The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability alert 7336

Thomson SpeedTouch: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Thomson SpeedTouch permit an attacker to create Cross Site Scripting attacks or to elevate his privileges.
Impacted products: SpeedTouch.
Severity: 2/4.
Consequences: privileged access/rights, client access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 5.
Creation date: 12/11/2007.
Identifiers: BID-25972, BID-26808, VIGILANCE-VUL-7336.

Description of the vulnerability

Several vulnerabilities were announced in Thomson SpeedTouch.

The modem does not handle CSRF attacks. [severity:2/4]

An attacker can create several Cross Site Scripting attacks. [severity:2/4]

An attacker can use a double slash to bypass authentication. [severity:2/4]

An attacker can access to advanced features without entering a password. [severity:2/4]

An attacker can access to saved features. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-5976 CVE-2007-5977

phpMyAdmin: Cross Site Scripting of database name

Synthesis of the vulnerability

An attacker can create two Cross Site Scripting attacks in phpMyAdmin.
Impacted products: Fedora, phpMyAdmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/11/2007.
Identifiers: 071108a, BID-26512, BID-26513, CVE-2007-5976, CVE-2007-5977, FEDORA-2007-3639, FEDORA-2007-3666, MDKSA-2007:229, PMASA-2007-7, VIGILANCE-VUL-7335.

Description of the vulnerability

The phpMyAdmin program is used to administer a MySQL database. Two Cross Site Scripting can be created using a malicious database name.

An attacker can use the db parameter of db_create.php script. [severity:2/4; 071108a, BID-26512, CVE-2007-5976, CVE-2007-5977]

An attacker can use groups in libraries/List_Database.class.php. [severity:2/4; BID-26513]

An attacker can therefore create a Cross Site Scripting attack, when victim is authenticated on phpMyAdmin.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-5756

WinPcap: privilege elevation

Synthesis of the vulnerability

A local attacker can elevate his privileges or create a denial of service via WinPcap.
Impacted products: Windows (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 12/11/2007.
Revision date: 13/11/2007.
Identifiers: BID-26409, CVE-2007-5756, VIGILANCE-VUL-7334.

Description of the vulnerability

The WinPcap product installs the NPF.SYS driver and two libraries (packet.dll et wpcap.dll) permitting applications to capture network packets. BPF filters are defined by user to filter captured packets.

When WinPcap is installed on a 32 bit processor, the driver implements a feature named TME (Table Management Extensions) used by BPF filters. However, this feature does not validate indexes of array items. An attacker can therefore define a filter creating a memory corruption in the bpf_filter_init() function of driver/win_bpf_filter_init.c file.

A local attacker can therefore elevate his privileges or create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-5741

Plone: code execution via statusmessages and linkintegrity

Synthesis of the vulnerability

An attacker can use special data in order to execute code in statusmessages and linkintegrity modules of Plone.
Impacted products: Debian, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 12/11/2007.
Identifiers: BID-26354, CERTA-2007-AVI-482, CVE-2007-5741, DSA-1405-1, DSA-1405-2, VIGILANCE-VUL-7333.

Description of the vulnerability

The Plone environment is a content management system implemented over Zope (written in Python). The statusmessage module handles messages in various languages. The linkintegrity module forbids user to delete a page pointed by link.

Both modules interpret data coming from attacker as Python data.

An attacker can therefore execute code on the server.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2005-4872 CVE-2006-7225 CVE-2006-7226

PCRE: integer overflows of regular expressions

Synthesis of the vulnerability

When attacker can change the regular expression used by a program, he can corrupt its memory in order for example to execute code.
Impacted products: Debian, Mandriva NF, NLD, OES, openSUSE, RHEL, Snort, SLES, Unix (platform) ~ not comprehensive, ESX.
Severity: 1/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 12/11/2007.
Revision date: 29/11/2007.
Identifiers: BID-26462, BID-26725, BID-26727, CERTA-2007-AVI-513, CERTA-2008-AVI-103, CERTA-2008-AVI-207, CERTA-2008-AVI-239, CESA-2007-006, CVE-2005-4872, CVE-2006-7224-REJECT, CVE-2006-7225, CVE-2006-7226, CVE-2006-7227, CVE-2006-7228, DSA-1570-1, MDVSA-2008:012, RHSA-2007:1052-01, RHSA-2007:1052-02, RHSA-2007:1059-01, RHSA-2007:1063-01, RHSA-2007:1065-01, RHSA-2007:1068-01, RHSA-2007:1076-02, RHSA-2007:1077-01, RHSA-2008:0546-01, SUSE-SA:2007:062, SUSE-SA:2008:004, VIGILANCE-VUL-7332, VMSA-2008-0003, VMSA-2008-0003.1, VMSA-2008-0007, VMSA-2008-0007.1, VMSA-2008-0007.2.

Description of the vulnerability

The PCRE library implements Perl compatible regular expressions (different than POSIX). Several vulnerabilities affect this library.

