The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability announce CVE-2008-3214

Dnsmasq: denial of service of DHCP

Synthesis of the vulnerability

An attacker can send a malicious DHCP packet in order to stop Dnsmasq.
Impacted products: Dnsmasq.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: LAN.
Creation date: 15/07/2008.
Identifiers: CVE-2008-3214, VIGILANCE-VUL-7947.

Description of the vulnerability

The Dnsmasq program provides a DNS and DHCP server.

The DHCP protocol is used by a computer to obtain an IP address. The computer can indicate the wished IP address, for example to keep the previously obtained value.

However, if the client wishes an IP address located outside the handled zone, Dnsmasq stops.

A network attacker can therefore create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2008-2374

BlueZ: memory corruption

Synthesis of the vulnerability

A malicious SDP server can create a denial of service and possibly execute code on BlueZ client.
Impacted products: Fedora, Mandriva Linux, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: radio connection.
Creation date: 15/07/2008.
Identifiers: CVE-2008-2374, FEDORA-2008-6133, FEDORA-2008-6140, MDVSA-2008:145, RHSA-2008:0581-01, SUSE-SR:2008:019, VIGILANCE-VUL-7946.

Description of the vulnerability

The BlueZ suite implements the Bluetooth protocol for Linux.

The sdp_extract_pdu() function of the src/sdp.c file does not correctly validate SDP packets, which leads to memory corruptions. This function is called by the client part of BlueZ.

A malicious SDP server can therefore create a denial of service and possibly execute code on the BlueZ client.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2008-3145

Wireshark: denial of service via fragments

Synthesis of the vulnerability

An attacker can send a sequence of fragmented packets in order to stop Wireshark.
Impacted products: Ethereal, Fedora, Mandriva Linux, openSUSE, RHEL, Wireshark.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 11/07/2008.
Identifiers: BID-30181, CVE-2008-3145, FEDORA-2008-6440, FEDORA-2008-6645, MDVSA-2008:152, RHSA-2008:0890-01, SUSE-SR:2008:017, VIGILANCE-VUL-7945, wnpa-sec-2008-04.

Description of the vulnerability

The Wireshark/Ethereal program captures packets, in order to help administrator solving network problems.

When TCP data are fragmented in several IP packets, Wireshark stores them to reassemble them. However, in some cases, the fragment_add_work() function reads after the end of stored data, which creates a segmentation error.

An attacker can therefore send a sequence of fragmented packets in order to stop Wireshark.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-3103 CVE-2008-3104 CVE-2008-3105

Java JDK/JRE/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.
Impacted products: Fedora, NSMXpress, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, WebLogic, RHEL, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 09/07/2008.
Identifiers: 238628, 238666, 238687, 238905, 238965, 238966, 238967, 238968, 6332953, 6450319, 6529568, 6529579, 6542088, 6557220, 6581221, 6607339, 6661918, 6687392, 6703909, 6704074, 6704077, BID-30140, BID-30141, BID-30142, BID-30143, BID-30144, BID-30146, BID-30147, BID-30148, CERTA-2008-AVI-366, CERTA-2008-AVI-483, CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115, FEDORA-2008-6271, FEDORA-2008-6439, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2008:0594-01, RHSA-2008:0595-01, RHSA-2008:0790-02, RHSA-2008:0891-01, RHSA-2008:0906-01, RHSA-2008:0955-01, RHSA-2008:1043-01, RHSA-2008:1044-01, RHSA-2008:1045-01, RHSA-2009:0466-02, SUSE-SA:2008:042, SUSE-SA:2008:043, SUSE-SA:2008:045, SUSE-SR:2008:022, SUSE-SR:2008:028, SUSE-SR:2009:010, VIGILANCE-VUL-7943.

Description of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.

An attacker can use XML data to access to some resources. [severity:1/4; 238628, 6542088, 6607339, BID-30143, CVE-2008-3105, CVE-2008-3106]

A malicious applet/application can use a character font to execute code on the system. [severity:4/4; 238666, 6450319, BID-30147, CVE-2008-3108]

A malicious applet/application can use the script language to execute code on the system. [severity:4/4; 238687, 6529568, 6529579, BID-30144, CVE-2008-3109, CVE-2008-3110]

Several vulnerabilities (in GetVMArgsOption or CacheEntry::writeManifest) of Java Web Start can be used by an attacker to execute code, to access to files or to obtain information. [severity:3/4; 238905, 6557220, 6703909, 6704074, 6704077, BID-30148, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114]

A JMX (Java Management Extensions) client can perform unauthorized operations when local monitoring (sun.management.JMXConnectorServer.address) is enabled. [severity:2/4; 238965, 6332953, BID-30146, CERTA-2008-AVI-366, CERTA-2008-AVI-483, CVE-2008-3103]

Since version JRE 5.0 Update 6, an applet always run on the latest JRE version. However, if an old version is installed, this potentially vulnerable version is used. [severity:1/4; 238966, 6581221, BID-30142, CVE-2008-3115]

