The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

threat note CVE-2008-2421

SAP WAS: Cross Site Scripting of ICF

Synthesis of the vulnerability

An attacker can use a Cross Site Scripting attack on SAP application server.
Severity: 2/4.
Creation date: 21/05/2008.
Identifiers: BID-29317, CVE-2008-2421, VIGILANCE-VUL-7844.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The SAP ICF (Internet Communication Framework) authentication system is used in several applications:
 - Web GUI
 - Web Dynpro ABAP (WD4A, WDA)
 - BSP (Business Server Pages)

However, ICF urls are not filtered before being reused. An attacker can therefore use a quote character to end a string and inject HTML data in a page.

An attacker can thus create a Cross Site Scripting attack against victims using this web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-5962

Fedora, RHEL: denial of service of vsftpd

Synthesis of the vulnerability

The vsftpd package of Fedora/RHEL is impacted by a denial of service.
Severity: 2/4.
Creation date: 21/05/2008.
Identifiers: 397011, BID-29322, CVE-2007-5962, FEDORA-2008-4347, FEDORA-2008-4362, FEDORA-2008-4373, RHSA-2008:0295-01, VIGILANCE-VUL-7843.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The vsftpd package of Fedora/RHEL contains a specific patch to correct the bug 174764 (error of deny_file).

However, this patch does not free the memory used by the deny_file option.

When the vsftpd.conf configuration file contains deny_file, an attacker can therefore progressively use the memory, in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

security note 7842

Lotus Domino: Cross Site Scripting

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting on the Lotus Domino web server.
Severity: 2/4.
Creation date: 21/05/2008.
Identifiers: BID-29311, SPR# MKIN7AUTAC, swg21303296, VIGILANCE-VUL-7842.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

IBM announced that the servlet engine and the web container of Lotus Domino web server is impacted by a Cross Site Scripting vulnerability.



An attacker can thus execute a script in the context of web browsers of Lotus Domino users.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2008-1767

libxslt: memory corruption via template match

Synthesis of the vulnerability

An attacker can create a malicious XSL style sheet in order to create a denial of service or to execute code in applications linked to libxslt.
Severity: 3/4.
Creation date: 21/05/2008.
Identifiers: 446809, 527297, BID-29312, CERTA-2008-AVI-282, CVE-2008-1767, DSA-1589-1, MDVSA-2008:151, RHSA-2008:0287-01, SSA:2008-210-03, SUSE-SR:2008:013, VIGILANCE-VUL-7841.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The libxslt library can be used to handle XSL style sheets. The "template match" element is used to filter data. For example:
  <xsl:template match="html/body/table/tr/td">
    [...]
  </xsl:template>

The libxslt/pattern.c file searches at most 40 items. When this limit is reached (stored in variable comp->nbStep), an error is returned and the items are deleted. However, comp->nbStep value is 41, which means that the last item does not exists. When the indicated address is freed, the memory is thus corrupted.

An attacker can therefore create a malicious XSL style sheet in order to create a denial of service or to execute code in applications linked to libxslt.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2008-1948 CVE-2008-1949 CVE-2008-1950

GnuTLS: several vulnerabilities

Synthesis of the vulnerability

An attacker can use several GnuTLS vulnerabilities in order to create a denial of service and possibly to execute code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/05/2008.
Identifiers: BID-29292, CERTA-2008-AVI-262, CVE-2008-1948, CVE-2008-1949, CVE-2008-1950, DSA-1581-1, FEDORA-2008-4183, FEDORA-2008-4259, FEDORA-2008-4274, FICORA #130447, GNUTLS-SA-2008-1-1, GNUTLS-SA-2008-1-2, GNUTLS-SA-2008-1-3, MDVSA-2008:106, RHSA-2008:0489-01, RHSA-2008:0492-01, SSA:2008-180-01, SUSE-SA:2008:046, VIGILANCE-VUL-7840, VU#111034, VU#252626, VU#659209.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The GnuTLS library implements the SSL/TLS protocol (alternative to OpenSSL). It has three vulnerabilities.

