The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer threat bulletin CVE-2008-0312 CVE-2008-0313

Norton AntiVirus, IS: code execution via AutoFix Tool

Synthesis of the vulnerability

An attacker can use two vulnerabilities of the SYMADATA.DLL ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/04/2008.
Revision date: 04/04/2008.
Identifiers: BID-28507, BID-28509, CERTA-2008-AVI-182, CVE-2008-0312, CVE-2008-0313, SYM08-009, VIGILANCE-VUL-7730.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The SYMADATA.DLL ActiveX (AutoFix Tool) is installed by Norton 360, Norton AntiVirus, Norton Internet Security and Norton System Works products. It has two vulnerabilities.

An attacker can use a buffer overflow in order to execute code. [severity:2/4; BID-28507, CERTA-2008-AVI-182, CVE-2008-0312]

An attacker can store a malicious program on a WebDAV site or on a SMB share and use the ActiveX to execute it. [severity:2/4; BID-28509, CVE-2008-0313]

An attacker can therefore create a HTML page calling this ActiveX and invite the victim to see this page in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2008-1684

Solaris: file corruption via inetd

Synthesis of the vulnerability

A local attacker can create a symbolic link when inetd logs its debug messages in order to alter a system file.
Severity: 1/4.
Creation date: 03/04/2008.
Identifiers: 233284, 6657786, BID-28584, CVE-2008-1684, VIGILANCE-VUL-7729.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The administrator can create the /var/tmp/inetd.log file. The inetd daemon automatically detects if this file exists and logs there debug messages.

However, inetd opens this file without checking symbolic links. If the file does not exists, a local attacker can therefore create a symbolic link to enable the log and force inetd to corrupt the pointed file.

A local attacker can thus alter a system file.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2008-0709

HP Select Identity: user access

Synthesis of the vulnerability

An authenticated attacker can use HP Select Identity to access to accounts of other users.
Severity: 2/4.
Creation date: 03/04/2008.
Identifiers: BID-28558, c01391833, CVE-2008-0709, HPSBMA02317, SSRT080026, VIGILANCE-VUL-7728.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP Select Identity product centralizes the management of users.

An authenticated attacker can use it to access to accounts of other users.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2008-0555

Apache-SSL: altering variables

Synthesis of the vulnerability

An attacker can use a malicious X.509 certificate in order to alter some Apache-SSL environment variables.
Severity: 2/4.
Creation date: 03/04/2008.
Identifiers: AKLINK-SA-2008-005, BID-28576, CERTA-2008-AVI-178, CVE-2008-0555, VIGILANCE-VUL-7727.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache-SSL program is based on Apache httpd and SSLeay/OpenSSL.

The ExpandCert() function creates environment variables from fields of the X.509 client certificate. For example "CN=abc" generates the "OPENSSL_S_CLIENT_CN=abc" variable.

This function is also called on the DN (Distinguished Name). However, if the DN contains '/' characters, several environment variables are created. Values of these variables come from the current memory area.

An attacker can therefore alter variables, in order for example to change the behavior of the program. He can also obtain memory fragments.
Full Vigil@nce bulletin... (Free trial)

vulnerability 7726

Outlook, Windows Mail, Office: HTTP connection via X.509

Synthesis of the vulnerability

An attacker can use a malicious X.509 certificate in order to force a program to send a HTTP query.
Severity: 1/4.
Creation date: 02/04/2008.
Identifiers: AKLINK-SA-2008-002, AKLINK-SA-2008-003, AKLINK-SA-2008-004, BID-28548, VIGILANCE-VUL-7726.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A X.509 certificate can contain a url pointing to the intermediate Certification Authority certificate. This feature is available in software implementing the "caIssuers" extension (Outlook 2007, Windows Mail 2008, Office 2007).

An attacker can send a certificate containing a url pointing to the http://site/ website. When the software tries to check to certificate, it thus send a HTTP query to the indicated web site.

This vulnerability can for example be used to trace a user by detecting connections to http://site/.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2008-1855

McAfee ePO: denial of service

Synthesis of the vulnerability

An attacker can connect to McAfee ePolicy Orchestrator in order to create a denial of service.
Severity: 1/4.
Creation date: 02/04/2008.
Identifiers: BID-28573, CVE-2008-1855, VIGILANCE-VUL-7725.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The McAfee ePolicy Orchestrator product listens on ports 8081/tcp and 8082/tcp. It expects HTTP data.

However, if the HTTP method name is too long, a denial of service occurs.

A network attacker can thus disturb the McAfee ePolicy Orchestrator product.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2008-1697

OpenView NNM: buffer overflow of OVAS.EXE

Synthesis of the vulnerability

A network attacker can use an overflow of OpenView NNM in order to create a denial of service or to execute code.
Severity: 3/4.
Creation date: 02/04/2008.
Identifiers: BID-28569, c01495949, CVE-2008-1697, HPSBMA02348, SSRT080033, VIGILANCE-VUL-7724.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OVAS.EXE program of OpenView NNM listens on the port 7510/tcp. It expects HTTP data such as:
  GET http://server:7510/topology/homeBaseView HTTP/1.1
  ...

However, if the server name is too long, a buffer overflow occurs.

