The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert 7191

F-Secure: base policies not updated

Synthesis of the vulnerability

After a few days of operation, F-Secure Management Agent cannot update base policies and statistics.
Impacted products: F-Secure AV.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 25/09/2007.
Identifiers: FSAVCS700_HF07, VIGILANCE-VUL-7191.

Description of the vulnerability

After a few days of operation, F-Secure Management Agent cannot update base policies and statistics.



This error can have an impact on F-Secure Anti-Virus Client Security behaviour.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-4571

Linux kernel: memory reading via snd-page-alloc

Synthesis of the vulnerability

A local attacker can read memory fragments via the snd-page-alloc module.
Impacted products: Debian, Fedora, Linux, NLD, OES, openSUSE, RHEL, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 25/09/2007.
Revision date: 25/09/2007.
Identifiers: BID-25807, CERTA-2002-AVI-197, CVE-2007-4571, DSA-1479-1, DSA-1505-1, FEDORA-2007-2349, FEDORA-2007-714, RHSA-2007:0939-01, RHSA-2007:0993-01, SUSE-SA:2007:053, VIGILANCE-VUL-7190.

Description of the vulnerability

The snd-page-alloc module handles memory for ALSA audio system.

The /proc/driver/snd-page-alloc file displays information about allocated memory. The snd_mem_proc_read() function displays requested information. When user requests a partial read with "read(fd, buf, 1)" for example, offsets are incorrectly handled. This error leads to the display of an uninitialized memory area.

A local attacker can therefore use the audio system in order to obtain some sensitive information stored in memory.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-4974

libsndfile: buffer overflow via FLAC

Synthesis of the vulnerability

An attacker can create a malicious stream in FLAC format in order to generate an overflow in applications linked to libsndfile.
Impacted products: Debian, Fedora, Mandriva Linux, OpenSolaris, openSUSE.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 25/09/2007.
Identifiers: CVE-2007-4974, DSA-1442-1, FEDORA-2007-2236, MDKSA-2007:191, SUSE-SR:2008:001, VIGILANCE-VUL-7189.

Description of the vulnerability

The libsndfile library implements several sound protocols and formats, such as the FLAC format (Free Lossless Audio Codec).

However, the flac_buffer_copy() function of libsndfile-1.0.17/src/flac.c does not check size of bocks before copying them in a 4096 (ENC_BUFFER_SIZE) bytes array. A heap overflow then occurs.

An attacker can therefore create malicious audio data and invite victim to listen them in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2007-5034

Elinks: unencrypted POST data

Synthesis of the vulnerability

When Elinks is configured to connect to a HTTPS proxy, POST data are sent in clear text.
Impacted products: Debian, Fedora, RHEL, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 25/09/2007.
Identifiers: BID-25799, CVE-2007-5034, DSA-1380-1, FEDORA-2007-2224, FEDORA-2007-710, RHSA-2007:0933-01, VIGILANCE-VUL-7188.

Description of the vulnerability

The Elinks program is a web browser in text mode.

The HTTP CONNECT method is used to connect to a HTTPS proxy and request it to establish a connection to a remote server. Data are then encrypted by SSL between the client and the server.

However, when Elinks connects to proxy, it adds in clear text to the CONNECT request:
 - Content-* headers of POST query which will transit in the tunnel
 - body (parameters) of POST query which will transit in the tunnel

An attacker can therefore intercept some sensitive data sent by Elinks during a SSL session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2007-5086

Kaspersky AV: denial of service

Synthesis of the vulnerability

A local attacker can generate a denial of service in klif.sys.
Impacted products: Kaspersky AV.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user account.
Number of vulnerabilities in this bulletin: 3.
Creation date: 24/09/2007.
Identifiers: CVE-2007-5086, VIGILANCE-VUL-7187.

Description of the vulnerability

Kaspersky antivirus installs the klif.sys driver. This driver hooks system calls from SSDT (System Service Descriptor Table). However, new functions are incorrectly implemented.

The klif.sys driver adds 13 unknown system calls. When incorrect parameters are sent to these calls, a blue screen occurs. [severity:1/4]

When incorrect parameters are sent to NtCreateSection(), a blue screen occurs. [severity:1/4]

When incorrect parameters are sent to NtUserSendInput(), a blue screen occurs. [severity:1/4]

A local attacker can therefore create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-4985 CVE-2007-4986 CVE-2007-4987

ImageMagick: vulnerabilities via DCM, DIB, XBM, XCF or XWD

Synthesis of the vulnerability

An attacker can create a malicious DCM, DIB, XBM, XCF or XWD image leading to a denial of service or to code execution on computers of ImageMagick users.
Impacted products: Debian, Mandriva Linux, NLD, OES, openSUSE, Solaris, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 24/09/2007.
Identifiers: BID-25763, BID-25764, BID-25765, BID-25766, CERTA-2007-AVI-414, CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988, DSA-1858-1, DSA-1903-1, MDVSA-2008:035, RHSA-2008:0145-01, RHSA-2008:0165-01, SUSE-SR:2007:023, VIGILANCE-VUL-7186.

