The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert CVE-2008-1380

Firefox, SeaMonkey, Thunderbird: memory corruption via JavaScript

Synthesis of the vulnerability

An attacker can create a HTML page containing a JavaScript script generating a memory corruption leading to a denial of service and possibly to code execution.
Impacted products: Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, Thunderbird, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, TurboLinux.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 17/04/2008.
Identifiers: 238492, 425576, 6663845, 6681417, 6695896, BID-28818, CERTA-2002-AVI-203, CERTA-2008-AVI-209, CVE-2008-1380, DSA-1555-1, DSA-1558-1, DSA-1562-1, DSA-1696-1, FEDORA-2008-3231, FEDORA-2008-3249, FEDORA-2008-3264, FEDORA-2008-3283, FEDORA-2008-3519, FEDORA-2008-3557, MDVSA-2008:110, MFSA 2008-20, RHSA-2008:0222-02, RHSA-2008:0223-02, RHSA-2008:0224-01, SSA:2008-108-0, SUSE-SR:2008:011, SUSE-SR:2008:013, TLSA-2008-17, TLSA-2008-18, VIGILANCE-VUL-7771, VU#441529.

Description of the vulnerability

The JavaScript engine of Firefox, SeaMonkey and Thunderbird uses a garbage collector implemented in the JS_GC() function. By default, JavaScript is not enabled in Thunderbird.

When a HTML page contains a special JavaScript code, the garbage collector interprets functions as objects, which corrupts the memory.

An attacker can therefore create a HTML page containing a malicious JavaScript script in order to cause a denial of service and possibly code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-0892 CVE-2008-0893

Red Hat DS: code exécution

Synthesis of the vulnerability

An attacker can use two vulnerabilities of Red Hat Directory Server in order to execute code on the server.
Impacted products: Fedora, HP-UX, RHEL.
Severity: 3/4.
Consequences: administrator access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 16/04/2008.
Identifiers: BID-28802, c01433676, CVE-2008-0892, CVE-2008-0893, FEDORA-2008-3214, FEDORA-2008-3220, HPSBUX02324, RHSA-2008:0199-01, RHSA-2008:0201-01, SSRT080034, VIGILANCE-VUL-7770.

Description of the vulnerability

Two vulnerabilities of Red Hat Directory Server impact CGI scripts.

The replication monitor CGI script does not correctly filter its parameters. An attacker can use it to execute shell commands with root (Red Hat DS 7.1) or nobody (Red Hat DS 8.0) privileges. [severity:3/4; CVE-2008-0892]

An attacker allowed to connect to the 9830/tcp port (Red Hat Administration Server) can access to CGI scripts to do administrative tasks. [severity:3/4; CVE-2008-0893]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-1812 CVE-2008-1814 CVE-2008-1823

Oracle AS: several vulnerabilities of April 2008

Synthesis of the vulnerability

Several vulnerabilities are corrected by CPU of April 2008.
Impacted products: Oracle AS, Oracle Portal.
Severity: 3/4.
Consequences: privileged access/rights, data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 16/04/2008.
Identifiers: AS01, AS02, AS03, cpuapr2008, CVE-2008-1812, CVE-2008-1814, CVE-2008-1823, CVE-2008-1824, CVE-2008-1825, DB04, EM01, VIGILANCE-VUL-7769.

Description of the vulnerability

CPU (Critical Patch Update) of April 2008 corrects several vulnerabilities of Oracle Application Server. Oracle's announce contains a detailed table, summarized below.

