The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert CVE-2007-5413

HP OpenView: information disclosure via Radia or CCM

Synthesis of the vulnerability

An attacker can read files by exploiting a vulnerability of httpd.tkd installed with HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM).
Impacted products: OpenView, HP-UX.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 25/10/2007.
Revision date: 02/11/2007.
Identifiers: c01205079, CVE-2007-5413, HPSBMA02279, SSRT071298, VIGILANCE-VUL-7281, ZDI-07-060.

Description of the vulnerability

The httpd.tkd daemon can be installed with HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM). This web server listens on port 3465/tcp.

This web server does not correctly check paths contained in the requested url. An attacker can for example use '~root' in the url in order to read files located in root user's home directory.

This vulnerability therefore permits an unauthenticated attacker to read files located outside root of web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-3510 CVE-2007-5700 CVE-2007-5701

Lotus Domino: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Lotus Domino.
Impacted products: Domino.
Severity: 3/4.
Consequences: privileged access/rights, data reading, denial of service on server.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 25/10/2007.
Revisions dates: 29/10/2007, 02/11/2007, 06/11/2007.
Identifiers: BID-26176, BID-26219, BID-26298, CERTA-2007-AVI-461, CVE-2007-3510, CVE-2007-5700, CVE-2007-5701, CVE-2007-5924, KEMG6M9RAU, KEMG6ZK34H, KHON738QB6, PRAD74LKW5, VIGILANCE-VUL-7280.

Description of the vulnerability

Several vulnerabilities were announced in Lotus Domino.

If the IMAP component is used, when a user of Lotus Domino register to a mailbox, the name of the mailbox is copied in a fixed-size buffer without verification on its size. An attacker which can connect to the Lotus Domino server can thus create a buffer overflow in the IMAP component by registering a mailbox with a very long name. [severity:3/4; BID-26219, CERTA-2007-AVI-461, CVE-2007-3510, PRAD74LKW5]

An error in Domino Certificate Authority (CA) lead to the display of password in clear text in console.log file and in admin panel when a user use a command with an uppercase in one of the following words: "ca", "activate", or "unlock". [severity:3/4; BID-26176, CVE-2007-5701, KHON738QB6]

An error in LotusScript when the "Evaluate" method is used with certain commands can lead to information disclosure. [severity:3/4; BID-26176, CVE-2007-5700, KEMG6M9RAU]

A Cross Site Scripting impacts the web server. [severity:3/4; CVE-2007-5924, KEMG6ZK34H]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-4222 CVE-2007-5910

Lotus Notes: several buffer overflows

Synthesis of the vulnerability

A remote attacker can create illicits documents in order to create a buffer overflow when these documents are read.
Impacted products: Notes.
Severity: 4/4.
Consequences: privileged access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 24/10/2007.
Revision date: 25/10/2007.
Identifiers: 21271111, 21272836, 21272930, BID-26175, BID-26200, CERTA-2007-AVI-459, CVE-2007-4222, CVE-2007-5910, KEMG6R8L3M, KEMG6X9QED, KEMG6XAS48, KEMG6XPK6A, KEMG6XTLDN, KEMG6Y8P8U, PRAD78WKKV, VIGILANCE-VUL-7279.

Description of the vulnerability

Several buffer overflows were announced in Lotus Notes.

When Lotus Notes receives a HTML message, it converts it in the RTF format (Rich Text Format). When the user reply to a message, forward it or copy its content in the clipboard, this one is reconverted into HTML format. During the convert in HTML format, a buffer overflow is possible. The overflow appears when calling the Cstrcpy() function which copy a variable in a buffer with a fixed size. A remote attacker can thus send a malicious message in HTML format in order to run code when the user reply to the message, forward the massage or copy the content of the message in the clipboard. [severity:4/4; 21272930, BID-26200, CERTA-2007-AVI-459, CVE-2007-4222, KEMG6Y8P8U]

