The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

cybersecurity alert CVE-2007-5969 CVE-2007-6303 CVE-2007-6304

MySQL Enterprise 5.0: several vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of MySQL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 09/05/2008.
Identifiers: 29801, 29908, 32167, 32707, BID-26765, BID-27140, BID-29106, CERTA-2002-AVI-200, CERTA-2007-AVI-541, CERTA-2008-AVI-088, CERTA-2008-AVI-237, CERTA-2009-AVI-382, CVE-2007-5969, CVE-2007-6303, CVE-2007-6304, CVE-2008-0226, CVE-2008-0227, CVE-2008-2079, DSA-1608-1, MDVSA-2008:149, MDVSA-2008:150, RHSA-2008:0505-01, RHSA-2008:0510-01, SUSE-SR:2008:017, VIGILANCE-VUL-7804.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of MySQL.

An attacker can create a table using DATA or INDEX DIRECTORY option in order to access system tables (VIGILANCE-VUL-7392). [severity:2/4; BID-26765, CERTA-2007-AVI-541, CERTA-2008-AVI-088, CVE-2007-5969]

An attacker can alter a SQL SECURITY DEFINER or INVOKER view in order to access to a table. [severity:2/4; 29908, CVE-2007-6303]

A malicious federated server can send a reply with no sufficient columns in order to stop another server. [severity:2/4; 29801, CVE-2007-6304]

Several vulnerabilities of yaSSL permit an attacker to create a denial of service or to execute code (VIGILANCE-VUL-7472). [severity:2/4; BID-27140, CVE-2008-0226, CVE-2008-0227]

A long error message can generate an overflow. [severity:2/4; 32707]

The DATA DIRECTORY and INDEX DIRECTORY options indicates paths where data and index files of a table are located. An attacker can use them to access to tables with the same name. [severity:2/4; 32167, BID-29106, CERTA-2008-AVI-237, CERTA-2009-AVI-382, CVE-2008-2079]
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2008-2079

MySQL 5.1: several vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of MySQL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/05/2008.
Identifiers: 29605, 32167, 34593, BID-29106, CERTA-2002-AVI-200, CERTA-2008-AVI-237, CERTA-2009-AVI-382, CVE-2008-2079, DSA-1608-1, SUSE-SR:2008:017, VIGILANCE-VUL-7803.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of MySQL.

The DATA DIRECTORY and INDEX DIRECTORY options indicates paths where data and index files of a table are located. An attacker can use them to access to tables with the same name. [severity:2/4; 32167, BID-29106, CERTA-2008-AVI-237, CERTA-2009-AVI-382, CVE-2008-2079]

A malicious server can use FETCH LOCAL FILE to obtain a client file. [severity:2/4; 29605]

Under Windows, some files were located under "Program Files" instead of "AppData". [severity:1/4; 34593]
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2007-3780 CVE-2007-5969 CVE-2008-2079

MySQL 4.1: several vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of MySQL in order to access to a table, to elevate his privileges or to generate a denial of service.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 09/05/2008.
Identifiers: 28984, 32167, 32707, BID-26765, BID-29106, CERTA-2007-AVI-541, CERTA-2008-AVI-088, CERTA-2008-AVI-162, CERTA-2008-AVI-237, CERTA-2009-AVI-382, CVE-2007-3780, CVE-2007-5969, CVE-2008-2079, RHSA-2008:0768-01, SUSE-SR:2008:017, VIGILANCE-VUL-7802.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of MySQL in order to access to a table, to elevate his privileges or to generate a denial of service.

The DATA DIRECTORY and INDEX DIRECTORY options indicates paths where data and index files of a table are located. An attacker can use them to access to tables with the same name. [severity:2/4; 32167, BID-29106, CERTA-2008-AVI-237, CERTA-2009-AVI-382, CVE-2008-2079]

An attacker can create a table using DATA or INDEX DIRECTORY option in order to access system tables (VIGILANCE-VUL-7392). [severity:2/4; BID-26765, CERTA-2007-AVI-541, CERTA-2008-AVI-088, CVE-2007-5969]

A non authenticated attacker can use malformed password packets in order to stop server. [severity:2/4; 28984, CERTA-2008-AVI-162, CVE-2007-3780]

A long error message can generate an overflow. [severity:2/4; 32707]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2008-1659

HP-UX: privilege elevation via LDAP-UX

Synthesis of the vulnerability

An attacker can use a vulnerability of LDAP-UX in order to obtain a local access.
Severity: 2/4.
Creation date: 07/05/2008.
Identifiers: BID-29078, CERTA-2008-AVI-234, CVE-2008-1659, emr_na-c01447010, HPSBUX02330, SSRT080053, VIGILANCE-VUL-7799.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The LDAP-UX product is a LDAP server for HP-UX.

An attacker can use a vulnerability of LDAP-UX in order to obtain a local access.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2008-1669

Linux kernel: denial of service via fcntl_setlk/close

Synthesis of the vulnerability

On a SMP computer, a local attacker can execute two processes simultaneously in order to create a denial of service.
Severity: 1/4.
Creation date: 07/05/2008.
Identifiers: BID-29076, CERTA-2008-AVI-239, CVE-2008-1669, DSA-1575-1, FEDORA-2008-3873, FEDORA-2008-3949, FEDORA-2008-4043, MDVSA-2008:104, MDVSA-2008:105, MDVSA-2008:167, RHSA-2008:0211-01, RHSA-2008:0233-01, RHSA-2008:0237-01, SUSE-SA:2008:030, SUSE-SA:2008:032, SUSE-SA:2008:035, SUSE-SA:2008:038, VIGILANCE-VUL-7798, VMSA-2008-00011, VMSA-2008-00011.1, VMSA-2008-00011.2.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The fcntl() function manages the state of a file descriptor. The close() function closes a file descriptor.

