The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert CVE-2007-5632

Solaris: denial of service of the kernel

Synthesis of the vulnerability

A local attacker can create a denial of service of the Solaris kernel.
Impacted products: Solaris, Trusted Solaris.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 19/10/2007.
Identifiers: 103064, 6351793, 6358047, BID-26131, CVE-2007-5632, VIGILANCE-VUL-7271.

Description of the vulnerability

Two vulnerabilities permitting to create a local denial of service of the Solaris kernel were announced by Sun.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-5589

phpMyAdmin: Cross Site Scripting of server_status.php

Synthesis of the vulnerability

An attacker can use parameters of server_status.php script in order to inject HTML code in phpMyAdmin.
Impacted products: Debian, Fedora, openSUSE, phpMyAdmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/10/2007.
Identifiers: 071015a, BID-26301, CVE-2007-5589, DSA-1403-1, FEDORA-2007-2738, FEDORA-2007-3639, PMASA-2007-6, SUSE-SR:2008:006, VIGILANCE-VUL-7270.

Description of the vulnerability

The phpMyAdmin program is used to administer a MySQL database.

The server_status.php script indicates the status of the environment. This script does not filter parameters its receives. An attacker can therefore use it to inject Javascript code.

This vulnerability therefore permits an attacker to conduct a Cross Site Scripting attack, when victim is authenticated on phpMyAdmin.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2006-2894 CVE-2007-1095 CVE-2007-1256

Firefox: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Firefox, the worst one leading to code execution.
Impacted products: Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, openSUSE, RHEL, Slackware, SLES, TurboLinux.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 8.
Creation date: 19/10/2007.
Revisions dates: 22/10/2007, 25/10/2007.
Identifiers: 4570, 60eb95b75c76f9fbfcc9a89f99cd8f79, BID-22688, BID-23668, BID-25543, BID-26132, CERTA-2007-AVI-446, CERTA-2007-AVI-453, CERTA-2007-AVI-505, CVE-2006-2894, CVE-2007-1095, CVE-2007-1256, CVE-2007-2291, CVE-2007-2292, CVE-2007-3511, CVE-2007-4841, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340, DSA-1392-1, DSA-1396-1, FEDORA-2007-2664, FEDORA-2007-2668, FEDORA-2007-2679, FEDORA-2007-2686, FEDORA-2007-2697, FEDORA-2007-732, MDKSA-2007:202, mfsa2007-29, mfsa2007-30, mfsa2007-31, mfsa2007-32, mfsa2007-33, mfsa2007-34, mfsa2007-35, mfsa2007-36, RHSA-2007:0979-01, SSA:2007-297-01, SUSE-SA:2007:057, TLSA-2007-53, VIGILANCE-VUL-7268, VU#349217, VU#559977, VU#755513.

Description of the vulnerability

Several vulnerabilities were announced in Firefox.

Several memory corruptions can lead to code execution. [severity:2/4; CERTA-2007-AVI-446, CVE-2007-5339, CVE-2007-5340, mfsa2007-29, VU#559977, VU#755513]

An attacker can use the "onUnload" event to steal information contained in bookmarks or to realize a "phishing" attack when the user leave a malicious web page. (VIGILANCE-VUL-6584) [severity:4/4; BID-22688, CERTA-2007-AVI-453, CVE-2007-1095, CVE-2007-1256, mfsa2007-30]

An attacker can create a malicious web site in order to force web browsers of users behind a proxy to inject a new HTTP query. (VIGILANCE-VUL-6767) [severity:4/4; BID-23668, CVE-2007-2291, CVE-2007-2292, mfsa2007-31]

An attacker can create a special Javascript code, then invite user to press keys and a button, to upload a file. (VIGILANCE-VUL-5897) [severity:4/4; CVE-2006-2894, CVE-2007-3511, mfsa2007-32]

An attacker can create a page with XUL language in order to hide his Window's title bar. This possibility elevate risk of phishing attacks. [severity:4/4; CVE-2007-5334, mfsa2007-33, VU#349217]

