The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability bulletin CVE-2007-2878

Linux kernel: denial of service of VFAT

Synthesis of the vulnerability

On a 64 bits processor, a local attacker can create a denial of service by using a VFAT ioctl.
Impacted products: Debian, Linux, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 02/11/2007.
Identifiers: BID-24134, CERTA-2002-AVI-197, CVE-2007-2878, DSA-1479-1, RHSA-2007:0939-01, VIGILANCE-VUL-7303.

Description of the vulnerability

The kernel_dirent structure stores information about a directory.

The VFAT_IOCTL_READDIR_BOTH ioctl is used to read directories on a VFAT filesystem.

However, on a 64 bits architecture, using this ioctl corrupts the kernel_dirent structure. Kernel then stops when it is first used.

A local attacker can therefore create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-5796

Blue Coat ProxySG: Cross Site Scripting

Synthesis of the vulnerability

Two Cross Site Scripting can be exploited on the web administration console of Blue Coat ProxySG.
Impacted products: ProxySG par Blue Coat.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/11/2007.
Identifiers: BID-26286, CVE-2007-5796, PR07-29, VIGILANCE-VUL-7302.

Description of the vulnerability

Two vulnerabilities of Blue Coat ProxySG permit an attacker to execute Javascript code in the web browser of administrators connected to the web management console.

The "name" parameter of Secure/Local/console/install_upload_action/crl_format script is not correctly filtered. [severity:2/4]

The "file" parameter of Secure/Local/console/install_upload_from_file.htm script is not correctly filtered. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 7301

Sendmail: denial of service via MIME

Synthesis of the vulnerability

An attacker can use long MIME lines in order to generate an error in Sendmail.
Impacted products: Sendmail.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 02/11/2007.
Identifiers: VIGILANCE-VUL-7301.

Description of the vulnerability

The MaxMimeHeaderLength directive, introduced in Sendmail version 8.10.0, defines maximal size of MIME headers:
  MaxMimeHeaderLength=max_total/max_each_parameter

When this directive is enabled (case by default), the mime8to7() function of sendmail/mime.c file does not correctly handle lines whose size reaches MAXLINE-1 characters. An error thus occurs. This error can stop the daemon.

An attacker can therefore send a malicious email in order to create a denial of service on Sendmail.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-5544

Lotus Notes: access to another user data

Synthesis of the vulnerability

An attacker using Lotus Notes on the same Windows machine as another user can access his data.
Impacted products: Domino.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 31/10/2007.
Identifiers: BID-26146, CVE-2007-5544, KEMG6B7MMJ, KEMG6M9RAU, KHON738QB6, PRAD74LKW5, SYMSA-2007-013, VIGILANCE-VUL-7300.

Description of the vulnerability

In some situations, it is possible than several user use in the same time Lotus Notes on a Windows machine (in case of a Citrix server for example).

On Windows platform, allocated memory to Lotus Notes is shared between users without access restriction.

A local attacker can thus access to data in memory of other users.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-5197

Mono: buffer overflow of BigInteger

Synthesis of the vulnerability

An attacker can generate an overflow in the BigInteger class of Mono.
Impacted products: Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 31/10/2007.
Identifiers: CERTA-2007-AVI-485, CVE-2007-5197, DSA-1397-1, FEDORA-2007-2969, FEDORA-2007-3130, FEDORA-2007-745, MDKSA-2007:218, MDVSA-2009:322, SUSE-SR:2007:023, VIGILANCE-VUL-7299.

Description of the vulnerability

The Mono environment is used to develop and run .NET applications under Unix.

The Mono.Math.BigInteger class implements support of long integers used in cryptography.

A buffer overflow was announced in this class. Its technical details and its exploitation method are unknown.

An attacker can therefore execute code in applications using BigInteger.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2007-3850

Linux kernel: reading memory under PowerPC

Synthesis of the vulnerability

Under PowerPC, a local attacker can use some drivers to read areas of kernel memory.
Impacted products: Linux, RHEL.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 31/10/2007.
Identifiers: 308811, BID-26161, CVE-2007-3850, RHSA-2007:0940-01, VIGILANCE-VUL-7298.

Description of the vulnerability

On a PowerPC architecture, drivers can use memory pages of 4kb or 64kb. The eHCA driver uses pages of 4kb.

However, the Linux kernel only handles pages of 64kb. Linux kernel thus transmits to user 60kb of uninitialized data coming from memory.

A local attacker can therefore obtain sensitive information contained in these 60kb of memory.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2007-3380

RHEL 5: denial of service of DLM

Synthesis of the vulnerability

An attacker can connect to the TCP port of Distributed Lock Manager in order to generate a denial of service.
Impacted products: RHEL.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: LAN.
Creation date: 31/10/2007.
Identifiers: 245892, 245922, BID-24968, CVE-2007-3380, RHSA-2007:0940-01, VIGILANCE-VUL-7297.

Description of the vulnerability

The Distributed Lock Manager permits an application to synchronize its access to shared resources. The Linux kernel of Red Hat Enterprise Linux contains a DLM, which can listen on a TCP port.

However, this implementation does not handles concurrent accesses to the TCP socket. A network attacker can therefore connect to this port with no activity. All applications using the DLM cannot access to it, and thus hang.