On a SMP computer, when two programs simultaneously use the fcntl_setlk() lock and close(), an error occurs in the handling of the file descriptor table.

A local attacker can thus create a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2007-6282

Linux kernel: denial of service of IPSec

Synthesis of the vulnerability

An attacker can send a fragmented IPSec ESP packet in order to stop the kernel.
Severity: 3/4.
Creation date: 07/05/2008.
Identifiers: BID-29081, CERTA-2002-AVI-206, CVE-2007-6282, DSA-1630-1, RHSA-2008:0237-01, RHSA-2008:0275-01, RHSA-2008:0585-01, RHSA-2008:0849-5, SUSE-SA:2008:030, SUSE-SA:2008:031, SUSE-SA:2008:032, SUSE-SU-2011:0928-1, VIGILANCE-VUL-7797.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An IPSec packet starts with:
 - an ESP header of 8 bytes
 - an Initialization Vector (IV) of 8/16/etc. bytes depending on the algorithm (3DES-CBC/AES-CBC/etc.)

The IP protocol fragments data of packets by multiples of 8 bytes. An attacker can therefore split an ESP packet in two parts: 8 bytes of header then the other bytes containing the IV. However, when the Linux kernel receives the first fragment, the esp_input()/esp6_input() function tries to access to the IV, which stops the kernel via BUG().

An attacker can therefore send a fragmented ESP packet in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2008-2089 CVE-2008-2090

Solaris: denials of service of SCTP

Synthesis of the vulnerability

A network attacker can create two denials of service in SCTP.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/05/2008.
Identifiers: 236321, 236521, 6340684, 6539524, BID-29023, BID-29024, CVE-2008-2089, CVE-2008-2090, VIGILANCE-VUL-7796.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The SCTP protocol (Stream Control Transmission Protocol) creates associations to send several streams. Its implementation in Solaris has two vulnerabilities.

An attacker can send a SCTP packet creating an error when buffers are counted in sctp_data_chunk(), in order to panic the system. [severity:2/4; 236321, 6539524, BID-29023, CVE-2008-2089]

An attacker can send a SCTP packet forcing the system to answer several times, which overloads the network. [severity:1/4; 236521, 6340684, BID-29024, CVE-2008-2090]

An attacker can therefore generate a denial of service on computers where SCTP is enabled
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-1294

Linux kernel: bypassing RLIMIT_CPU

Synthesis of the vulnerability

A local attacker can bypass the limit imposed by RLIMIT_CPU.
Severity: 1/4.
Creation date: 05/05/2008.
Identifiers: 107209, 419706, BID-29004, CVE-2008-1294, DSA-1565-1, RHSA-2008:0612-01, SUSE-SA:2009:017, VIGILANCE-VUL-7795.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The administrator can limit resources granted to users:
 - RLIMIT_STACK: limit stack size
 - RLIMIT_CPU: limit CPU time
 - etc.

However, due to a change in kernel 2.6.17, a local attacker can bypass RLIMIT_CPU by choosing a zero value. Indeed, a zero value is interpreted as if no restriction was applied.

A local attacker can therefore bypass the CPU execution time limit.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert 7794

GraphicsMagick: denial of service

Synthesis of the vulnerability

The GraphicsMagick application can be forced to call external programs, which leads to a denial of service.
Severity: 1/4.
Creation date: 05/05/2008.
Identifiers: BID-29010, VIGILANCE-VUL-7794.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The GraphicsMagick suite can be used to handle images.

When an image has an unknown extension, an automatic conversion is done or an external program is called to display it ("delegate" action):
 - autotrace -output-format svg -output-file "%o" "%i"
 - dcdraw -c -w "%i" > "%o"
 - edit : xterm -title "Edit Image Comment" -e vi "%o"
 - etc.

Programs associated to 'autotrace', 'browse', 'dcraw', 'edit', 'gs-color', 'gs-color+alpha', 'gs-gray', 'gs-mono', 'launch', 'mpeg-encode', 'print', 'scan', 'show', 'win', 'xc' and 'x' can lead to a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2008-1675

Linux kernel: denial of service of Tehuti

Synthesis of the vulnerability

A local attacker can create a denial of service in the Tehuti Ethernet driver.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/05/2008.
Identifiers: BID-29014, CVE-2008-1675, FEDORA-2008-3873, FEDORA-2008-3949, MDVSA-2008:109, MDVSA-2008:167, VIGILANCE-VUL-7793.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The drivers/net/tehuti.c file implements a driver for Tehuti Networks network adapters. It has two vulnerabilities in the bdx_ioctl_priv() function.

The capabilities check is done too late, which allows attackers to directly call ioctls. [severity:1/4]

The register size is not checked, which leads to a denial of service. [severity:1/4; BID-29014]
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 737 738 739 740 741 742 743 744 745 747 749 750 751 752 753 754 755 756 757 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2926