The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability announce CVE-2007-2417

RSA ACE/Server, SecurID: buffer overflow of Progress Server

Synthesis of the vulnerability

An attacker can generate a buffer overflow on Progress Server in order to execute code on system.
Impacted products: ACE Server, RSA Authentication Agent, SecurID.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 13/07/2007.
Identifiers: CVE-2007-2417, TPTI-07-12, VIGILANCE-VUL-7007.

Description of the vulnerability

The Progress Server, of Progress Software company, listens on 5520/tcp and 5530/tcp ports. The RSA Authentication Manager, RSA ACE/Server 5.2 and RSA SecurID Appliance products use this software.

The _mprosrv.exe process (Progress Server) stores received data in a 1012 bytes array without checking its size. An attacker can therefore create an overflow.

A non authenticated attacker can thus execute code with system privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-3641 CVE-2007-3644 CVE-2007-3645

libarchive: several vulnerabilities

Synthesis of the vulnerability

A malicious tar or cpio archive can generate a denial of service or code execution on libarchive tools.
Impacted products: Debian, FreeBSD, NLD, OES, openSUSE, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/07/2007.
Identifiers: BID-24885, CERTA-2007-AVI-313, CVE-2007-3641, CVE-2007-3644, CVE-2007-3645, DSA-1455-1, FreeBSD-SA-07:05.libarchive, SUSE-SR:2007:015, VIGILANCE-VUL-7006, VU#970849.

Description of the vulnerability

The libarchive library is used by several tools such as tar and cpio. It has several vulnerabilities.

When pax headers are malformed, an infinite loop occurs. [severity:2/4; CVE-2007-3644, VU#970849]

When pax headers are malformed, a NULL pointer is dereferenced. [severity:2/4; CVE-2007-3645]

When pax headers are malformed, a buffer overflow occurs, which can lead to code execution. [severity:2/4; CERTA-2007-AVI-313, CVE-2007-3641]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-2295 CVE-2007-2296 CVE-2007-2392

QuickTime: several vulnerabilities

Synthesis of the vulnerability

Several QuickTime vulnerabilities can lead to code execution.
Impacted products: QuickTime.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 12/07/2007.
Identifiers: BID-24873, CERTA-2007-AVI-308, CVE-2007-2295, CVE-2007-2296, CVE-2007-2392, CVE-2007-2393, CVE-2007-2394, CVE-2007-2396, CVE-2007-2397, CVE-2007-2402, VIGILANCE-VUL-7005, VU#582681.

Description of the vulnerability

Several QuickTime vulnerabilities can lead to code execution.

A malicious H.264 video can corrupt memory. [severity:3/4; CERTA-2007-AVI-308, CVE-2007-2295]

A malicious video can corrupt memory. [severity:3/4; CVE-2007-2392, VU#582681]

A malicious m4v file can generate an integer overflow. [severity:3/4; CVE-2007-2296]

A malicious SMIL (Synchronized Multimedia Integration Language) file can generate an integer overflow. [severity:3/4; CVE-2007-2394]

A Java applet can execute code. [severity:3/4; CVE-2007-2397]

A Java applet can read or write to memory. [severity:3/4; CVE-2007-2393]

A malicous Java applet can use JDirect to load libraries or to free memory. [severity:3/4; CVE-2007-2396]

A malicious Java applet can capture content of victim's screen. [severity:3/4; CVE-2007-2402]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-0447 CVE-2007-3699

Symantec AV, SGS, WS, Norton AV, IS, PF: vulnerabilities of RAR and CAB

Synthesis of the vulnerability

Two vulnerabilities of Symantec and Norton products lead to a denial of service or to code execution.
Impacted products: Norton Antivirus, Norton Internet Security, Raptor Firewall, Symantec AV, SEF, SGS, SWS.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/07/2007.
Revision date: 13/07/2007.
Identifiers: BID-24282, CVE-2007-0447, CVE-2007-3699, CVE-2007-3801-REJECT, SYM07-019, VIGILANCE-VUL-7004, ZDI-07-039, ZDI-07-040.

Description of the vulnerability

Two vulnerabilities of Symantec and Norton products are related to RAR or CAB files analysis.

An attacker can modify the PACK_SIZE field of RAR file header in order to create an infinite loop when file is parsed. [severity:3/4; CVE-2007-3699, CVE-2007-3801-REJECT, ZDI-07-039]

A malicious CAB archive can create an overflow leading to code execution. [severity:3/4; CVE-2007-0447, ZDI-07-040]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-3673

Symantec AV, Norton AV, IS, PF: privilege elevation via SymTDI.sys

Synthesis of the vulnerability

A local attacker can use the SymTDI.sys driver in order to elevate his privileges.
Impacted products: Norton Antivirus, Norton Internet Security, Symantec AV.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 12/07/2007.
Revision date: 13/07/2007.
Identifiers: BID-22351, CERTA-2007-AVI-309, CVE-2007-3673, SYM07-018, VIGILANCE-VUL-7003.

