The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability CVE-2006-6171

ProFTPD: code execution via CommandBufferSize

Synthesis of the vulnerability

A vulnerability in the command line management of ProFTPD may permit a remote attacker to execute code.
Impacted products: Debian, Mandriva Linux, ProFTPD, Slackware, TurboLinux.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/11/2006.
Revisions dates: 20/11/2006, 22/11/2006, 28/11/2006.
Identifiers: BID-20992, CVE-2006-5815-ERROR, CVE-2006-6171, DSA-1218-1, DSA-1222-1, DSA-1222-2, MDKSA-2006:217, MDKSA-2006:217-1, MDKSA-2006:217-2, OpenPKG-SA-2006.035, SSA:2006-335-02, TLSA-2006-41, VIGILANCE-VUL-6305.

Description of the vulnerability

The CommandBufferSize directive of ProFTPD configuration file indicates the maximal size of FTP commands.

However, this value is not always taken into account: some arrays have a fixed size of 512 bytes.

When administrator defines this value to over 512, an overflow can occur. Indeed, if the defined value is 1024, attacker can use a command line of 1000 characters which will be written in a 512 bytes array.

This vulnerability may therefore permit a remote attacker to execute code. Currently, this vulnerability is not exploitable.

This vulnerability is not the same as VIGILANCE-VUL-6334 (vd_proftpd.pm).
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2006-5864

GNU gv: buffer overflow of ps_gettext

Synthesis of the vulnerability

An attacker can create a malicious PostScript document leading to code execution on computers of users accepting to open it.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 09/11/2006.
Revision date: 14/11/2006.
Identifiers: BID-20978, CVE-2006-5864, DSA-1214-1, DSA-1243-1, FEDORA-2006-1437, FEDORA-2006-1438, MDKSA-2006:214, MDKSA-2006:214-1, SUSE-SR:2006:026, SUSE-SR:2006:028, SUSE-SR:2006:029, VIGILANCE-VUL-6304, VU#352825.

Description of the vulnerability

The gv program of GNU displays PostScript documents.

When a PostScript document contains a "%%DocumentMedia:" field longer than 256 characters, an overflow occurs in the ps_gettext() function. Other fields, such as DocumentPaperSizes, PageMedia et PaperSize, can also be attack vectors.

This vulnerability therefore permits an attacker to execute code on computers of gv users opening a malicious PostScript file.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2006-5824

FreeBSD: denial of service of ffs_rdextattr

Synthesis of the vulnerability

A local attacker can mount a malicious UFS image to generate a denial of service or to execute code.
Impacted products: FreeBSD.
Severity: 1/4.
Consequences: user access/rights, denial of service on server.
Provenance: user shell.
Creation date: 09/11/2006.
Identifiers: CVE-2006-5824, MOKB-08-11-2006, VIGILANCE-VUL-6303.

Description of the vulnerability

The UFS filesystem is used by FreeBSD.

When a local attacker mounts a malformed UFS filesystem, an integer overflow occurs in the ffs_rdextattr() function.

This error generally leads to system stop, and can lead to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2006-5782

OpenView CCM: command execution

Synthesis of the vulnerability

A network attacker can execute commands on HP OpenView Client Configuration Manager.
Impacted products: OpenView.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 09/11/2006.
Identifiers: BID-20971, c00795552, CERTA-2006-AVI-489, CVE-2006-5782, HPSBMA02167, SSRT061262, TSRT-06-13, VIGILANCE-VUL-6302.

Description of the vulnerability

The Radia Notify Daemon (radexecd.exe) of HP OpenView Client Configuration Manager listens on port 3465/tcp. It receives commands with the following syntax :
  port\x00username\x00password\x00command

However, due to an error, the username and the password are not necessary to execute a command. Commands which can be executed are located in the directory of radexecd.exe :
 - radbootw.exe : reboots the computer
 - radcrecv.exe : permits to create a file in the current directory
An attacker can thus use radcrecv.exe to create a file, then connect again and request execution of this file.

This vulnerability therefore permits an unauthenticated attacker to execute commands on HP OpenView Client Configuration Manager.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-5823

Linux kernel: memory corruption of cramfs via zlib_inflate

Synthesis of the vulnerability

A local attacker can mount a malicious cramfs image to generate a denial of service or to execute code.
Impacted products: Debian, Fedora, Linux, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES.
Severity: 1/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 09/11/2006.
Identifiers: CVE-2006-5823, DSA-1503-1, DSA-1504-1, FEDORA-2006-1221, FEDORA-2006-1223, FEDORA-2007-058, MDKSA-2007:047, MDKSA-2007:060, MOKB-07-11-2006, RHSA-2007:0014-01, RHSA-2007:0436-01, SUSE-SA:2006:079, VIGILANCE-VUL-6301.

Description of the vulnerability

The cramfs filesystem is used to store compressed data available for reading only.

When the filesystem is malformed, the zlib_inflate() function of the cramfs module of the Linux kernel corrupts memory.