When the document viewer of Lotus Notes try to display a .sam document (AMI Pro document), the lstrcpy() function is used to copy each read line into fixed sized buffers. No controls are realized on the size of data to copy. An attacker can thus create a malicious .sam file in order to create a buffer overflow and thus run code. [severity:4/4; 21271111, KEMG6XAS48]

When the document viewer of Lotus Notes try to display a .mif document (FrameMaker Maker Interchange File), the strcpy() and strcat() functions are used to copy each read line into fixed sized buffers. No controls are realized on the size of data to copy. An attacker can thus create a malicious .mif file in order to create a buffer overflow and thus run code. [severity:4/4; 21271111, KEMG6XPK6A]

When the document viewer of Lotus Notes try to display a .doc document (Microsoft Word for DOS), the memcpy() function is used to copy the document content into a 108 bytes buffer. The amount a data to copy is announced by the .doc document. No controls are realized on the value supplied by the document, permitting the writing of 255 bytes of data in a 108 bytes buffer. An attacker can thus create a malicious .doc file in order to create a buffer overflow and thus run code. [severity:4/4; 21271111, BID-26175, CVE-2007-5910, KEMG6XTLDN]

When the document viewer of Lotus Notes try to display a .wpd document (WordPerfect), data stored in the document are copied in a 2400 bytes buffer. In order to know the amount of data to copy, the function realizing the copy use a value defined by the document. By manipulating this value, it is possible to write more than 2400 bytes. An attacker can thus create a malicious .wpd file in order to create a buffer overflow and thus run code. [severity:4/4; 21271111, BID-26175, CVE-2007-5910, KEMG6X9QED]

Several buffer overflows at the moment of the viewing of documents by the Lotus Notes viewer were announced by IBM. Incriminated file types are: mif (Adobe Acrobat FrameMaker), aw (Applix Words), ag (Applix Presents), dll (Dynamic Link Library), rtf (Microsoft Rich Text Format), doc (Microsoft Word) and exe (Portable Executable). [severity:4/4; 21272836, KEMG6R8L3M, PRAD78WKKV]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2007-5585

Xscreensaver: denial of service

Synthesis of the vulnerability

An attacker with physical access to the machine can gain access to a locked session by exploiting a denial of service of xscreensaver.
Impacted products: Fedora.
Severity: 1/4.
Consequences: user access/rights, denial of service on service.
Provenance: physical access.
Creation date: 24/10/2007.
Identifiers: 336331, CVE-2007-5585, FEDORA-2007-2652, FEDORA-2007-2721, FEDORA-2007-2891, VIGILANCE-VUL-7278.

Description of the vulnerability

The xscreensaver application permits to lock a session by activating a screen saver. If the user realize an action on the computer when xscreensaver is used, his password is needed to unlock the session.

Several graphical modules exist for xscreensaver. One of the most popular is the GL Hacks module. If this module is activated, when the user have to enter his password, xscreensaver search the xscreensaver-gl-helper package located in the /usr/bin/ repertory.

If the xscreensaver-gl-helper package is not on the system, xscreensaver stops and give access to the locked session.

An attacker with physical access to the computer can thus unlock the session without password.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2007-5689

JRE: privilege escalation of an applet

Synthesis of the vulnerability

A remote attacker can create a malicious Java applet in order to run code on the machine of the target.
Impacted products: HP-UX, WebSphere AS Traditional, Java Oracle, Solaris, Trusted Solaris, ESX.
Severity: 3/4.
Consequences: user access/rights, data creation/edition.
Provenance: document.
Creation date: 24/10/2007.
Identifiers: 103112, 6571539, c01234533, CVE-2007-5689, HPSBUX02284, PK64999, PK65161, SSRT071483, VIGILANCE-VUL-7277, VMSA-2008-00010.3.

Description of the vulnerability

Java applets loaded by users are run on a virtual machine integrated in JRE.

A vulnerability in the implementation of the virtual machine of JRE permits an malicious applet to elevate his privileges in order to run code on the machine of the user with user rights.