Description of the vulnerability

Several vulnerabilities can occur in ImageMagick.

Several integer overflows can occur when a DCM, DIB, XBM, XCF or XWD image is loaded. [severity:2/4; BID-25763, CERTA-2007-AVI-414, CVE-2007-4986]

An off by one overflow can occur in the ReadBlobString() function of magick/blob.c. [severity:2/4; BID-25766, CVE-2007-4987]

An infinite loop can occur in ReadDCMImage() and ReadXCFImage() functions. [severity:2/4; BID-25764, CVE-2007-4985]

A sign extension leading to an integer overflow occurs in the ReadDIBImage() function. [severity:2/4; BID-25765, CVE-2007-4988]

An attacker can therefore invite user to open a DCM, DIB, XBM, XCF or XWD image with ImageMagick in order to generate a denial of service or to run code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-4573

Linux kernel: privilege elevation via ptrace on x86_64

Synthesis of the vulnerability

On a x86_64 architecture, a local attacker can ptrace a 32 program in order to elevate his privileges.
Impacted products: Debian, Fedora, Linux, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 24/09/2007.
Revision date: 27/09/2007.
Identifiers: BID-25774, CERTA-2007-AVI-416, CVE-2007-4573, DSA-1378-1, DSA-1381-1, DSA-1504-1, FEDORA-2007-2298, FEDORA-2007-712, MDKSA-2007:195, MDKSA-2007:196, MDVSA-2008:008, MDVSA-2008:105, RHSA-2007:0936-01, RHSA-2007:0937-01, RHSA-2007:0938-01, SUSE-SA:2007:053, SUSE-SA:2007:064, SUSE-SU-2011:0928-1, VIGILANCE-VUL-7185.

Description of the vulnerability

Linux kernel permits to run 32 bits programs on a x86_64 platform.

The sysenter_tracesys(), cstar_tracesys() and ia32_tracesys() functions of arch/x86_64/ia32/ia32entry.S file reload arguments (RAX, RCX, etc.) via the LOAD_ARGS macro. However, in a 32 bits environment, EAX, ECX, etc. have to be reloaded instead. The 32 upper bits are thus initialized with values from memory.

These functions then check if EAX does not contain a value superior to the system call table: this test always succeed because the 32 upper bits of RAX are not compared. Then the system call at offset RAX is called: attacker can thus control address of called function. For example, with RAX=0x100000048, kernel checks EAX=48, but loads the function at address RAX.

A local attacker can therefore call ptrace() on a 32 bit process in order to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-5066

Webmin: code execution

Synthesis of the vulnerability

An attacker authenticated to Webmin can execute code under Windows.
Impacted products: Webmin.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 24/09/2007.
Revision date: 05/10/2007.
Identifiers: BID-25773, CVE-2007-5066, SNS Advisory No.95, VIGILANCE-VUL-7184.

Description of the vulnerability

The Webmin environment can be installed under Unix and Windows.

The miniserv.pl program implements the web server. Under Windows, the CGI part calls the Perl program passing it arguments from the url. However, these arguments are not filtered before being used on the command line.

When Webmin is installed under Windows, an authenticated attacker can thus use malicious parameters in the url in order to execute commands on the computer.

This vulnerability therefore permits an attacker, with a restricted account, to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-5020

Adobe Acrobat: vulnerability

Synthesis of the vulnerability

A vulnerability was announced in Adobe Acrobat.
Impacted products: Acrobat.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 24/09/2007.
Identifiers: APSA07-04, APSB07-18, BID-25748, CERTA-2007-AVI-455, CVE-2007-5020, VIGILANCE-VUL-7183.

Description of the vulnerability

A vulnerability was announced in Adobe Acrobat.

When victim opens a malicious PDF file, code is run on the computer.



It is highly probable that this vulnerability is a duplicate of VIGILANCE-VUL-7240.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-4991

Microsoft ISA Server 2004: obtaining visited IP addresses

Synthesis of the vulnerability

An attacker can obtain IP address of site previously visited via SOCKS4 proxy.
Impacted products: ISA.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 21/09/2007.
Identifiers: BID-25753, CVE-2007-4991, VIGILANCE-VUL-7182, ZDI-07-053.

Description of the vulnerability

The ISA firewall supports SOCKS version 4 protocol used to tunnel connections : user connects to the SOCKS proxy, which connects to the remote server requested.

When the SOCKS proxy receives an empty packet, it returns a packet to the client. However, this packet contains the IP address of last remote server where a connection was established. Origin of this error may the related to the usage of an uninitialized memory area.

A non authenticated attacker can therefore progressively obtain the list of IP addresses requested by users.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2822