The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

threat CVE-2008-0930 CVE-2008-0931

XWine: vulnerabilities

Synthesis of the vulnerability

A local attacker can elevate his privileges or print a file via XWine.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/03/2008.
Identifiers: 468050, BID-28049, BID-28369, CERTA-2002-AVI-182, CVE-2008-0930, CVE-2008-0931, DSA-1526-1, VIGILANCE-VUL-7688.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The XWine program is a graphical interface for WINE emulator. It has two vulnerabilities.

The w_editeur.c file uses the "/tmp/temporaire" file in an insecure manner. A local attacker can create a symbolic link to force XWine to write its temporary data in a file writable by the victim using XWine. The attacker can also substitute the link to print a file readable by the victim. [severity:1/4; BID-28049, CVE-2008-0930]

The w_export.c file sets the /etc/wine/config file as writable by all users. A local attacker can therefore change the print command in order to execute code with privileges of the victim. [severity:2/4; CVE-2008-0931]
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2008-1482

Xine: several heap overflows

Synthesis of the vulnerability

Several heap overflows of Xine can be used by an attacker to execute code on victim's computer.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 21/03/2008.
Identifiers: BID-28370, CVE-2008-1482, DSA-1586-1, FEDORA-2008-2849, FEDORA-2008-2945, SSA:2008-092-01, SUSE-SR:2008:08, VIGILANCE-VUL-7687.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Xine program displays multimedia contents. The xine-lib library has several vulnerabilities.

A heap overflow can occur in the parse_flv_var() function of src/demuxers/demux_flv.c file. [severity:3/4]

Several heap overflows can occur in the src/demuxers/demux_qt.c file. [severity:3/4]

A heap overflow can occur in the real_parse_index() function of src/demuxers/demux_real.c file. [severity:3/4]

A heap overflow can occur in the open_mve_file() function of src/demuxers/demux_wc3movie.c file. [severity:3/4]

A heap overflow can occur in the ebml_check_header() function of src/demuxers/ebml.c file. [severity:3/4]

A heap overflow can occur in the open_film_file() function of src/demuxers/demux_film.c file. [severity:3/4]

These vulnerabilities lead to code execution when malicious documents are opened.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2007-6061

Audacity: file deletion

Synthesis of the vulnerability

A local attacker can delete files belonging to Audacity users.
Severity: 1/4.
Creation date: 21/03/2008.
Identifiers: BID-26608, CVE-2007-6061, FEDORA-2008-3456, FEDORA-2008-3511, MDVSA-2008:074, VIGILANCE-VUL-7686.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Audacity program is used to record and edit audio data.

When user starts this program, a temporary directory is created, which will contain all work files. When user closes Audacity, files contained in this directory are recursively deleted.

A local attacker can therefore create this temporary directory and create a symbolic link to a directory to delete. This second directory will then be deleted with privileges of the Audacity user.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2007-6341

Perl Net-DNS: denial of service

Synthesis of the vulnerability

An attacker owning a DNS server can return a malicious answer in order to stop applications using Perl Net::DNS.
Severity: 1/4.
Creation date: 21/03/2008.
Identifiers: 30316, BID-26902, CERTA-2002-AVI-195, CERTA-2008-AVI-144, CVE-2007-6341, DSA-1515-1, MDVSA-2008:073, VIGILANCE-VUL-7685.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Net::DNS module of Perl implements the DNS protocol.

When this module sends a query of type A to a malicious DNS server, it can return an answer with a RDATA record shorter than 4 bytes. An exception then occurs in the Net/DNS/RR/A.pm file which tries to read 4 bytes.

An attacker owning a DNS server can therefore return a malicious answer in order to stop applications using Perl Net::DNS.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2008-0707

HP-UX: privilege elevation via LTT

Synthesis of the vulnerability

A local attacker can elevate his privileges via HP StorageWorks Library and Tape Tools.
Severity: 2/4.
Creation date: 19/03/2008.
Identifiers: BID-28314, c01399648, CERTA-2008-AVI-151, CVE-2008-0707, HPSBST02321, SSRT080029, VIGILANCE-VUL-7684.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP StorageWorks "Library and Tape Tools" (LTT or L&TT) tool is used to handle tape backups.

A vulnerability of LLT can be used by a local attacker to access to restricted resources.

 This vulnerability may for example lead to disclosure of system files.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2008-0889

Red Hat DS: privilege elevation

Synthesis of the vulnerability

A local attacker can replace the redhat-idm-console script in order to elevate his privileges on Red Hat Directory Server 8.0.
Severity: 2/4.
Creation date: 19/03/2008.
Identifiers: BID-28327, CVE-2008-0889, RHSA-2008:0191-01, VIGILANCE-VUL-7683.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The /usr/bin/redhat-idm-console script of Red Hat Directory Server 8.0 starts the console under RHEL.