A network attacker can therefore use an overflow of OpenView NNM in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2007-5661 CVE-2007-6255 CVE-2008-0712

IE: vulnerabilities of several ActiveX of April 2008

Synthesis of the vulnerability

Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 12.
Creation date: 02/04/2008.
Revisions dates: 08/04/2008, 17/04/2008, 25/04/2008.
Identifiers: 953839, 973346, BID-28546, BID-28662, BID-28666, BID-28700, BID-28809, BID-28882, BID-28929, BID-28940, BID-28947, BID-32333, c01439758, CERTA-2008-AVI-174, CERTA-2008-AVI-212, CVE-2007-5661, CVE-2007-6255, CVE-2008-0712, CVE-2008-1724, CVE-2008-1725, CVE-2008-1786, CVE-2008-1885, CVE-2008-2015, CVE-2008-2390, CVE-2008-6959, HPSBGN02333, MS09-032, SSRT080031, VIGILANCE-VUL-7723, VU#570089, VU#684883.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.

An attacker can use the Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX in order to execute code. [severity:2/4; CERTA-2008-AVI-174, CVE-2007-5661]

An attacker can use the SaveLastError() method of ChilkatHttp.dll ActiveX in order to corrupt a file. [severity:1/4; BID-28546, BID-32333, CVE-2008-6959]

An attacker can use the Save(), SaveLayoutChanges() and SaveMenuUsageData() methods of the Data Dynamics ActiveBar Actbar3.ocx ActiveX in order to create a file on victim's computer. [severity:2/4]

An attacker can change the HttpSkin and SkinPath parameters of the CDNetworks Nefficient Download NeffyLauncher.dll ActiveX in order to execute code. [severity:2/4; BID-28666, CVE-2008-1885]

An attacker can use the TransferFile() method of Tumbleweed SecureTransport vcst_eu.dll ActiveX in order to execute code. [severity:2/4; BID-28662, CVE-2008-1724]

An attacker can use the WriteOFXDataFile() method of IBiz E-Banking Integrator ActiveX in order to create a file on victim's computer. [severity:1/4; BID-28700, CVE-2008-1725]

An attacker can use the CA DSM gui_cm_ctrls ActiveX in order to execute code on victim's computer. [severity:2/4; BID-28809, CERTA-2008-AVI-212, CVE-2008-1786, VU#684883]

An attacker can use the Microsoft HeartbeatCtl ActiveX in order to execute code on the computer of victim. [severity:2/4; BID-28882, CVE-2007-6255, VU#570089]

An attacker can use the SaveToFile() method of Zune software EncProfile2 ActiveX in order to alter a file on victim's computer. [severity:2/4]

An attacker can use the HP Software Update HPeDiag ActiveX in order to obtain information or to execute code on victim's computer. [severity:2/4; 953839, BID-28929, c01439758, CVE-2008-0712, HPSBGN02333, SSRT080031]

An attacker can use CompactSave(), saveRecordedExploreToFile() and SaveSession() methods of AppScan Watchfire Web Application Security v7.0 ActiveX in order to create a file on victim's computer. [severity:2/4; BID-28940, CVE-2008-2015]

An attacker can use the ExecuteAsync() method of HP Software Update Hpufunction.dll ActiveX in order to execute code on victim's computer. [severity:2/4; BID-28947, CVE-2008-2390]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2008-1614

suPHP: privilege elevation

Synthesis of the vulnerability

A local attacker can use symbolic links in order to elevate his privileges via suPHP.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/04/2008.
Identifiers: BID-28568, CERTA-2002-AVI-203, CVE-2008-1614, DSA-1550-1, FEDORA-2008-2815, FEDORA-2008-2868, VIGILANCE-VUL-7722.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The suPHP environment, composed of the mod_suphp Apache module and of a suid program, can be used to run PHP scripts with rights of their owner. It has two vulnerabilities.

A local attacker can create a symbolic link pointing to a file owned by root, wait that suPHP obtains the owner name, then replace the link by a link pointing to a malicious program to be run as root. This vulnerability can be used in "owner" mode. [severity:1/4]

A local attacker can create a symbolic link pointing to a directory, wait that suPHP obtains the owner name of a file located in this directory, then replace the link by a link pointing to another directory. This vulnerability can be used in "owner" and "paranoid" mode. [severity:2/4]

A local attacker can thus elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2008-0887

GNOME screensaver: unlocking

Synthesis of the vulnerability

A local attacker can unlock the GNOME screensaver when authentication is based on a remote directory.
Severity: 2/4.
Creation date: 02/04/2008.
Identifiers: 435773, BID-28575, CVE-2008-0887, FEDORA-2008-2967, FEDORA-2008-3017, MDVSA-2008:132, MDVSA-2008:135, RHSA-2008:0197-01, RHSA-2008:0218-01, SUSE-SR:2008:014, VIGILANCE-VUL-7721.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The GNOME screensaver application can be used to lock the screen. User has to enter his password to access to his environment. This authentication phase can for example use a remote directory such as NIS.

If this directory becomes unreachable, an error occurs and stops GNOME screensaver. Attacker thus access to victim's X session.

This vulnerability therefore permits a local attacker to access to the locked session of a user.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 730 731 732 733 734 735 736 737 738 740 742 743 744 745 746 747 748 749 750 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2926