A remote attacker can thus create a malicious Java applet in order to run code with user rights.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-5593 CVE-2007-5594 CVE-2007-5595

Drupal: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Drupal were announced, the worst one leading to command injection on the server.
Impacted products: Drupal Core, Fedora.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data deletion.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 24/10/2007.
Identifiers: CVE-2007-5593, CVE-2007-5594, CVE-2007-5595, CVE-2007-5596, CVE-2007-5597, DRUPAL-SA-2007-024, DRUPAL-SA-2007-025, DRUPAL-SA-2007-026, DRUPAL-SA-2007-029, DRUPAL-SA-2007-030, FEDORA-2007-2649, VIGILANCE-VUL-7276.

Description of the vulnerability

Several vulnerabilities were announced in Drupal.

An attacker can realize HTTP response splitting attacks (code injection in HTTP responses of the server). [severity:3/4; CVE-2007-5595, DRUPAL-SA-2007-024]

An attacker can inject commands on the server exploiting a vulnerability in the installation script install.php. [severity:3/4; CVE-2007-5593, DRUPAL-SA-2007-025]

The configuration of the upload module permits to an attacker to depose html files on the server. This files can be used to realize Cross Site Scripting attacks. [severity:3/4; CVE-2007-5596, DRUPAL-SA-2007-026]

An attacker can delete user accounts in Drupal using a cross site request forgery attack. [severity:3/4; CVE-2007-5594, DRUPAL-SA-2007-029]

An attacker can exploit a vulnerability in the hook_comments API in order to read unpublished comments. [severity:3/4; CVE-2007-5597, DRUPAL-SA-2007-030]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 7275

Cisco IOS: denial of service via an EAP Response Identity packet

Synthesis of the vulnerability

An attacker of the local network can send an illicit EAP Response Identity packet in order to reboot the equipment.
Impacted products: Cisco Catalyst, IOS by Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: LAN.
Creation date: 22/10/2007.
Identifiers: 98727, BID-26139, cisco-sr-20071019-eap, CSCsb45696, CSCsc55249, CSCsj56438, VIGILANCE-VUL-7275.

Description of the vulnerability

The EAP Protocol (Extensible Authentication Protocol) is an universal authentication framework mainly used in wireless networks or in peer to peer networks.

During the connection to an equipment with EAP protocol, the client responds to a EAP Request Identity packet by a EAP Response Identity packet.

An error in the management of EAP Response Identity packets by Cisco IOS can lead to a reboot of the equipment.

An attacker from the local or wireless network can thus create a denial of service of the equipment by sending a malicious EAP Response Identity packet.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-5624

Nagios: Cross Site Scripting in CGI scripts

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting attack in CGI scripts of Nagios.
Impacted products: Debian, Fedora, Nagios Open Source, openSUSE, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: LAN.
Creation date: 22/10/2007.
Identifiers: BID-26152, CVE-2007-5624, DSA-1883-1, DSA-1883-2, FEDORA-2007-4123, FEDORA-2007-4145, MDVSA-2008:067, SUSE-SR:2008:011, VIGILANCE-VUL-7274.

Description of the vulnerability

Nagios uses several CGI scripts located for example in /usr/lib/cgi-bin/nagios directory, and reachable at http://server/nagios/cgi-bin/.

A Cross Site Scripting vulnerability were announced by Nagios.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2006-2894 CVE-2006-4965 CVE-2007-1095

Seamonkey: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Seamonkey, the worst one leading to code execution.
Impacted products: Debian, Fedora, SeaMonkey, openSUSE, Solaris, RHEL, Slackware.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 22/10/2007.
Identifiers: 103177, 201516, 6582544, 6619093, BID-22688, BID-23668, BID-25543, BID-25657, BID-25913, CERTA-2007-AVI-112, CERTA-2007-AVI-446, CERTA-2007-AVI-453, CERTA-2007-AVI-505, CVE-2006-2894, CVE-2006-4965, CVE-2007-1095, CVE-2007-1256, CVE-2007-2291, CVE-2007-2292, CVE-2007-3511, CVE-2007-4673, CVE-2007-4841, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340, DSA-1401-1, FEDORA-2007-2601, FEDORA-2007-2795, mfsa2007-28, mfsa2007-29, mfsa2007-30, mfsa2007-31, mfsa2007-32, mfsa2007-33, mfsa2007-34, mfsa2007-35, mfsa2007-36, RHSA-2007:0980-01, SSA:2007-297-01, SUSE-SA:2007:057, VIGILANCE-VUL-7273, VU#349217, VU#559977, VU#751808, VU#755513.

