The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability announce CVE-2007-5232 CVE-2007-5236 CVE-2007-5237

Java JDK/SDK/JRE: multiple vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JDK/SDK/JRE environment permit an attacker to access to files or to create network connections.
Impacted products: HP-UX, NLD, OES, openSUSE, Java Oracle, Solaris, Trusted Solaris, RHEL, SLES, ESX.
Severity: 3/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 04/10/2007.
Revision date: 23/10/2007.
Identifiers: 103071, 103072, 103073, 103078, 103079, 6569621, 6589527, 6590813, 6590827, 6590837, 6590850, 6590857, 6594007, 6609269, BID-25918, BID-25920, c01234533, CERTA-2007-AVI-440, CVE-2007-5232, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238, CVE-2007-5239, CVE-2007-5240, CVE-2007-5273, CVE-2007-5274, HPSBUX02284, RHSA-2007:0963-01, RHSA-2007:1041-01, RHSA-2008:0100-01, RHSA-2008:0132-01, RHSA-2008:0156-02, SSRT071483, SUSE-SA:2007:055, SUSE-SA:2008:025, VIGILANCE-VUL-7212, VMSA-2008-00010.3, VU#336105.

Description of the vulnerability

Several vulnerabilities of Java JDK/SDK/JRE environment permit an attacker to access to files or to create network connections.

An applet can create a large window in order to mask other windows or user's desktop. [severity:3/4; 103071, 6589527, CVE-2007-5240]

A Java applet or a Java Web Start application can invite victim to Drag and Drop a file in order to create it on his computer. [severity:3/4; 103072, 6590857, CVE-2007-5239]

A Java Web Start application can read or write files on victim's computer, or obtain the location of the cache. [severity:3/4; 103073, 6590813, 6590827, 6590837, 6590850, BID-25920, CVE-2007-5236, CVE-2007-5237, CVE-2007-5238]

A Java applet or a Javascript code can connect to computers different than the originating server. [severity:3/4; 103078, 6569621, 6609269, CVE-2007-5273, CVE-2007-5274]

A Java applet can connect to computers different than the originating server. [severity:3/4; 103079, 6594007, CERTA-2007-AVI-440, CVE-2007-5232, VU#336105]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2007-4135

nfsidmap: incorrect user association

Synthesis of the vulnerability

The NFSv4 ID mapper can indicate that a file is owned by root instead of nobody.
Impacted products: Mandriva Linux, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: intranet client.
Creation date: 03/10/2007.
Identifiers: BID-26767, CVE-2007-4135, MDKSA-2007:240, RHSA-2007:0951-01, SUSE-SR:2007:018, VIGILANCE-VUL-7211.

Description of the vulnerability

The nfsidmap is an identity mapper for NFSv4. It associates real users on the NFS client and on the server.

When an user does not exists on the NFS client, nfsidmap indicates that its files are owned by root instead of nobody.

Owner of these files is thus incorrect, which can have an impact on security.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-5225

Solaris: reading memory via named pipes

Synthesis of the vulnerability

A local attacker can create a named pipe and read its data in order to obtain fragments of system memory.
Impacted products: Solaris, Trusted Solaris.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/10/2007.
Revisions dates: 05/10/2007, 12/10/2007, 11/03/2008.
Identifiers: 103061, 6525463, BID-25905, CVE-2007-5225, VIGILANCE-VUL-7210.

Description of the vulnerability

Named pipes are created via the mknod() function. Two process can then read or write data to this pipe in order to communicate.

The I_PEEK ioctl permits to read data from the pipe, without removing them:
  struct strpeek t;
  t.databuf.maxlen = max_size_to_read; [...]
  ioctl( fd, I_PEEK, &t );

However, this ioctl does not check size indicated in the maxsize parameter of the strpeek structure. A local attacker can therefore use a long (negative) value in order to read past the data zone.

This vulnerability therefore permits a local attacker to obtain sensitive information stored in memory.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-4996

Pidgin: denial of service of the client

Synthesis of the vulnerability

A remote attacker can create a denial of service of the client by sending a "nudge" message.
Impacted products: Fedora, Slackware, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: internet client.
Creation date: 03/10/2007.
Identifiers: BID-25872, CVE-2007-4996, FEDORA-2007-2368, SSA:2007-275-01, VIGILANCE-VUL-7209.

Description of the vulnerability

Pidgin is a multi-protocol instant messaging client. A functionality named "nudge" permits to alert a remote buddy by shaking the discussion window when the MSN protocol is used.

When a buddy which is not in the buddy list of the user sends a "nudge" message, the Pidgin application tries to access to an invalid memory area, which leads to a crash of the application.

A remote attacker can thus create a denial of service of the client by sending a "nudge" message.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2007-4993

Xensource: privilege escalation when booting the guest domain

Synthesis of the vulnerability

An attacker possessing a guest domain on a Xensource server, can run code on the host domain.
Impacted products: Debian, Fedora, Mandriva Linux, RHEL, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user account.
Creation date: 03/10/2007.
Identifiers: CVE-2007-4993, DSA-1384-1, FEDORA-2007-2270, FEDORA-2007-713, MDKSA-2007:203, RHSA-2007:0323-01, VIGILANCE-VUL-7207.

Description of the vulnerability

Xensource is a virtualization server. When guest domain is booting, the Pygrub utility is used as a "boot loader". Pygrub get starting information in the grub.conf file, located in guest domains.

Controls realised on contains of grub.conf file are insufficient. It is thus possible to modify the "default" statement in order to run malicious commands on the host when the guest domain is booting.

