The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability announce CVE-2008-0072

Evolution: format string attack via an email

Synthesis of the vulnerability

An attacker can send a malicious email, and wait for victim to select it in order to create a denial of service or to execute code.
Impacted products: Debian, Fedora, Mandriva Linux, NLD, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet client.
Creation date: 05/03/2008.
Identifiers: BID-28102, CERTA-2002-AVI-195, CVE-2008-0072, DSA-1512-1, FEDORA-2008-2290, FEDORA-2008-2292, MDVSA-2008:063, RHSA-2008:0177-01, RHSA-2008:0178-01, SUSE-SA:2008:014, VIGILANCE-VUL-7637, VU#512491.

Description of the vulnerability

The Evolution product provides collaborative tools.

When user selects an encrypted email, the emf_multipart_encrypted() function of mail/em-format.c file analyzes the "Version:" field. However, a format string attack can occur in this function.

An attacker can therefore create a malicious email in order to generate a denial of service or code execution on computer of victims selecting it.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2008-0883

Adobe Reader: vulnerability of acroread script

Synthesis of the vulnerability

Under Unix, a local attacker can use a vulnerability of Adobe Acrobat Reader 8.1.2 to elevate his privileges or alter files.
Impacted products: Acrobat, openSUSE, Solaris, RHEL, SLES.
Severity: 1/4.
Consequences: user access/rights, data creation/edition, data deletion.
Provenance: user account.
Creation date: 05/03/2008.
Revision date: 12/03/2008.
Identifiers: 240106, 6718894, APSA08-02, BID-28091, CERTA-2008-AVI-166, CVE-2008-0883, RHSA-2008:0641-02, SUSE-SR:2008:005, VIGILANCE-VUL-7636.

Description of the vulnerability

Under Unix, the "acroread" script calls Adobe Acrobat Reader 8.1.2.

However, this script does not correctly handle temporary data during the SSL certificate handling.

This vulnerability can be used by a local attacker to elevate his privileges or alter files.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2008-1181

Juniper Networks Secure Access: information disclosure

Synthesis of the vulnerability

An attacker can obtain the name of installation path of Juniper Networks Secure Access 2000.
Impacted products: IVE OS, Juniper SA.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 05/03/2008.
Identifiers: CVE-2008-1181, PR07-42, VIGILANCE-VUL-7635.

Description of the vulnerability

The Juniper Networks Secure Access 2000 product proposes a web site containing for example:
  https://site/dana-na/auth/welcome.cgi
  https://site/dana-na/auth/remediate.cgi
  https://site/dana-na/auth/rdremediate.cgi

When an error occurs in the remediate.cgi script, it displays the path of the root directory of the website. For example :
  /home/webserver/htdocs/

An attacker can thus obtain the name of installation path of Juniper Networks Secure Access 2000.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2008-1180

Juniper Networks Secure Access: Cross Site Scripting

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting in Juniper Networks Secure Access 2000.
Impacted products: IVE OS, Juniper SA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 05/03/2008.
Identifiers: CVE-2008-1180, PR07-41, VIGILANCE-VUL-7634.

Description of the vulnerability

The Juniper Networks Secure Access 2000 product proposes a web site containing for example:
  https://site/dana-na/auth/welcome.cgi
  https://site/dana-na/auth/remediate.cgi
  https://site/dana-na/auth/rdremediate.cgi

However, the delivery_mode parameter of rdremediate.cgi is not sanitized before being displayed in the HTML error page.

An attacker can therefore create a Cross Site Scripting in Juniper Networks Secure Access 2000.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-1167 CVE-2008-1168

SARG: vulnerabilities de User-Agent

Synthesis of the vulnerability

An attacker can create two vulnerabilities in Squid Analysis Report Generator via the User-Agent header.
Impacted products: Mandriva Linux, Mandriva NF, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, client access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/03/2008.
Identifiers: BID-28077, CVE-2008-1167, CVE-2008-1168, MDVSA-2008:079, SUSE-SR:2008:006, VIGILANCE-VUL-7633.

Description of the vulnerability

The SARG (Squid Analysis Report Generator) tool generates web statistics on Squid usage.

The HTTP User-Agent header contains the name of the web browser used by the client.

Two vulnerabilities of SARG can be exploited by an attacker setting a malicious User-Agent header.