However, permissions of this file allow all local users to replace it with a malicious program.

A local attacker can thus execute code with privileges of user running Red Hat Directory Server.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-0073 CVE-2008-1558

MPlayer, VLC, Xine: buffer overflow via RTSP

Synthesis of the vulnerability

An attacker can create a malicious RTSP stream in order to create an overflow on computer of victims connecting to it with MPlayer, VLC or Xine.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/03/2008.
Revision date: 26/03/2008.
Identifiers: BID-28312, BID-28851, CERTA-2002-AVI-203, CERTA-2008-AVI-221, CVE-2008-0073, CVE-2008-1558, DSA-1543-1, DSA-1552-1, FEDORA-2008-2569, FEDORA-2008-2945, MDVSA-2008:196, MDVSA-2008:219, SSA:2008-089-03, SUSE-SR:2008:007, SUSE-SR:2008:012, VIGILANCE-VUL-7682.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The MPlayer, VLC and Xine programs display multimedia contents, such as RTSP (Real-Time Streaming Protocol) streams.

The sdpplin_parse() function of Xine:input/libreal/sdpplin.c (MPlayer:stream/realrtsp/sdpplin.c and VLC:modules/access/rtsp/real_sdpplin.c) does not check if received streamid data are longer than the storage buffer. An attacker can therefore use long data in order to generate an overflow.

This vulnerability therefore permits an attacker to execute code on computer of MPlayer, VLC and Xine users connecting to this RTSP stream.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2007-6254

BusinessObjects: buffer overflow of RptViewerAX.dll

Synthesis of the vulnerability

An attacker can create an overflow in the RptViewerAX.dll ActiveX of BusinessObjects 6.5.
Severity: 2/4.
Creation date: 19/03/2008.
Identifiers: BID-28292, CVE-2007-6254, VIGILANCE-VUL-7681, VU#329673.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The RptViewerAX.dll ActiveX is installed with BusinessObjects 6.5. It is marked as Safe for Scripting, and can thus be used in Internet Explorer.

An attacker can create an overflow in this ActiveX.

This vulnerability can be used to execute code in the web browser of users of this ActiveX.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2008-1289 CVE-2008-1332 CVE-2008-1333

Asterisk: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Asterisk permit a remote attacker to generate a denial of service or to execute code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 19/03/2008.
Identifiers: AST-2008-002, AST-2008-003, AST-2008-004, AST-2008-005, BID-28308, BID-28310, BID-28311, BID-28316, CERTA-2002-AVI-182, CERTA-2008-AVI-150, CVE-2008-1289, CVE-2008-1332, CVE-2008-1333, CVE-2008-1390, DSA-1525-1, FEDORA-2008-2554, FEDORA-2008-2620, MU-200803-01, SUSE-SR:2008:010, VIGILANCE-VUL-7680.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Asterisk telephony software implements SIP. It has several vulnerabilities.

An unauthenticated attacker can send malicious RTP data in order to create two overflows leading to code execution. [severity:3/4; AST-2008-002, BID-28308, CERTA-2008-AVI-150, CVE-2008-1289, MU-200803-01]

An unauthenticated attacker can use an invalid From header in order to make anonymous calls. [severity:3/4; AST-2008-003, BID-28310, CVE-2008-1332]

An attacker can create two format string attacks in Logger/ast_verbose and Manager/astman_append in order to create a denial of service. [severity:2/4; AST-2008-004, BID-28311, CVE-2008-1333]

An attacker can predict the 32bits identifier used in the Manage HTTP session, in order to hijack it. [severity:3/4; AST-2008-005, BID-28316, CVE-2008-1390]
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2008-0047

CUPS: buffer overflow of CGI

Synthesis of the vulnerability

An attacker can send a malicious query to CUPS in order to execute code.
Severity: 3/4.
Creation date: 19/03/2008.
Identifiers: BID-28307, CVE-2008-0047, DSA-1530-1, MDVSA-2008:081, RHSA-2008:0192-01, SSA:2008-094-01, SUSE-SA:2008:015, TLSA-2008-19, VIGILANCE-VUL-7679.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

CUPS (Common UNIX Printing System) provides printers management under Unix. It listens on the 631/udp port when printer is shared.

The cgiCompileSearch() function of cgi-bin/search.c file compiles the regular expression used by the CGI search. This function does not correctly check the size used by the searched pattern, which creates an overflow.

An attacker can therefore send a malicious query to the port 631 in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 726 727 728 729 730 731 732 733 734 736 738 739 740 741 742 743 744 745 746 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2928