability of the WMI Object Broker ActiveX leads to code execution on user's computer.
Impacted products: IE, Visual Studio.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 02/11/2006.
Revision date: 09/11/2006.
Identifiers: 925674, 927709, BID-20843, CERTA-2006-AVI-479, CERTA-2006-AVI-544, CVE-2006-4704, MS06-073, VIGILANCE-VUL-6266, VU#854856, ZDI-06-047.

Description of the vulnerability

The WmiScriptUtils.dll DLL provides the WMI Object Broker ActiveX (WMIScriptUtils.WMIObjectBroker2). This ActiveX can be called from Internet Explorer.

However, this ActiveX is run in user's context instead of web page context. It can then do privileged operations.

An attacker can therefore create a HTML page containing this ActiveX in order to run code on user's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2006-5456

ImageMagick, GraphicsMagick: memory corruption of DCM and PALM

Synthesis of the vulnerability

An attacker can create a malicious DCM or PALM image leading to code execution on computers of ImageMagick or GraphicsMagick users.
Impacted products: Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, Slackware, SLES, TurboLinux, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 31/10/2006.
Identifiers: 20070201-01-P, BID-20707, CVE-2006-5456, DSA-1213-1, FEDORA-2006-1285, FEDORA-2006-1286, FEDORA-2007-1340, MDKSA-2006:193, RHSA-2007:0015-01, SSA:2007-066-06, SUSE-SA:2006:066, SUSE-SR:2007:003, TLSA-2007-5, VIGILANCE-VUL-6265.

Description of the vulnerability

The libMagick library implements various functions used by ImageMagick. The GraphicsMagick suite shares code with ImageMagick. Both suites have the same vulnerabilities.

The ReadDCMImage() function of coders/dcm.c file incorrectly manages DCM images. [severity:2/4]

The ReadPALMImage() function of coders/palm.c file incorrectly manages PALM images. [severity:2/4]

An attacker can therefore invite user to open a DCM/PALM image with ImageMagick/GraphicsMagick in order to run code on his computer.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2775