When the header is too long, a buffer overflow occurs and leads to code execution. [severity:3/4; CVE-2008-1167]

A malicious header can create a Cross Site Scripting. [severity:2/4; CVE-2008-1168]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2008-1185 CVE-2008-1186 CVE-2008-1187

Java JDK/JRE/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.
Impacted products: Fedora, NLD, OES, openSUSE, Java Oracle, RHEL, SLES, ESX.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 04/03/2008.
Revision date: 06/03/2008.
Identifiers: 233321, 233322, 233323, 233324, 233325, 233326, 233327, 6587132, 6588002, 6593303, 6605184, 6605187, 6608712, 6609756, 6611594, 6623233, 6633265, 6633278, 6634129, 6660121, 6660717, BID-28083, BID-28125, CERTA-2008-AVI-118, CERTA-2008-AVI-476, CESA-2007-005, CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, FEDORA-2008-2229, RHSA-2008:0186-01, RHSA-2008:0210-01, RHSA-2008:0243-01, RHSA-2008:0244-01, RHSA-2008:0245-01, RHSA-2008:0267-01, RHSA-2008:0555-01, SUSE-SA:2008:018, SUSE-SA:2008:025, VIGILANCE-VUL-7632, VMSA-2008-00010.3, VU#223028, ZDI-08-009, ZDI-08-010.

Description of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.

An applet can use two vulnerabilities of Java Runtime Environment Virtual Machine in order to access to files or to execute code. [severity:4/4; 233321, 6587132, 6593303, CERTA-2008-AVI-118, CERTA-2008-AVI-476, CVE-2008-1185, CVE-2008-1186]

An applet can use XSLT to access to resources via an url, execute code or create a denial of service. [severity:3/4; 233322, 6588002, CVE-2008-1187]

Three buffer overflows of Java Web Start permit an application to execute code. Two other vulnerabilities can be used to access to files. [severity:4/4; 233323, 6605184, 6605187, 6609756, 6611594, 6623233, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, ZDI-08-009, ZDI-08-010]

An applet can execute software installed on the computer. [severity:3/4; 233324, 6608712, CVE-2008-1192]

An applet can use a malicious image in order to execute code or to create a denial of service. [severity:4/4; 233325, 6633265, 6633278, 6660717, BID-28125, CESA-2007-005, CVE-2008-1193, CVE-2008-1194]

A JavaScript code can use the JRE to connect to network services. [severity:2/4; 233326, 6634129, CVE-2008-1195]

An application can create an overflow in Java Web Start in order to execute code. [severity:4/4; 233327, 6660121, CVE-2008-1196, VU#223028]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-1115

Solaris 8: denial of service

Synthesis of the vulnerability

A local attacker can use some system calls on directories in order to panic the computer.
Impacted products: Solaris, Trusted Solaris.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 03/03/2008.
Identifiers: 200163, 6384114, BID-28069, CVE-2008-1115, VIGILANCE-VUL-7631.

Description of the vulnerability

The mkdir(), rmdir() and rename() system calls create, delete and rename a directory.

A local attacker can for example simultaneously call rmdir() and rename() to generate an error in vfs_rename_lock(). This error panics the system.

A local attacker can therefore create a denial of service on a UFS filesystem.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-6016 CVE-2007-6017 CVE-2007-6252

IE: vulnerabilities of several ActiveX of March 2008

Synthesis of the vulnerability

Several ActiveX permit a remote attacker to generate a denial of service or to execute code.
Impacted products: IE.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 03/03/2008.
Revisions dates: 11/03/2008, 12/03/2008, 19/03/2008, 26/03/2008.
Identifiers: APSB08-09, BID-26904, BID-28058, BID-28131, BID-28157, BID-28268, BID-28287, BID-28292, BID-28301, BID-28354, BID-28442, CERTA-2008-AVI-112, CERTA-2008-AVI-170, CVE-2007-6016, CVE-2007-6017, CVE-2007-6252, CVE-2007-6253, CVE-2007-6254, CVE-2008-1282, CVE-2008-1307, CVE-2008-1309, CVE-2008-1472, CVE-2008-1490, CVE-2008-1605, CVE-2008-6638, JVN#10606373, VIGILANCE-VUL-7630, VU#329673, VU#362849, VU#524857, VU#831457.

Description of the vulnerability

Several ActiveX permit a remote attacker to generate a denial of service or to execute code.