Description of the vulnerability

Several vulnerabilities were announced in Seamonkey.

A vulnerability in QuickTime permits to make Seamonkey or Firefox interpret and run code. (VIGILANCE-VUL-7173) [severity:4/4; BID-25657, BID-25913, CERTA-2007-AVI-112, CVE-2006-4965, CVE-2007-4673, mfsa2007-28, VU#751808]

Several memory corruptions can lead to code execution. [severity:2/4; CERTA-2007-AVI-446, CVE-2007-5339, CVE-2007-5340, mfsa2007-29, VU#559977, VU#755513]

An attacker can use the "onUnload" event to steal information contained in bookmarks or to realize a "phishing" attack when the user leave a malicious web page. (VIGILANCE-VUL-6584) [severity:4/4; BID-22688, CERTA-2007-AVI-453, CVE-2007-1095, CVE-2007-1256, mfsa2007-30]

An attacker can create a malicious web site in order to force web browsers of users behind a proxy to inject a new HTTP query. (VIGILANCE-VUL-6767) [severity:4/4; BID-23668, CVE-2007-2291, CVE-2007-2292, mfsa2007-31]

An attacker can create a special Javascript code, then invite user to press keys and a button, to upload a file. (VIGILANCE-VUL-5897) [severity:4/4; CVE-2006-2894, CVE-2007-3511, mfsa2007-32]

An attacker can create a page with XUL language in order to hide his Window's title bar. This possibility elevate risk of phishing attacks. [severity:4/4; CVE-2007-5334, mfsa2007-33, VU#349217]

An attacker can read any file on unix systems, using a vulnerability in sftp protocol. [severity:4/4; CVE-2007-5337, mfsa2007-34]

An attacker can use a "script" object in order to modify XPCNativeWrapper in order to execute code. [severity:4/4; CVE-2007-5338, mfsa2007-35]

An attacker can use mailto, nntp, news and snews uris to execute commands under Windows. (VIGILANCE-VUL-7154) [severity:2/4; BID-25543, CERTA-2007-AVI-505, CVE-2007-4841, mfsa2007-36]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-4841 CVE-2007-5339 CVE-2007-5340

Thunderbird: two vulnerabilities

Synthesis of the vulnerability

Two vulnerabilities were announced in Thunderbird, the worst one leading potentially to code execution.
Impacted products: Debian, Fedora, HP-UX, Mandriva Linux, Thunderbird, RHEL, Slackware, TurboLinux.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/10/2007.
Identifiers: BID-25543, c00774579, CERTA-2007-AVI-446, CERTA-2007-AVI-505, CVE-2007-4841, CVE-2007-5339, CVE-2007-5340, DSA-1391-1, FEDORA-2007-3414, FEDORA-2007-3431, FEDORA-2007-733, HPSBUX02156, MDVSA-2007:047, mfsa2007-29, mfsa2007-36, RHSA-2007:0981-0, SSA:2007-324-01, SSRT061236, TLSA-2008-2, VIGILANCE-VUL-7272, VU#559977, VU#755513.

Description of the vulnerability

Two vulnerabilities were announced in Thunderbird.

Several memory corruptions can lead to code execution. [severity:2/4; CERTA-2007-AVI-446, CVE-2007-5339, CVE-2007-5340, mfsa2007-29, VU#559977, VU#755513]

An attacker can use mailto, nntp, news and snews uris to execute commands under Windows. (VIGILANCE-VUL-7154) [severity:2/4; BID-25543, CERTA-2007-AVI-505, CVE-2007-4841, mfsa2007-36]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821