An attacker owning a guest domain on the virtualization server can thus run code on the host domain.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-4568 CVE-2007-4990

X.Org: vulnerabilities of xfs

Synthesis of the vulnerability

An attacker can use two vulnerabilities of xfs in order to corrupt memory or to execute code.
Impacted products: Debian, Fedora, HP-UX, AIX, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/10/2007.
Identifiers: 103114, 200642, 6601751, 6601756, BID-25898, c01323725, CERTA-2007-AVI-424, CERTA-2008-AVI-068, CVE-2007-4568, CVE-2007-4990, DSA-1385-1, FEDORA-2007-4263, FEDORA-2007-763, HPSBUX02303, MDKSA-2007:210, RHSA-2008:0029-01, RHSA-2008:0030-01, SSRT071468, SUSE-SA:2007:054, VIGILANCE-VUL-7206.

Description of the vulnerability

The xfs service (X Font Server) handles fonts for X11 graphical environments. Under Linux, this service is reachable via an Unix socket. Under Solaris, this service is remotely reachable via the 7100/tcp port.

QueryXBitmaps and QueryXExtents queries obtain information on a font. When xfs handles these queries, two vulnerabilities can occur.

An integer overflow can occur in the build_range() function and lead to a heap overflow. [severity:2/4; CERTA-2007-AVI-424, CERTA-2008-AVI-068, CVE-2007-4568]

An attacker can force the swap_char2b() function to swap to arbitrary memory areas. [severity:2/4; CVE-2007-4990]

Both vulnerabilities permit an attacker to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-4133

Linux Kernel: denial of service via hugetlbfs

Synthesis of the vulnerability

A local attacker can create a denial of service using the hugetlb_vmtruncate_list() function.
Impacted products: Debian, Linux, Mandriva Linux, Mandriva NF, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 03/10/2007.
Identifiers: BID-25904, CVE-2007-4133, DSA-1381-1, DSA-1504-1, MDKSA-2007:216, MDVSA-2008:008, MDVSA-2008:105, RHSA-2007:0940-01, VIGILANCE-VUL-7205.

Description of the vulnerability

Hugetbl pages are used by applications requiring large memory areas.

The hugetlb_vmtruncate_list() function is used to unmap a memory area. This memory area is unmapped between "vma->vm_start + v_offset" and "vma->vm_end".

The v_offset value is improperly calculated on 64 bits processors because of a switch between PAGE_SHIFT and HPAGE_SHIFT macros. This integer can thus be greater than the mapped memory area, which can lead to a BUG_ON in exit_mmap().

A local attacker can thus create a denial of service of the system.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-5152 CVE-2007-5153

Sun Java Application Server: vulnerabilities with Sun Java System Access Manager

Synthesis of the vulnerability

Installing Sun Java System Access Manager can compromise the application server security.
Impacted products: Sun AS.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/10/2007.
Identifiers: 103069, 200839, 6571897, CVE-2007-5152, CVE-2007-5153, VIGILANCE-VUL-7204.

Description of the vulnerability

Sun Java System Access Manager is an identity and access management module for Sun Java Application Server. When this module is installed in a Sun Java System Application Server container, it generates two vulnerabilities.

When Sun Java System Access Manager 7.1 is installed in a Sun Java System Application Server 9.1 container, the authentication screen of application is not displayed. Users thus access to service without authentication. An attacker can therefore for example access to "Admin Console" in order to administer the application server. [severity:3/4]

When Sun Java System Access Manager 7.1 is installed in a Sun Java System Application Server 8.x container, an attacker can execute code with privileges of deployed applications. [severity:3/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 7203

Checkpoint VPN-1: several buffer overflows

Synthesis of the vulnerability

An attacker with admin rights can obtain expert rights.
Impacted products: VPN-1.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 02/10/2007.
Revision date: 04/10/2007.
Identifiers: BID-25886, VIGILANCE-VUL-7203.

Description of the vulnerability

Checkpoint's equipments use a secure system named SecurePlatform. On these systems, an account named "admin" permits to realize most administrative tasks. The "expert" account permits to access to the full system as "root".

When administrator connects under the "admin" account, he accesses to a restricted shell named cpshell. Via this shell, only some commands (SDSUtil, etc.) are available. In order to use every command, administrator must switch to the "expert" mode.

Several buffer overflows have been discovered on programs installed on the system:
 - SDSUtil
 - cpget
 - cplic
 - cpshell
 - cpwmd
 - fgate
 - funcchain
 - fw
 - fwm
 - license_upgrade
 - etc.
Amongst these commands, SDSUtil can be called from cpshell.

An attacker with "admin" rights on the system can therefore elevate his privileges from cpshell to obtain a full shell with "root" rights.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-5162

Ruby: incorrect validation of certificate by Net-HTTPS

Synthesis of the vulnerability

The Net::HTTP and Net::HTTPS libraries do not check real name of remote server.
Impacted products: Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/10/2007.
Identifiers: 2007-006-RubySSL, BID-25847, CVE-2007-5162, CVE-2008-5162-ERROR, DSA-1410-1, DSA-1411-1, DSA-1412-1, FEDORA-2007-2406, FEDORA-2007-2812, FEDORA-2007-718, FEDORA-2007-738, MDVSA-2008:029, RHSA-2007:0961-01, RHSA-2007:0965-01, SUSE-SR:2007:024, VIGILANCE-VUL-7202.

Description of the vulnerability

The Net::HTTP and Net::HTTPS libraries permit to establish SSL sessions to a remote web server.

However, these libraries do not check if the Common Name indicated in server certificate is the same as its DNS name.

An attacker can therefore replace the legitimate web server by a malicious web server, with another certificate signed by the same authority. Victim is then not warned that he just connected to a malicious web server.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899