A network attacker, allowed to connect to this port, can therefore create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-4574

RHEL 5: denial of service under 64bits

Synthesis of the vulnerability

A local attacker can create a denial of service on a AMD64 or Intel 64 computer.
Impacted products: RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user account.
Creation date: 31/10/2007.
Identifiers: 213313, 298141, BID-26158, CVE-2007-4574, RHSA-2007:0940-01, VIGILANCE-VUL-7296.

Description of the vulnerability

The Linux kernel of Red Hat Enterprise Linux 5 has a "stack unwinder" patch backported from the official kernel, but modified.

In some cases, on a AMD64 or Intel 64 processor, this patch incorrectly sets a bit in the CS (Code Segment) register. The official kernel is not affected.

A local attacker can generate this error and thus stop the kernel.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-4351

CUPS: buffer overflow of IPP

Synthesis of the vulnerability

A network attacker can generate an overflow in CUPS in order to create a denial of service or to execute code.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Slackware, SLES, TurboLinux, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on server.
Provenance: intranet client.
Creation date: 31/10/2007.
Identifiers: 2007-76, BID-26268, CERTA-2007-AVI-467, CERTA-2007-AVI-551, CERTA-2008-AVI-338, CVE-2007-4351, DSA-1407-1, FEDORA-2007-2715, FEDORA-2007-2982, FEDORA-2007-740, MDKSA-2007:204, MDKSA-2007:204-1, RHSA-2007:1020-01, RHSA-2007:1022-01, RHSA-2007:1023-01, SSA:2007-305-01, SUSE-SA:2007:058, TLSA-2008-19, VIGILANCE-VUL-7295, VU#446897.

Description of the vulnerability

The CUPS system (Common UNIX Printing System) provides printers management under Unix.

This software uses the IPP protocol (Internet Printing Protocol) which listens on port 631/tcp. This protocol uses tags:
 - IPP_TAG_CHARSET : character set
 - IPP_TAG_DATE : date
 - IPP_TAG_TEXTLANG (textWithLanguage, 0x35) : text depending on language
 - IPP_TAG_NAMELANG (nameWithLanguage, 0x36) : variable depending on language
 - etc.

The ippReadIO() function of cups/ipp.c file reads these tags. Size of values contained in IPP_TAG_TEXTLANG and IPP_TAG_NAMELANG is checked. However, this check uses '>' instead of '>='. An overflow of one byte thus occurs if value is too long.

A network attacker can therefore generate an overflow in CUPS in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-4217 CVE-2007-4513 CVE-2007-4621

AIX: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities permit a local attacker to elevate his privileges.
Impacted products: AIX.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 8.
Creation date: 31/10/2007.
Identifiers: BID-26256, BID-26257, BID-26258, BID-26259, BID-26260, BID-26262, BID-26263, BID-30999, CERTA-2007-AVI-464, CVE-2007-4217, CVE-2007-4513, CVE-2007-4621, CVE-2007-4622, CVE-2007-4623, CVE-2007-5804, CVE-2007-5805, CVE-2008-4018, VIGILANCE-VUL-7294.

Description of the vulnerability

Several vulnerabilities permit a local attacker to elevate his privileges.

A local attacker can use a stack overflow in the bellmail program in order to elevate his privileges. The bellmail program is installed by default and is set-uid root. The overflow appears during execution of the sendrmt() function used when the user uses the "m" command to send a mail. [severity:3/4; BID-26257, CVE-2007-4623]

A local attacker can create or modify any file on the system with root rights by using the swcons program. The swcons program is installed by default and is set-uid root. When the user us the -p option, the swcons program write 65,535 bytes of data in the specified file and modify rights on this file to mode 222, which allow any user to modify it. As the program is set-uid root, any file of the system can thus be acceded. [severity:3/4; BID-26258, BID-30999, CVE-2007-5804, CVE-2007-5805, CVE-2008-4018]

A local attacker can use a buffer overflow in the crontab program in order to elevate his privileges. The crontab program is installed by default and is set-uid root. The overflow appears during execution of the main() function when the program processes arguments sent in parameter. [severity:3/4; BID-26263, CERTA-2007-AVI-464, CVE-2007-4621]

A local attacker can use an integer overflow in the dig program in order to elevate his privileges. The dig program is installed by default and is set-uid root. The overflow appears during execution of the dns_name_fromtext() function of the libdns.a library used when the user uses the -y option to set in parameter a TSIG key. [severity:3/4; BID-26262, CVE-2007-4622]

A local attacker can use a buffer overflow in the ftp program in order to elevate his privileges. The ftp program is installed by default and is set-uid root. The overflow appears during execution of the main() function used when a macro is executed by the program. [severity:3/4; BID-26260, CVE-2007-4217]

A local attacker can use a stack overflow in the lquerypv program in order to elevate his privileges. The lquerypv program is installed by default and is set-uid root. The overflow appears during the parsing of parameters set to the -V option. [severity:3/4; BID-26259, CVE-2007-4513]

A local attacker can use a stack overflow in the lqueryvg program in order to elevate his privileges. The lqueryvg program is installed by default and is set-uid root. The overflow appears during the parsing of parameters set to the -p option. [severity:3/4; BID-26256, CVE-2007-4513]

A local attacker can use a buffer overflow in the tftp program in order to elevate his privileges. The tftp program is installed by default and is set-uid root. [severity:3/4]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2816