An attacker can read any file on unix systems, using a vulnerability in sftp protocol. [severity:4/4; CVE-2007-5337, mfsa2007-34]

An attacker can use a "script" object in order to modify XPCNativeWrapper in order to execute code. [severity:4/4; CVE-2007-5338, mfsa2007-35]

An attacker can use mailto, nntp, news and snews uris to execute commands under Windows. (VIGILANCE-VUL-7154) [severity:2/4; BID-25543, CERTA-2007-AVI-505, CVE-2007-4841, mfsa2007-36]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-5587

Windows: buffer overflow in the SafeDisc driver

Synthesis of the vulnerability

A local attacker can exploit a buffer overflow in the Macrovision SafeDisc driver in order to gain SYSTEM rights.
Impacted products: Windows 2003, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user account.
Creation date: 19/10/2007.
Revision date: 06/11/2007.
Identifiers: 944653, BID-26121, CERTA-2007-AVI-480, CERTA-2007-AVI-538, CVE-2007-5587, MS07-067, VIGILANCE-VUL-7266.

Description of the vulnerability

The SafeDisc driver (C:\Windows\System32\Drivers\secdrv.sys) has been developed by Macrovision. This driver is used to check signature of software's installation discs. It is principally used by video games editors.

This driver is installed by default on Windows XP and Windows 2003.

Data sent by the user to the driver are not correctly sanitized, which permits to overwrite any memory address.

A local attacker can thus gain SYSTEM rights on the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 7265

Cisco PIX/ASA: denials of service of MGCP and TLS

Synthesis of the vulnerability

An attacker can send malicious MGCP or TLS packets in order to stop the firewall.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/10/2007.
Revision date: 29/10/2007.
Identifiers: 98711, BID-26104, cisco-sa-20071017-asa, CSCsg43276, CSCsh97120, CSCsi00694, CSCsi90468, VIGILANCE-VUL-7265.

Description of the vulnerability

An attacker can generate two denials of services in Cisco PIX/ASA firewalls.

When MGCP (Media Gateway Control Protocol) inspection is enabled, a malicious MGCP packet (port 2427/udp) reloads the device. [severity:3/4; CSCsi00694, CSCsi90468]

An error in TLS protocol handling reloads the device in following configurations: Clientless WebVPN, SSL VPN Client, AnyConnect Connections, HTTPS Management, Cut-Through Proxy for Network Access and TLS Proxy for Encrypted Voice Inspection. [severity:3/4; CSCsg43276, CSCsh97120]
Full Vigil@nce bulletin... (Free trial)

vulnerability note 7264

Cisco IOS, CatOS: multiple vulnerabilities of FWSM

Synthesis of the vulnerability

Several vulnerabilities permit an attacker to generate a denial of service or to bypass ACEs.
Impacted products: Cisco Catalyst, IOS by Cisco, Cisco Router.
Severity: 3/4.
Consequences: data flow, denial of service on server.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/10/2007.
Identifiers: 98612, BID-26109, cisco-sa-20071017-fwsm, CSCsi00694, CSCsi77844, CSCsi90468, CSCsj52536, VIGILANCE-VUL-7264.

Description of the vulnerability

The FWSM module (Cisco Firewall Services Module) implements filtering features. It has several vulnerabilities.

When HTTPS server is enabled, a malicious query reloads the device. [severity:3/4; CSCsi77844]

When MGCP (Media Gateway Control Protocol) inspection is enabled, a malicious MGCP packet (port 2427/udp) reloads the device. [severity:3/4; CSCsi00694, CSCsi90468]

When an ACL contains ACE (Access Control Entries), and when administrator edit them, ACLs are corrupted. Some packets may thus be incorrectly accepted or rejected. [severity:3/4; CSCsj52536]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-4619

FLAC: integer overflows

Synthesis of the vulnerability

Several integer overflows of FLAC permit an attacker to execute code on computer of victim.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, RHEL.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 17/10/2007.
Identifiers: BID-26042, CERTA-2002-AVI-163, CERTA-2007-AVI-439, CVE-2007-4619, DSA-1469-1, FEDORA-2007-2596, FEDORA-2007-730, MDKSA-2007:214, RHSA-2007:0975-02, SUSE-SR:2007:022, VIGILANCE-VUL-7263.