A Client Hello message containing a malicious "Server name" extension creates a buffer overflow. This overflow leads to a denial of service and eventually to code execution. [severity:3/4; CERTA-2008-AVI-262, CVE-2008-1948, GNUTLS-SA-2008-1-1, VU#111034]

An attacker can send several Client Hello which deference a NULL pointer. This error stops the service. [severity:2/4; CVE-2008-1949, GNUTLS-SA-2008-1-2, VU#252626]

An error on how padding bytes are computed force a read after the end of the memory area. This segmentation error stops the service. [severity:2/4; CVE-2008-1950, GNUTLS-SA-2008-1-3, VU#659209]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-2357

MTR: buffer overflow of split_redraw

Synthesis of the vulnerability

A local or remote attacker can create an overflow in MTR in order to execute code.
Severity: 3/4.
Creation date: 20/05/2008.
Identifiers: BID-29290, CVE-2008-2357, DSA-1587-1, MDVSA-2008:176, SSA:2008-210-06, SUSE-SR:2008:014, VIGILANCE-VUL-7839.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The MTR program combines traceroute and ping features. It is installed suid root.

The split_redraw() function of split.c file displays reachability information. However, this function uses sprintf() to store router names in a fixed size array, and does not check their size. An attacker controlling a DNS server can therefore create an overflow.

This vulnerability can be used by a local or a remote attacker to execute code with root privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2008-2240

Lotus Domino: buffer overflow via Accept-Language

Synthesis of the vulnerability

An attacker can create a denial of service and possibly execute code by creating an overflow in the Lotus Domino web service.
Severity: 3/4.
Creation date: 20/05/2008.
Identifiers: BID-29310, CERTA-2008-AVI-257, CVE-2008-2240, SPR# MKIN79DR9S, swg21303057, VIGILANCE-VUL-7838.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A HTTP client sends the "Accept-Language" header to indicate the list of supported languages. For example:
  Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3

When the Domino web server receives an Accept-Language header with a long field, a stack overflow occurs.

This vulnerability can be used by a remote non authenticated attacker to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2007-5803

Nagios: Cross Site Scripting of CGI

Synthesis of the vulnerability

An attacker can use a Cross Site Scripting of CGIs of Nagios.
Severity: 2/4.
Creation date: 20/05/2008.
Identifiers: BID-29140, CERTA-2008-AVI-265, CVE-2007-5803, DSA-1883-1, DSA-1883-2, MDVSA-2009:054, SUSE-SR:2008:011, VIGILANCE-VUL-7837.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Nagios product uses several CGI programs:
 - cgi/cmd.c
 - cgi/histogram.c
 - cgi/history.c
 - etc.

However, these programs do not encode urls before displaying them. An attacker can therefore change some CGI parameters in order to inject JavaScript code.

An attacker can thus create a Cross Site Scripting to execute a script in the zone of Nagios user's web browser.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2008-1660

HP-UX: privilege elevation via useradd

Synthesis of the vulnerability

When a user is added via useradd, his group and home directory can be invalid.
Severity: 2/4.
Creation date: 20/05/2008.
Identifiers: BID-29286, c01455884, CERTA-2008-AVI-263, CVE-2008-1660, HPSBUX02335, SSRT071454, VIGILANCE-VUL-7836.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The useradd command adds a user to the system. When some fields are not indicated, their default values are taken from the /etc/default/useradd file:
 - GROUPID : group of users (ex: 20)
 - HOMEDIR : homes directory (ex: /home)
 - SHELL : shell (ex: /usr/bin/ksh)

However, when GROUPID and HOMEDIR are not indicated in the /etc/default/useradd file, the user can be created with invalid values.

The user can then for example access to files with rights of the indicated group.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 7835

Word: JavaScript code execution

Synthesis of the vulnerability

An attacker can create a Word document which executes JavaScript code when it is opened.
Severity: 1/4.
Creation date: 20/05/2008.
Identifiers: VIGILANCE-VUL-7835.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A Word document with the ".doc" extension can be in a binary or XML format.

When Word opens an XML document, it does not filter its data. If the document contains a JavaScript script, it is executed.

By default, this script is run in a restricted environment, and cannot access to resources nor to programs of the computer. However, this behavior may be used to exploit another vulnerability.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 742 743 744 745 746 747 748 749 751 753 754 755 756 757 758 759 760 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2926