This error generally leads to system stop, and can lead to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2006-5835

Lotus Notes/Domino: retrieving the User.ID file

Synthesis of the vulnerability

An attacker can construct a list of valid usernames and obtain their User.ID file.
Impacted products: Domino, Notes.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 08/11/2006.
Identifiers: BID-20960, CVE-2006-5835, KEMG6R8JBF, VIGILANCE-VUL-6300.

Description of the vulnerability

The Lotus Domino server listens on port 1352/tcp for the NRPC (Notes Remote Procedure Call) protocol. This protocol permits users to download their User.ID file. This encrypted file contains user's keys protected by his password.

An attacker can use a special client in order to query the User.ID file to the Domino server. The error message returned by the server permits to detect if the username is valid :
 - if user does not exists : "User not found in Directory"
 - if user exists : "No ID file found for this user" or the User.ID file

Moreover, an attacker can conduct a brute force attack on the downloaded User.ID file.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-5779

OpenLDAP: denial of service of SASL

Synthesis of the vulnerability

An unauthenticated attacker can connect to the LDAP port and send malicious data in order to stop it.
Impacted products: Mandriva Linux, NLD, OES, OpenLDAP, openSUSE, SLES, TurboLinux.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 08/11/2006.
Revision date: 15/11/2006.
Identifiers: BID-20939, CVE-2006-5779, MDKSA-2006:208, SUSE-SA:2006:072, TLSA-2006-44, VIGILANCE-VUL-6299.

Description of the vulnerability

The SASL layer (Simple Authentication and Security Layer) adds new authentication methods to existing protocols.

An attacker can connect to the 389/tcp LDAP port and send a query with an "authcid" longer than 255 characters, but with a space at the 255th character. When this string is truncated, an error occurs in slap_sasl_bind(). This error stops the daemon.

An unauthenticated attacker can thus generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2006-5466

rpm: buffer overflow

Synthesis of the vulnerability

An attacker can generate an overflow when a malicious RPM package is opened.
Impacted products: Mandriva Linux, Mandriva NF.
Severity: 1/4.
Consequences: privileged access/rights.
Provenance: document.
Creation date: 08/11/2006.
Identifiers: CVE-2006-5466, MDKSA-2006:200, VIGILANCE-VUL-6298.

Description of the vulnerability

The librpm library is used by the rpm command when a package is opened.

When the LANG or LC_ALL environment variable is set to ru_RU.UTF-8, an overflow occurs in librpm when a malicious package is loaded.

An attacker can therefore execute code on computer of users accepting to install a malicious package. It can be noted that a package from an unknown source is always dangerous.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2006-4810

Texinfo: memory corruption of texindex

Synthesis of the vulnerability

An attacker can create TeX files corrupting memory when they are indexed by texindex.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, Solaris, RHEL.
Severity: 1/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 08/11/2006.
Identifiers: 20061101-01-P, 211484, BID-20959, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2006-4810, DSA-1219-1, FEDORA-2006-1202, FEDORA-2006-1203, MDKSA-2006:203, RHSA-2006:0727-01, SUSE-SR:2006:028, VIGILANCE-VUL-6297.

Description of the vulnerability

The texindex program of the Texinfo suite generates an index of several TeX files.

When the size of the index is over 500kbytes, an overflow occurs in a multiplication, which corrupts memory.

An attacker can thus invite user to index malicious TeX files in order to generate this error. Code execution seems to be difficult to achieve using this vulnerability.

The texi2dvi program is also affected.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2006-5462 CVE-2006-5463 CVE-2006-5464

Seamonkey: Several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Seamonkey, the worst one leading to code execution.
Impacted products: Debian, SeaMonkey, NLD, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 5.
Creation date: 08/11/2006.
Identifiers: 103011, 103121, 103139, 119115-31, 119116-31, 120671-07, 120672-07, 20061101-01-P, 201335, 6499437, 6499440, 6501194, BID-20957, CERTA-2006-AVI-482, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, DSA-1224-1, MFSA2006-65, MFSA2006-66, MFSA2006-67, RHSA-2006:0734-01, SSA:2006-313-01, SUSE-SA:2006:068, VIGILANCE-VUL-6296, VU#335392, VU#390480, VU#495288, VU#714496, VU#815432.

Description of the vulnerability

Several vulnerabilities were announced in Seamonkey.

Several memory corruption can occur in the layout engine. [severity:4/4; CVE-2006-5464, MFSA2006-65, VU#495288]

A vulnerability of XML.prototype.hasOwnProperty is exploitable. [severity:3/4; CVE-2006-5747, MFSA2006-65, VU#815432]

Several memory corruption can occur in the JavaScript engine. [severity:3/4; CVE-2006-5748, MFSA2006-65, VU#390480]

The VIGILANCE-VUL-6140 vulnerability was incorrectly corrected. [severity:3/4; CERTA-2006-AVI-482, CVE-2006-5462, MFSA2006-66, VU#335392]

A JavaScript object can be modified during its execution, which leads to code execution. [severity:3/4; CVE-2006-5463, MFSA2006-67, VU#714496]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899