The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability announce CVE-2008-1471

Panda AV, IS: memory corruption of cpoint.sys

Synthesis of the vulnerability

A local attacker can elevate his privileges via Panda Internet Security or Panda Antivirus+Firewall 2008.
Impacted products: Panda AV, Panda Internet Security.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user account.
Creation date: 10/03/2008.
Identifiers: 20080306 41231 EN, 20080306 41337 EN, BID-28150, CVE-2008-1471, TKADV2008-001, VIGILANCE-VUL-7647.

Description of the vulnerability

The Panda Internet Security and Panda Antivirus+Firewall 2008 products install the cpoint.sys driver.

The IOCTL 0xba002848 of this driver does not correctly check its parameters, which leads to a memory corruption.

A local attacker can therefore exploit this vulnerability to create a denial of service or elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2008-0983 CVE-2008-1111 CVE-2008-1270

Lighttpd: three vulnerabilities

Synthesis of the vulnerability

An attacker can create a denial of service on Lighttpd or obtain informations.
Impacted products: Debian, Fedora, lighttpd, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/03/2008.
Revision date: 14/03/2008.
Identifiers: BID-27943, BID-28100, BID-28226, CERTA-2002-AVI-182, CERTA-2002-AVI-195, CERTA-2002-AVI-200, CVE-2008-0983, CVE-2008-1111, CVE-2008-1270, DSA-1513-1, DSA-1521-1, DSA-1609-1, FEDORA-2008-2262, FEDORA-2008-2278, FEDORA-2008-3343, FEDORA-2008-3376, lighttpd_sa_2008_01, lighttpd_sa_2008_02, lighttpd_sa_2008_03, SUSE-SR:2008:08, VIGILANCE-VUL-7646.

Description of the vulnerability

The lighttpd program is a web server. It has three vulnerabilities.

When most file descriptors are used, a conflict can occur under Solaris. Under other systems, the maximal number of descriptors is incorrectly computed. In both cases, an attacker can therefore create several sessions in order to exhibit these errors leading to a stop of the service. [severity:2/4; BID-28100, CVE-2008-0983, lighttpd_sa_2008_01]

When a fork() error occurs during startup of a CGI script, the service does not stop and displays the contents of the script as if it was a text file. [severity:1/4; BID-27943, CVE-2008-1111, lighttpd_sa_2008_02]

When mod_userdir is loaded without configurating userdir.path, an attacker can read files from user's home directory. [severity:2/4; BID-28226, CVE-2008-1270, lighttpd_sa_2008_03]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2008-1215

BSD: buffer overflow of user-ppp

Synthesis of the vulnerability

A local attacker can elevate his privileges by creating an overflow in user-ppp.
Impacted products: FreeBSD, NetBSD, OpenBSD.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 06/03/2008.
Identifiers: CVE-2008-1215, VIGILANCE-VUL-7645.

Description of the vulnerability

The user-ppp program permits user to create a PPP (Point to Point Protocol) session. In some cases, user has to be member of the network group to use it. This program is run with root privileges.

The InterpretArg() function analyzes PPP commands. However, if the command is specially formed and too long, an overflow occurs.

A local attacker can therefore elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2008-1205

Solaris: denial of service of ipsecah

Synthesis of the vulnerability

A local attacker can create a denial of service on systems with an IPsec Security Associations daemon enabled.
Impacted products: Solaris.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 06/03/2008.
Identifiers: 233761, 6616749, BID-28112, CERTA-2008-AVI-128, CVE-2008-1205, VIGILANCE-VUL-7644.

Description of the vulnerability

The ipsecah kernel module is used by IPsec Security Associations daemons, such as in.iked.

When IPsec is enabled, and when a SA daemon is used, a local attacker can create an error in the ipsec_out_select_sa() function. This error panics the system.