An attacker (via HTTP, not authenticated) can obtain information, alter information or create a denial of service via a vulnerability of Oracle Jinitiator. [severity:3/4; AS01, CVE-2008-1823]

An attacker (local, authenticated) can obtain information, alter information or create a denial of service via a vulnerability of Oracle Enterprise Manager. [severity:2/4; CVE-2008-1812, EM01]

An attacker (via Oracle Net, authenticated and with execute on WKSYS.WK_QRY or WKSYS.WK_QUERYAPI privilege) can obtain or alter information via a vulnerability of Oracle Secure Enterprise Search or Ultrasearch. [severity:2/4; CVE-2008-1814, DB04]

An attacker (via HTTP, not authenticated) can alter information via a vulnerability of Oracle Dynamic Monitoring Service. [severity:2/4; AS02, CVE-2008-1824]

An attacker (via HTTP, not authenticated) can alter information via a vulnerability of Oracle Portal. [severity:2/4; AS03, CVE-2008-1825]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2008-1812 CVE-2008-1813 CVE-2008-1814

Oracle Database: several vulnerabilities of April 2008

Synthesis of the vulnerability

Several vulnerabilities are corrected by CPU of April 2008.
Impacted products: OpenView, Oracle DB.
Severity: 2/4.
Consequences: privileged access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 16.
Creation date: 16/04/2008.
Revision date: 05/05/2008.
Identifiers: c00727143, cpuapr2008, CVE-2008-1812, CVE-2008-1813, CVE-2008-1814, CVE-2008-1815, CVE-2008-1816, CVE-2008-1817, CVE-2008-1818, CVE-2008-1819, CVE-2008-1820, CVE-2008-1821, DB01, DB02, DB03, DB04, DB05, DB06, DB07, DB08, DB09, DB10, DB11, DB12, DB13, DB14, DB15, EM01, HPSBMA02133, SSRT061201, VIGILANCE-VUL-7768.

Description of the vulnerability

The CPU (Critical Patch Update) of April 2008 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.

An attacker (local, authenticated) can obtain information, alter information or create a denial of service via a vulnerability of Oracle Enterprise Manager. [severity:2/4; CVE-2008-1812, EM01]

An attacker (via Oracle Net, authenticated and with execute on SYS.DBMS_AQ privilege) can obtain or alter information via a vulnerability of Advanced Queuing. [severity:2/4; CVE-2008-1813, DB01]

An attacker (via Oracle Net, authenticated and with execute on DBMS_CDC_UTILITY privilege) can obtain or alter information via a vulnerability of Change Data Capture. [severity:2/4; CVE-2008-1815, DB02]

An attacker (via HTTP, authenticated and with create session privilege) can obtain or alter information via a vulnerability of Core RDBMS. [severity:2/4; CVE-2008-1813, DB03]

An attacker (via Oracle Net, authenticated and with execute on WKSYS.WK_QRY or WKSYS.WK_QUERYAPI privilege) can obtain or alter information via a vulnerability of Oracle Secure Enterprise Search or Ultrasearch. [severity:2/4; CVE-2008-1814, DB04]

An attacker (via Oracle Net, authenticated and with execute on SDO_UTIL privilege) can obtain or alter information via a SQL injection of Oracle Spatial. [severity:2/4; CVE-2008-1816, DB05]

An attacker (via Oracle Net, authenticated and with execute on SDO_GEOM privilege) can obtain or alter information via a SQL injection of Oracle Spatial. [severity:2/4; CVE-2008-1813, DB06]

An attacker (via Oracle Net, authenticated and with execute on SDO_IDX privilege) can obtain or alter information via a SQL injection of Oracle Spatial. [severity:2/4; CVE-2008-1817, DB07]

An attacker (via Oracle Net, not authenticated) can obtain information via a vulnerability of authentication. [severity:2/4; CVE-2008-1818, DB08]

An attacker (local, not authenticated) can obtain information, alter information or create a denial of service via a vulnerability of Oracle Net Services. [severity:2/4; CVE-2008-1819, DB09]

An attacker (via Oracle Net, authenticated and with create session privilege) can obtain information via a vulnerability of Core RDBMS. [severity:2/4; CVE-2008-1817, DB10]

An attacker (via Oracle Net, authenticated and with execute on KUPF$FILE_INT privilege) can create a denial of service via a vulnerability of Data Pump. [severity:1/4; CVE-2008-1820, DB11]

An attacker (via Oracle Net, authenticated) can obtain information via a vulnerability of Export. [severity:2/4; CVE-2008-1813, DB12]

