The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability alert CVE-2007-5947

Firefox: Cross Site Scripting via jar

Synthesis of the vulnerability

An attacker can upload a jar archive on a public site in order to create a Cross Site Scripting on this site.
Impacted products: Firefox, SeaMonkey, Mozilla Suite.
Severity: 1/4.
Consequences: client access/rights.
Provenance: internet server.
Creation date: 09/11/2007.
Identifiers: 369814, BID-26385, CVE-2007-5947, VIGILANCE-VUL-7326, VU#715737.

Description of the vulnerability

A JAR file is a ZIP archive containing required files such as HTML pages or images.

JAR uris have the following syntax:
  jar:url_to_the_archive!path_in_the_archive
For example:
  jar:http://server/file.jar!/rep/document

If attacker can upload a JAR archive to a public server, he can invite victims to click on following uri:
  jar:http://publicserver/attackersfile.zip!...
When Firefox opens this uri, the content of attacker's file is opened in the context of the public server. Attacker can therefore create a Cross Site Scripting attack.

It can be noted that several documents are in ZIP format (OpenOffice, Microsoft Office 2007, etc.) and are generally allowed to be stored on a public server.

Other web browsers (IE, Opera) may also be affected by this vulnerability.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-5846

Net-SNMP: denial of service via GETBULK

Synthesis of the vulnerability

An attacker can create a denial of service by requesting numerous data with GETBULK.
Impacted products: Debian, Fedora, Mandriva Linux, Mandriva NF, Net-SNMP, openSUSE, Pulse Connect Secure, RHEL, SLES, ESX.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 08/11/2007.
Identifiers: 1712988, BID-26378, CVE-2007-5846, DSA-1483-1, FEDORA-2007-3019, MDKSA-2007:225, RHSA-2007:1045-01, SA43730, SUSE-SR:2007:025, VIGILANCE-VUL-7325, VMSA-2008-0007, VMSA-2008-0007.1, VMSA-2008-0007.2.

Description of the vulnerability

The SNMP protocol defines several query types:
 - SET : change a parameter
 - GET : read a parameter
 - GETNEXT : obtain the next parameter
 - GETBULK : repeat GETNEXT, until a maximum indicated in the query

However, there is no limit on the number of repetitions of GETBULK. An attacker can therefore, with one request, force the SNMP server to obtain and transfer a lot of data.

An attacker can thus create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-5923

CA SiteMinder Agent: Cross Site Scripting

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting attack in CA SiteMinder Agent.
Impacted products: SiteMinder.
Severity: 1/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 08/11/2007.
Revision date: 09/11/2007.
Identifiers: BID-26375, CVE-2007-5923, VIGILANCE-VUL-7324.

Description of the vulnerability

The siteminderagent/forms/smpwservices.fcc page of CA SiteMinder Agent displays an authentication form.

The SMAUTHREASON parameter contains an integer indicating the authentication type:
 - 0 : login
 - 18 : password change
 - 29 : PIN selection
 - etc.

This integer is inserted in the JavaScript code of the page. For example:
  if (integerused == 0) ...
However, the contents of SMAUTHREASON is not sanitized. An attacker can use text data in order to inject JavaScript code:
  if (attacker_code == 0) ...

An attacker can therefore create a Cross Site Scripting attack.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-4517

Oracle DB: buffer overflow of XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA

Synthesis of the vulnerability

An authenticated attacker can create an overflow in XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA in order to obtain privileges of database.
Impacted products: Oracle DB.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 08/11/2007.
Identifiers: BID-26374, CERTA-2007-ALE-016, cpujan2008, CVE-2007-4517, VIGILANCE-VUL-7323.

Description of the vulnerability

The XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA has two parameters:
 - the owner of an object
 - the name of the object
No privileges is required to execute this procedure.

When both parameters are too long, a buffer overflow occurs.

This overflow permits an authenticated attacker to execute code with privileges of Oracle, or to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-3921

GForge: file modification

Synthesis of the vulnerability

A local attacker can use a symbolic link in order to change a file with GForge rights.
Impacted products: Debian, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 08/11/2007.
Identifiers: BID-26373, CERTA-2007-AVI-488, CVE-2007-3921, DSA-1402-1, VIGILANCE-VUL-7322.

Description of the vulnerability

The GForge tool provides a workspace for developers.

The cronjobs/mail/mailaliases.php and cronjobs/mail/mailing_lists_create.php scripts create a temporary file in an insecure manner :
 - its name can be predicted (/tmp/mailman-aliases)
 - it is located in a writable directory
 - scripts do not check if there is a symbolic link

A local attacker can create a link with the name /tmp/mailman-aliases in order to corrupt a file with rights of script.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-4570

RHEL: denial of service of mcstrans

Synthesis of the vulnerability

A local attacker can create a denial of service in the mcstransd daemon.
Impacted products: RHEL.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 08/11/2007.
Identifiers: 288201, CVE-2007-4570, RHSA-2007:0542-05, VIGILANCE-VUL-7319.

Description of the vulnerability

MCS (Multi-Category Security) extends SELinux features to permit user to associate categories to his files: "Private", "Marketing", "Top secret", etc. For example :
  chcat +Marketing file

Each category is defined in /etc/selinux/targeted/setrans.conf. For example :
  s0:c1:Private
  s0:c2:Marketing
These categories have the internal name c1 and c2. The mcstransd daemon is used to convert.