A local attacker can therefore create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-4769 CVE-2007-4772 CVE-2007-6067

Tcl: denials of service of regular expressions

Synthesis of the vulnerability

An attacker can use special regular expressions in order to create three denials of service in Tcl.
Impacted products: VNX Operating Environment, VNX Series, Mandriva Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, VMware ACE, ESX, ESXi, VMware Player, VMware Server, VMware Workstation.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 06/03/2008.
Identifiers: 1810264, CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, DSA-2019-131, MDVSA-2008:059, openSUSE-SU-2016:0578-1, RHSA-2013:0122-01, SUSE-SU-2016:0555-1, VIGILANCE-VUL-7643, VMSA-2008-0009, VMSA-2008-0009.1, VMSA-2008-0009.2.

Description of the vulnerability

The Tcl program interprets programs written in Tcl language. It has three vulnerabilities.

An attacker can use a regular expression in order to create an infinite loop. [severity:1/4; CVE-2007-4772]

An attacker can use a regular expression in order to consume memory. [severity:1/4; CVE-2007-6067]

An attacker can use a regular expression in order to stop the service. [severity:1/4; CERTA-2008-AVI-005, CVE-2007-4769]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-6207

Xen: memory reading

Synthesis of the vulnerability

An attacker in a virtual system can access to the memory of another virtual system.
Impacted products: RHEL, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/03/2008.
Identifiers: 406881, BID-26716, CERTA-2007-AVI-532, CVE-2007-6207, RHSA-2008:0154-01, VIGILANCE-VUL-7642.

Description of the vulnerability

The Xen environment emulates virtual systems in the host system.

On a IA64 processor, the RID (Region Identifier) value of "mov_to_rr" is not checked, which permits to read memory of another virtual system.

An attacker in the virtual system can thus obtain sensitive information handled by another virtual system.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2007-6694

Linux kernel: denial of service of CHRP

Synthesis of the vulnerability

A local attacker can create a denial of service of CHRP under PowerPC.
Impacted products: Debian, Linux, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 05/03/2008.
Identifiers: BID-27555, CVE-2007-6694, DSA-1503-1, DSA-1504-1, DSA-1565-1, RHSA-2008:0055-01, RHSA-2008:0154-01, VIGILANCE-VUL-7641.

Description of the vulnerability

The CHRP (Common Hardware Reference Platform) standard is based on PowerPC.

When the of_get_property() function fails, a NULL pointer is dereferenced in the chrp_show_cpuinfo() function of arch/powerpc/platforms/chrp/setup.c.

A local attacker can therefore create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-5938

Linux kernel: denial of service of iwlwifi

Synthesis of the vulnerability

A local attacker can create a denial of service when the iwlwifi module is loaded.
Impacted products: Linux, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user account.
Creation date: 05/03/2008.
Identifiers: 199209, AD_LAB-07014, BID-26842, CVE-2007-5938, RHSA-2008:0154-01, VIGILANCE-VUL-7640.

Description of the vulnerability

The iwlwifi module implements WiFi Intel Wireless WiFi Link 4965AGN and Intel PRO/Wireless 3945ABG network adapters.

A NULL pointer can be dereferenced in the iwl_set_rate() function of compatible/iwl3945-base.c file when the module is loaded.

A local attacker can therefore create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-6921

Linux kernel: denial of service via zombie

Synthesis of the vulnerability

A local attacker can create processes in a zombie state in order to create a denial of service.
Impacted products: Linux, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 05/03/2008.
Identifiers: 302921, CVE-2006-6921, RHSA-2007:0939-01, RHSA-2008:0154-01, VIGILANCE-VUL-7639.

Description of the vulnerability

When a process ends, it becomes a zombie, and is adopted by init if its father is dead.

However, a local attacker can create a process in a zombie state which is not adopted. This process can not be destroyed.

A local attacker can therefore create several processes in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 7638

FireWire: memory access

Synthesis of the vulnerability

A local attacker can access to system memory by connecting to the FireWire port.
Impacted products: Windows (platform) ~ not comprehensive, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: administrator access/rights, user access/rights, data reading.
Provenance: physical access.
Creation date: 05/03/2008.
Identifiers: VIGILANCE-VUL-7638.

Description of the vulnerability

The FireWire bus is a high rate serial interface (IEEE1394 specification). It is available on most modern PC.

The FireWire bus has a direct access to system memory. This feature is defined in IEEE1394.

An attacker with a physical access can thus connect to the FireWire port and access to the memory. Attacker can for example unlock the screensaver.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2892