An attacker (via Oracle Net, authenticated and with execute on DBMS_STATS privilege) can change the password of OUTLN user via a vulnerability of Query Optimizer. [severity:2/4; CVE-2008-1813, DB13]

An attacker (via Oracle Net, authenticated and with insert on a table subject to fine grained auditing privilege) can alter information via a vulnerability of Audit. [severity:2/4; CVE-2008-1816, DB14]

An attacker (via Oracle Net, authenticated and with execute on SYS.DBMS_AQJMS_INTERNAL privilege) can create a denial of service via a vulnerability of Advanced Queuing. [severity:1/4; CVE-2008-1821, DB15]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2008-0314 CVE-2008-1100 CVE-2008-1387

ClamAV: several vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ClamAV in order to execute code on server.
Impacted products: ClamAV, Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, SLES.
Severity: 3/4.
Consequences: privileged access/rights, data flow, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 15/04/2008.
Revision date: 16/04/2008.
Identifiers: BID-28756, BID-28782, BID-28783, BID-28784, BID-28798, CERTA-2008-AVI-206, CVE-2008-0314, CVE-2008-1100, CVE-2008-1387, CVE-2008-1833, CVE-2008-1835, CVE-2008-1836, CVE-2008-1837, DSA-1549-1, FEDORA-2008-3358, FEDORA-2008-3420, FEDORA-2008-3900, MDVSA-2008:088, SUSE-SA:2008:024, VIGILANCE-VUL-7767, VU#858595.

Description of the vulnerability

Several vulnerabilities were announced in ClamAV.

An attacker can create a RAR archive which is not analyzed. [severity:2/4; CVE-2008-1835]

An attacker can create a PE program packed with PeSpin in order to create a heap overflow leading to code execution. [severity:3/4; CVE-2008-0314]

An attacker can create a PE program packed with Upack in order to create a buffer overflow leading to code execution (VIGILANCE-VUL-7761). [severity:3/4; BID-28756, BID-28783, CERTA-2008-AVI-206, CVE-2008-1100, VU#858595]

The rfc2231() function of message.c file can return a non terminated string, which can lead to reading an invalid page and thus to a denial of service. [severity:1/4; CVE-2008-1836]

An ARJ archive can create an infinite loop in libclamav/unarj.c. [severity:2/4; BID-28782, CVE-2008-1387]

Several errors can occur in libclamunrar when a malicious RAR archive is read. [severity:2/4; CVE-2008-1837]

An attacker can create a PE program packed with WWPack in order to create a heap overflow leading to code execution. [severity:3/4; BID-28798, CVE-2008-1833]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2008-1686

libfishsound, Speex, xine-lib: code execution via speex

Synthesis of the vulnerability

An attacker can create malicious speex audio data in order to execute code on programs based on Speex.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Slackware, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 15/04/2008.
Identifiers: BID-28665, CVE-2008-1686, DSA-1584-1, DSA-1585-1, DSA-1586-1, FEDORA-2008-3059, FEDORA-2008-3103, FEDORA-2008-3117, FEDORA-2008-3191, MDVSA-2008:092, MDVSA-2008:093, MDVSA-2008:094, MDVSA-2008:124, oCERT-2008-002, oCERT-2008-004, RHSA-2008:0235-01, SSA:2008-111-01, SUSE-SR:2008:012, SUSE-SR:2008:013, VIGILANCE-VUL-7765.

Description of the vulnerability

The speex codec is an audio codec without patents. It is implemented in Speex, and its code is used in several software, such as libfishsound, OggPlay and xine-lib.

The header of speex data contains a integer named "modeID" indicating the decoding mode to use. However, this integer is directly used to index an array containing callback functions.

An attacker can therefore create an audio stream with a negative modeID in order to execute a function previously stored in memory.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2008-1710

AIX: privilege elevation via chnfsmnt

Synthesis of the vulnerability

A local attacker can elevate his privileges during the usage of chnfsmnt.
Impacted products: AIX.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 15/04/2008.
Identifiers: CVE-2008-1710, IZ18296, VIGILANCE-VUL-7764.