An attacker can create an integer overflow in pcre_compile(), via "name_count" and "max_name_size". [severity:1/4; CERTA-2007-AVI-513, CVE-2006-7227]

A sequence like "(?P<0>)(?P<1>)" creates a denial of service. [severity:1/4; CVE-2005-4872]

An attacker can create several integer overflows in pcre_compile(), via "max", "min" and "duplength". [severity:1/4; CERTA-2008-AVI-103, CERTA-2008-AVI-207, CVE-2006-7228]

A special sequence such as "[[,abc,]]" creates a denial of service during its compilation. [severity:1/4; BID-26725, CVE-2006-7225]

A malicious sequence such as "(xxx(?P>B)){3}" can create a memory corruption. [severity:1/4; BID-26727, CVE-2006-7226]

When attacker can change the regular expression used by a program, he can thus corrupt its memory in order for example to execute code. In some cases, he can also read memory contents or create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2007-5037

inotify-tools: buffer overflow of inotifytools_snprintf

Synthesis of the vulnerability

An attacker can create an overflow in programs linked to the libinotifytools library.
Impacted products: Debian, Fedora, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 12/11/2007.
Identifiers: CVE-2007-5037, DSA-1440-1, FEDORA-2007-3074, VIGILANCE-VUL-7331.

Description of the vulnerability

Linux kernels above 2.6.13 implement the inotify sub-system which handles events.

The inotify-tools suite proposes tools for inotify, and the libinotifytools library.

However, the inotifytools_snprintf() function implemented in the library ignores size of array, which creates an overflow.

An attacker can therefore execute code with privileges of applications linked to libinotifytools.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-5712

Django: denial of service

Synthesis of the vulnerability

An attacker can use the Accept-Language header in order to create a denial of service in Django.
Impacted products: Debian, Fedora, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 12/11/2007.
Identifiers: BID-26227, CVE-2007-5712, DSA-1640-1, FEDORA-2007-2788, FEDORA-2007-3157, VIGILANCE-VUL-7330.

Description of the vulnerability

The Django environment is used to create web sites in Python.

When the multi-language (internationalization, i18n) support is enabled, the Accept-Language HTTP header is used to indicate the language. However, Django saves all Accept-Language values it receives.

An attacker can therefore send numerous different queries in order to progressively use all memory on system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-3378 CVE-2007-4887 CVE-2007-5898

PHP 5: several vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5 in order to create a denial of service or to execute code.
Impacted products: Debian, HP-UX, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, PHP, RHEL, Slackware, SLES, TurboLinux.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/11/2007.
Identifiers: BID-26403, CERTA-2008-AVI-002, CVE-2007-3378, CVE-2007-4887, CVE-2007-5898, CVE-2007-5899, CVE-2007-5900, DSA-1444-2, emr_na-c01345501-1, emr_na-c01438646, HPSBUX02308, HPSBUX02332, MDVSA-2008:125, MDVSA-2008:126, MDVSA-2008:127, MDVSA-2008:128, MDVSA-2008:129, MDVSA-2008:130, MDVSA-2010:007, RHSA-2008:0505-01, RHSA-2008:0544-01, RHSA-2008:0545-01, RHSA-2008:0546-01, RHSA-2008:0582-01, SSA:2007-314-01, SSA:2007-314-02, SSRT080010, SSRT080056, SUSE-SA:2008:004, TLSA-2008-27, VIGILANCE-VUL-7329.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.

The dl() function accepts to load all file types. [severity:3/4]

The dl() function does not limit size of filename, which creates an overflow. [severity:3/4; CVE-2007-4887]

The htmlentities() and htmlspecialchars() functions do not correctly filter partial multibyte sequences. [severity:3/4; CVE-2007-5898]

An attacker can create an overflow in fnmatch(), setlocale() and glob() functions of glibc. [severity:3/4]

The mail.force_extra_parameters directive can be changed in a .htaccess file (VIGILANCE-VUL-6946). [severity:3/4; CERTA-2008-AVI-002, CVE-2007-3378]

The session identifier can be incorrectly added in non local forms. [severity:3/4; CVE-2007-5899]

The init_set() function can modify php_admin_* values defined in httpd.conf. [severity:3/4; CVE-2007-5900]

These vulnerabilities are local or remote depending on the context.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2007-5921

Solaris: denial of service of SVM

Synthesis of the vulnerability

A local attacker can use a malicious Solaris Volume Manager ioctl in order to panic the system.
Impacted products: Solaris.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 09/11/2007.
Identifiers: 103143, 6497289, BID-26376, CVE-2007-5921, VIGILANCE-VUL-7328.

Description of the vulnerability

The Solaris Volume Manager program permits to create and handle RAID or logical volumes.

The md_base_ioctl() function of usr/src/uts/common/io/lvm/md/md_ioctl.c file implements associated ioctls. However, some of these ioctls (MD_IOCGET_TSTATE, MD_IOCGET_DRVNM, etc.) do not check the device minor number.

A local attacker can therefore use an invalid minor number in order to stop the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2007-5946

HP-UX: privilege elevation via Aries PA Emulator

Synthesis of the vulnerability

A local attacker can elevate his privileges via a vulnerability of Aries PA Emulator.
Impacted products: HP-UX.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/11/2007.
Identifiers: BID-26383, c01241483, CVE-2007-5946, HPSBUX02285, SSRT071484, VIGILANCE-VUL-7327.

Description of the vulnerability

The Aries PA emulator permits PA-RISC applications to execute on Itanium IA-64 architectures.

A local attacker can elevate his privileges via a vulnerability of Aries PA Emulator.

This vulnerability could be related to oget/oset system call implementation or to a libc corruption.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2824