A local attacker can use a category range whose inferior number is superior to the upper number. For example "c10.c9". In this case, the daemon loops for a long time to go through c10, c11, c12, ..., c4294967295, c0, c1, ... c9 and to handle data.

A local attacker can thus create a denial of service during several hours.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2007-4136

Conga: denial of service of ricci

Synthesis of the vulnerability

An attacker can connect to ricci in order to forbid other connections.
Impacted products: RHEL.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: LAN.
Creation date: 08/11/2007.
Identifiers: 336101, CVE-2007-4136, RHSA-2007:0640-04, RHSA-2007:0983-01, VIGILANCE-VUL-7318.

Description of the vulnerability

The administration of Red Hat Clusters with Conga uses the ricci and luci services.

However, the ricci service only accepts 10 simultaneous connections, and does not correctly update the number of connections. An attacker allowed to connect to ricci can therefore forbid other connections.

An attacker can thus create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2007-4045

CUPS: denial of service via SSL

Synthesis of the vulnerability

When SSL is activated, an attacker can forbid access to service for users.
Impacted products: CUPS, Fedora, Mandriva Linux, openSUSE, RHEL, SLES, TurboLinux.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 08/11/2007.
Identifiers: BID-26524, CVE-2007-4045, FEDORA-2007-2982, FEDORA-2007-746, MDVSA-2008:036, RHSA-2007:1022-01, RHSA-2007:1023-01, RHSA-2007:1031-01, SUSE-SR:2007:014, TLSA-2008-19, VIGILANCE-VUL-7317.

Description of the vulnerability

CUPS (Common UNIX Printing System) ensures printers management under Unix.

The VIGILANCE-VUL-6641 bulletin describes a vulnerability in SSL support. However, its patch is incorrect and creates a new vulnerability.

This vulnerability permits a network attacker to conduct a denial of service by forbidding access to legitimate users.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-4352 CVE-2007-5392 CVE-2007-5393

Xpdf: three vulnerabilities

Synthesis of the vulnerability

An attacker can create a malicious PDF document leading to code execution on computer of users opening it with Xpdf, or its derivatives.
Impacted products: CUPS, Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, Slackware, SLES, TurboLinux, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/11/2007.
Identifiers: 2007-88, advisory-20071107-1, BID-26367, CERTA-2007-AVI-484, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393, DSA-1408-1, DSA-1480-1, DSA-1509-1, DSA-1537-1, FEDORA-2007-2982, FEDORA-2007-2985, FEDORA-2007-3001, FEDORA-2007-3014, FEDORA-2007-3031, FEDORA-2007-3059, FEDORA-2007-3093, FEDORA-2007-3100, FEDORA-2007-3308, FEDORA-2007-3390, FEDORA-2007-4031, FEDORA-2007-746, FEDORA-2007-750, MDKSA-2007:219, MDKSA-2007:220, MDKSA-2007:221, MDKSA-2007:222, MDKSA-2007:223, MDKSA-2007:227, MDKSA-2007:228, MDKSA-2007:230, RHSA-2007:1021-01, RHSA-2007:1022-01, RHSA-2007:1023-01, RHSA-2007:1024-01, RHSA-2007:1025-01, RHSA-2007:1026-01, RHSA-2007:1027-02, RHSA-2007:1028-01, RHSA-2007:1029-01, RHSA-2007:1030-01, RHSA-2007:1051-01, SSA:2007-316-01, SUSE-SA:2007:060, TLSA-2008-19, VIGILANCE-VUL-7316.

Description of the vulnerability

The Xpdf program is used to display PDF documents. Source code of this program is used in several software: gpdf, cups, etc. The xpdf/Stream.cc file has 3 vulnerabilities.

The DCTStream::readProgressiveDataUnit() method can be used to corrupt memory. [severity:3/4; CERTA-2007-AVI-484, CVE-2007-4352]

An integer overflow in DCTStream::reset() creates a buffer overflow. [severity:3/4; CVE-2007-5392]

A PDF file containing a malicious CCITTFaxDecode filter can create an overflow in CCITTFaxStream::lookChar(). [severity:3/4; CVE-2007-5393]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-5956 CVE-2007-5957

Informix DS: vulnerabilities

Synthesis of the vulnerability

Two vulnerabilities of Informix Dynamic Server permit an attacker to execute code or to create a denial of service.
Impacted products: Informix Server.
Severity: 2/4.
Consequences: administrator access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/11/2007.
Revision date: 12/11/2007.
Identifiers: 7011082, BID-26363, CVE-2007-5670-REJECT, CVE-2007-5956, CVE-2007-5957, IC53588, IC54252, VIGILANCE-VUL-7315.

Description of the vulnerability

Two vulnerabilities affect Informix Dynamic Server.

Under Windows, with Informix Dynamic Server version 10.00.TC3TL or 11.10.TB4TL, an attacker can use a "SQ_ONASSIST query" to stop the service. The sq_onassist function is an internal function as indicated by "onstat -g sym". [severity:2/4; CVE-2007-5957, IC53588]

The DBLANG environment variable indicates the subdirectory of INFORMIXDIR containing translated message files (for example $INFORMIXDIR/msg/en_us/*.iem). An attacker can use this variable in order to escape from the allowed directory and to access to other messages files. He can thus create a format string attack via suid programs. Attacker can therefore for example obtain root privileges. [severity:2/4; CVE-2007-5670-REJECT, CVE-2007-5956, IC54252]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2816