Description of the vulnerability

The /usr/sbin/chnfsmnt command changes options of a directory mounted on a NFS share. This command is run with privileged rights.

However, during its execution, chnfsmnt calls external programs, such as mount, without using their full path name. A local attacker can thus store in the PATH a malicious program with the same name. This program will be executed with privileged rights.

A local attacker can thus elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-1722

CUPS: integer overflows via PNG

Synthesis of the vulnerability

An attacker can print a malicious PNG image in order to generate several integer overflows in CUPS leading to a denial of service or to code execution.
Impacted products: CUPS, Debian, Fedora, Mandriva Linux, Mandriva NF, RHEL.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 15/04/2008.
Identifiers: BID-28781, CERTA-2002-AVI-189, CERTA-2008-AVI-238, CVE-2008-1722, DSA-1625-1, FEDORA-2008-3449, FEDORA-2008-3586, FEDORA-2008-3756, L2790, MDVSA-2008:170, RHSA-2008:0498-01, VIGILANCE-VUL-7763, VU#218395.

Description of the vulnerability

CUPS (Common UNIX Printing System) provides printers management under Unix. It listens on the 631/udp port, where clients connect.

The filter/image-png.c and filter/image-zoom.c files implement filters to print PNG images. In several places, these files contains memory allocations based on integer multiplications:
  malloc(xsize * ysize);
However, these multiplications can overflow and lead to the allocation of a short memory area. A memory corruption thus occurs when data are copied in these memory areas.

An attacker can therefore print a malicious PNG image in order to generate several integer overflows leading to a denial of service or to code execution on the server where CUPS is installed.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2008-1382

libpng: memory corruption

Synthesis of the vulnerability

An attacker can create a malicious PNG image in order to corrupt the memory of applications linked to libpng.
Impacted products: Debian, Fedora, libpng, Mandriva Linux, Mandriva NF, NLD, OES, OpenSolaris, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SLES, ESX.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 14/04/2008.
Identifiers: 259989, 674516, 6745161, 6755267, 6813939, BID-28770, CVE-2008-1382, DSA-1750-1, FEDORA-2008-3683, FEDORA-2008-3937, FEDORA-2008-3979, FEDORA-2008-4847, FEDORA-2008-4910, FEDORA-2008-4947, MDVSA-2008:156, RHSA-2009:0333-01, RHSA-2009:0340-01, SSA:2008-119-01, SUSE-SR:2008:010, VIGILANCE-VUL-7762, VMSA-2009-0007.

Description of the vulnerability

A PNG image is composed of chunks:
 - PLTE : palette
 - IDAT : data
 - tRNS : transparency
 - etc.

When libpng handles a PNG image with a unknown chunk of zero size, a non initialized memory area can be freed, leading to a memory corruption.

This error happens in the following case:
 - version 1.0.6 to 1.0.32, 1.2.0 to 1.2.26, and
 - compiled with PNG_READ_UNKNOWN_CHUNKS_SUPPORTED or PNG_READ_USER_CHUNKS_SUPPORTED (default case), and
 - used via png_set_read_user_chunk_fn() or png_set_keep_unknown_chunks() (ImageMagick > 6.2.5)

An attacker can therefore create a malicious PNG image in order to execute code on applications linked to libpng.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-1100

ClamAV: integer overflow via Upack

Synthesis of the vulnerability

An attacker can create a malicious PE file in order to execute code on ClamAV.
Impacted products: ClamAV, Debian, Fedora, Mandriva Linux.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: document.
Creation date: 14/04/2008.
Identifiers: BID-28756, CVE-2008-1100, DSA-1549-1, FEDORA-2008-3358, FEDORA-2008-3420, FEDORA-2008-3900, MDVSA-2008:088, VIGILANCE-VUL-7761.

Description of the vulnerability

The Upack packer compresses executable files in PE format.

A PE Upack file creates an overflow in the cli_scanpe() function of libclamav/pe.c file.

An attacker can therefore create a malicious PE file in order to execute code on ClamAV.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2900