Description of the vulnerability

The SymTDI.sys (\\symTDI\) driver is installed by several Symantec and Norton products.

This driver does not check memory addresses transmitted by 0x83022323 ioctl, which permits to corrupts memory.

A local attacker can therefore elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-3800

Symantec AV: privilege elevation via RTVScan

Synthesis of the vulnerability

A local attacker can use the notification service of RTVScan in order to elevate his privileges.
Impacted products: Symantec AV.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 12/07/2007.
Identifiers: BID-24810, CVE-2007-3800, SYM07-017, VIGILANCE-VUL-7002.

Description of the vulnerability

The real time scanner (RTVScan) displays notification windows when a threat is detected.

However, a local attacker can use these windows to obtain system privileges.

A local attacker can therefore elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-3456

Symantec AV: buffer overflow of Internet E-mail Auto-Protect

Synthesis of the vulnerability

An attacker can send a malicious email in order to execute code on Internet E-mail Auto-Protect.
Impacted products: Symantec AV.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 12/07/2007.
Identifiers: BID-24802, CVE-2006-3456, SYM07-016, VIGILANCE-VUL-7001.

Description of the vulnerability

The Internet E-mail Auto-Protect feature protects transfers using POP3 and SMTP protocols.

However, when size of "To", "From" and "Subject" fields is over 951 characters, an overflow occurs.

An attacker can therefore send a malicious email in order to execute code on Internet E-mail Auto-Protect.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-2691 CVE-2007-2692 CVE-2007-3780

MySQL 5.0: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of MySQL permit an attacker to elevate his privileges.
Impacted products: Debian, Mandriva Linux, MySQL Community, MySQL Enterprise, NLD, OES, openSUSE, RHEL, SLES.
Severity: 2/4.
Consequences: privileged access/rights, data reading, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 5.
Creation date: 12/07/2007.
Identifiers: 23667, 25578, 27337, 27515, 27878, 28984, BID-24011, BID-24016, BID-25017, CERTA-2007-AVI-222, CERTA-2008-AVI-162, CERTA-2008-AVI-492, CVE-2007-2691, CVE-2007-2692, CVE-2007-3780, CVE-2007-3781, CVE-2007-3782, DSA-1413-1, DSA-1451-1, MDKSA-2007:177, MDKSA-2007:243, RHSA-2007:0875-01, RHSA-2007:0894-01, RHSA-2008:0364-01, RHSA-2008:0768-01, SUSE-SR:2007:019, SUSE-SR:2008:003, VIGILANCE-VUL-7000.

Description of the vulnerability

Several vulnerabilities were announced in MySQL.

A local attacker can clone a table structure with CREATE TABLE LIKE. [severity:2/4; 23667, 25578, CVE-2007-3781]

An attacker can use a view to obtain update privilege on tables of another database. [severity:2/4; 27878, CVE-2007-3782]

An attacker can execute a procedure with INVOKER attribute in order to elevate his privileges in another database (VIGILANCE-VUL-6825). [severity:2/4; 27337, BID-24011, CVE-2007-2692]

An attacker can rename a table even if he does not have the DROP privilege (VIGILANCE-VUL-6826). [severity:2/4; 27515, BID-24016, CERTA-2007-AVI-222, CERTA-2008-AVI-492, CVE-2007-2691]

A non authenticated attacker can use malformed password packets in order to stop server. [severity:2/4; 28984, CERTA-2008-AVI-162, CVE-2007-3780]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-3698

JDK, JRE, SDK: denial of service of JSSE

Synthesis of the vulnerability

An attacker can connect to SSL services created with JSSE in order to generate a denial of service.
Impacted products: HPE NMC, OpenView, OpenView NNM, OpenView Operations, NLD, OES, Java Oracle, RHEL, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 12/07/2007.
Identifiers: 102934, 102958, 102997, 6483556, 6483560, 6490790, 6542796, BID-24846, c01269450, c01601492, CVE-2007-3698, HPSBMA02288, HPSBMA02384, RHSA-2007:0956-01, RHSA-2007:1086-01, RHSA-2008:0100-01, RHSA-2008:0132-01, SSRT071465, SUSE-SA:2008:025, VIGILANCE-VUL-6999.

Description of the vulnerability

The JSSE extension (Java Secure Socket Extension) permits to create SSL/TLS services.

However, JSSE does not correctly handle the handshake, which leads to an overload of processor.

An attacker can therefore connect to a SSL/TLS service provided by JSSE in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2007-3571

NetWare: IP address disclosure via Apache

Synthesis of the vulnerability

When IP address of web server is translated, an attacker can obtain the real IP address.
Impacted products: Netware.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 12/07/2007.
Identifiers: 3555327, CVE-2007-3571, VIGILANCE-VUL-6998.

Description of the vulnerability

The VIGILANCE-VUL-293 bulletin describes a vulnerability using the "Content-Location" header to obtain the real IP address of a translated web server. This vulnerability affects IIS, and does not normally affect Apache httpd.

However, the NetWare version of Apache is affected by this vulnerability.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2794