Description of the vulnerability

The FLAC/libFLAC library implements the FLAC (Free Lossless Audio Codec) audio format.

Several parts of FLAC use integers coming from audio file in order to allocate memory areas. These integers are not checked and multiplication overflows occur and lead to memory corruptions.

An attacker can therefore create a malicious audio file and invite victim to listen it with a software linked to libFLAC in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-5456

Internet Explorer: missing warning dialog

Synthesis of the vulnerability

An attacker can use a special url which does not display the warning dialog about a potentially dangerous transfer.
Impacted products: IE.
Severity: 1/4.
Consequences: data flow.
Provenance: document.
Creation date: 17/10/2007.
Identifiers: CVE-2007-5456, VIGILANCE-VUL-7262.

Description of the vulnerability

Since Service Pack2 of Windows XP, when some file types are downloaded, a warning dialog appears to indicate user that the file may be dangerous.

However, instead of using:
  http://server/program.exe
attacker can use:
  http://server/program.exe?1.txt
  http://server/program.exe?1.cda
In this case, when user clicks on the link, the dialog is not displayed.

This vulnerability thus permits to transfer a program to victim's computer. It can be noted that it is only a transfer: there is no execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2007-5540 CVE-2007-5541

Opera: vulnerabilities

Synthesis of the vulnerability

Two vulnerabilities of Opera permit an attacker to execute commands or to change a Javascript code.
Impacted products: openSUSE, Opera.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/10/2007.
Identifiers: BID-26100, BID-26102, CVE-2007-5540, CVE-2007-5541, SUSE-SR:2007:022, VIGILANCE-VUL-7261.

Description of the vulnerability

Two vulnerabilities were announced in Opera:

When Opera is configured to use an external newsgroup or email client, a malicious web page can generate code execution. This vulnerability may be the same as VIGILANCE-VUL-7240. [severity:3/4; BID-26100, CVE-2007-5541]

A script can change Javascript functions of web pages originating from another web site and located inside a sub-frame. This vulnerability thus permits an attacker to alter behavior of a script. [severity:3/4; BID-26102, CVE-2007-5540]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-5461

Apache Tomcat: reading files via WebDAV

Synthesis of the vulnerability

An attacker allowed with a write access via WebDAV can read a file located on the system.
Impacted products: Tomcat, Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, Solaris, RHEL, SLES, ESX.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/10/2007.
Identifiers: 239312, BID-26070, CVE-2007-5461, CVE-2007-5641-ERROR, DSA-1447-1, DSA-1453-1, FEDORA-2007-3456, FEDORA-2007-3474, MDKSA-2007:241, RHSA-2008:0042-01, RHSA-2008:0195-01, RHSA-2008:0261-01, RHSA-2008:0524-01, RHSA-2008:0862-02, RHSA-2010:0602-02, SUSE-SR:2008:005, SUSE-SR:2009:004, VIGILANCE-VUL-7260, VMSA-2008-00010.3.

Description of the vulnerability

A WebDAV context can be enabled on Apache Tomcat:
 - in version 4.1 and 5.5, the only enabled context is /webdav (as read only)
 - in version 6.0, there is no context enabled by default
To enable a WebDAV context as read-write, administrator has to edit the [webdav]/WEB-INF/web.xml configuration file and change the readonly parameter. By default, there is no context enabled as read-write.

When user is authenticated in a read-write context, he can edit files located inside the web space.

However, the LOCK (file locking) command on RemoteX permits an attacker to indicate an absolute file name. He can then read its content, but he cannot change it.

An attacker authenticated in a read-write context can thus read files located outside root of web site.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2823