An attacker can create an overflow in the _DOWText0 parameter of Symantec BackupExec Calendar Control PVCalendar.ocx ActiveX in order to execute code. [severity:2/4; BID-26904, CERTA-2008-AVI-112, CVE-2007-6016, CVE-2007-6017]

An attacker can create several overflows in the Learn2 STRunner iestm32.dll ActiveX in order to execute code. [severity:2/4; BID-28058, CVE-2007-6252, VU#524857]

An attacker can use an overflow of the FilePath attribute in B21Soft BFup ActiveX in order to execute code. [severity:2/4; BID-28131, CVE-2008-1282, JVN#10606373]

An attacker can corrupt memory of Real Networks RealPlayer rmoc3260.dll ActiveX in order to create a denial of service or to execute code. [severity:2/4; BID-28157, CVE-2008-1309, VU#831457]

An attacker can create an overflow in the SetUninstallName() method of KingSoft UpdateOcx2.dll ActiveX in order to execute code. [severity:2/4; CVE-2008-1307]

An attacker can execute code via Adobe Form Designer 5.0 and Adobe Form Client 5.0 Components ActiveX. [severity:2/4; APSB08-09, CVE-2007-6253, VU#362849]

An attacker can create an overflow in the AddColumn() method of CA BrightStor ARCserve Backup ActiveX in order to execute code. [severity:2/4; BID-28268, CERTA-2008-AVI-170, CVE-2008-1472]

An attacker can read or alter the registry via the Registry Pro epRegPro.ocx ActiveX. [severity:2/4; BID-28287]

An attacker can create an overflow in the RptViewerAX.dll ActiveX of BusinessObjects 6.5 in order to execute code (VIGILANCE-VUL-7681). [severity:2/4; BID-28292, CVE-2007-6254, VU#329673]

An attacker can use the RemoveFileOrDir() method of Univeral HTTP File Upload UUploaderSvrD.dll ActiveX in order to delete a file or a directory. [severity:2/4; BID-28301, CVE-2008-6638]

An attacker can generate an overflow in the Pizco ImageUploader4.ocx ActiveX in order to execute code on computer of victim. [severity:2/4; BID-28354, CVE-2008-1490]

An attacker can use the SaveSettingsToFile() method of LEADTOOLS Multimedia Toolkit LTMM15.DLL ActiveX in order to overwrite files. [severity:2/4; BID-28442, CVE-2008-1605]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-1149

phpMyAdmin: SQL injection

Synthesis of the vulnerability

An attacker can use cookies to generate a SQL injection in phpMyAdmin.
Impacted products: Debian, Fedora, openSUSE, phpMyAdmin, SLES.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: intranet server.
Creation date: 03/03/2008.
Identifiers: BID-28068, CERTA-2002-AVI-203, CVE-2008-1149, DSA-1557-1, FEDORA-2008-2189, MDVSA-2008:131, PMASA-2008-1, SUSE-SR:2008:026, SUSE-SR:2009:003, VIGILANCE-VUL-7629.

Description of the vulnerability

The phpMyAdmin program is used to administer a MySQL database.

In PHP language, user variables come from several sources:
 - $_GET : variables from the url
 - $_POST : variables posted in a form
 - $_COOKIE : variables defined in a cookie
 - $_REQUEST : all these variables

The phpMyAdmin source code uses $_REQUEST to generate a SQL query. The affected page is located in a sequence of pages: attacker can not define its variables via GET nor POST (via XSS or XSRF). However, a website hosted on the same site can define a cookie with the variable name used in the affected page. This cookie is ignored by first pages of the sequence, but is used is the affected page.

A local attacker can thus inject SQL code in phpMyAdmin.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 7628

ViewVC: information disclosure

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ViewVC in order to obtain information on projects.
Impacted products: Fedora, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 03/03/2008.
Identifiers: BID-28055, FEDORA-2008-2143, FEDORA-2008-2159, VIGILANCE-VUL-7628.

Description of the vulnerability

The ViewVC service is used to display source code via CVS or Subversion. It has several vulnerabilities.

Query results contain hidden files. [severity:2/4]

An attacker can change the url to access to hidden directories. [severity:2/4]

Revision views contain forbidden paths. [severity:2/4]

An attacker can access to the history log. [severity:2/4]

Diff parameters can be used to access to forbidden files. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2851