A malicious applet/application can execute code on the system. [severity:4/4; 238967, 6661918, BID-30141, CVE-2008-3107]

A malicious Java applet can open a TCP/UDP socket connection to a chosen IP address. [severity:2/4; 238968, 6687392, BID-30140, CVE-2008-3104]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2008-2244

Word: code execution

Synthesis of the vulnerability

An attacker can create a malicious Word document leading to code execution when it is opened.
Impacted products: Office, Word.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 09/07/2008.
Revision date: 13/08/2008.
Identifiers: 953635, 955048, BID-30124, CERTA-2008-AVI-403, CVE-2008-2244, MS08-042, VIGILANCE-VUL-7942.

Description of the vulnerability

A Word document is composed of a succession of data blocks named "records".

An attacker can create a Word document containing a malicious record value. When the victim opens this documents, a memory corruption occurs and leads to code execution.

An attacker can therefore create a malicious Word document leading to code execution when it is opened.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-0085 CVE-2008-0086 CVE-2008-0106

SQL Server: privilege elevation

Synthesis of the vulnerability

Four vulnerabilities of SQL Server can be used by an attacker to obtain information or to elevate his privileges.
Impacted products: SQL Server, Windows 2000, Windows 2003, Windows 2008 R0, ESX, ESXi, vCenter Server, VirtualCenter, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: user account.
Number of vulnerabilities in this bulletin: 4.
Creation date: 09/07/2008.
Identifiers: 941203, BID-30119, CERTA-2008-AVI-356, CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, ISVA-080709.1, MS08-040, VIGILANCE-VUL-7941, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2.

Description of the vulnerability

Four vulnerabilities were announced in SQL Server.

An attacker with a database operator access can obtain sensitive information, because the content of memory pages is not reinitialized. [severity:1/4; CERTA-2008-AVI-356, CVE-2008-0085]

An authenticated attacker can convert the type of long data in order to generate a buffer overflow, and thus execute code with system privileges. [severity:2/4; CVE-2008-0086]

An authenticated attacker can force SQL Server to load a backup file containing long data, in order to generate a buffer overrun, then code execution. [severity:2/4; BID-30119, CVE-2008-0107, ISVA-080709.1]

An authenticated attacker can use an INSERT query containing long data, in order to generate a buffer overrun, then code execution. [severity:2/4; CVE-2008-0106]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-2247 CVE-2008-2248

Microsoft Exchange: Cross Site Scripting of OWA

Synthesis of the vulnerability

An attacker can generate two Cross Site Scripting in OWA in order to run operations in the context on the connected victime.
Impacted products: Exchange.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/07/2008.
Identifiers: 953747, BID-30130, CERTA-2008-AVI-355, CVE-2008-2247, CVE-2008-2248, MS08-039, VIGILANCE-VUL-7940.

Description of the vulnerability

The OWA (Outlook Web Access) service provides a web access where users can read their emails or manage their calendar. It is impacted by two Cross Site Scripting.

When an email is opened, some fields are not correctly filtered. [severity:2/4; BID-30130, CERTA-2008-AVI-355, CVE-2008-2247]

When an email is displayed, some fields are not correctly filtered. [severity:2/4; CVE-2008-2248]

An attacker can therefore execute JavaScript code in the context of the OWA web site, in order for example to read or delete victim's emails.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-1435

Windows Explorer: code execution via Saved Search

Synthesis of the vulnerability

An attacker can invite the victim to save a Saved Search file in order to execute code in Windows Explorer.
Impacted products: Windows 2008 R0, Windows Vista.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 09/07/2008.
Identifiers: 950582, BID-30109, CERTA-2008-AVI-354, CVE-2008-1435, MS08-038, VIGILANCE-VUL-7939.

Description of the vulnerability

The Saved Search feature creates files with the ".search-ms" extension.

When a ".search-ms" file is saved on the hard disk, the Windows Explorer analyzes its content. However, this file can contain malicious data leading to code execution with privileges of the victim.

An attacker can therefore invite the victim to save a Saved Search file in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2008-1454

Windows: poisoning the DNS cache

Synthesis of the vulnerability

An attacker can send answers coming from a non authoritative DNS server in order to poison the cache of the Windows DNS Server.
Impacted products: ProxyRA, Windows 2000, Windows 2003, Windows 2008 R0, Windows XP.
Severity: 3/4.
Consequences: data creation/edition.
Provenance: internet server.
Creation date: 09/07/2008.
Identifiers: 953230, BID-30132, CVE-2008-1454, MS08-037, VIGILANCE-VUL-7938.

Description of the vulnerability

The Windows DNS Server can be configured to keep in its cache answers of recent queries.

When a DNS server sends records for which it is not authoritative, these data have to be rejected. However, The Microsoft DNS server accepts to keep these malicious entries in its cache.

An attacker can therefore poison the DNS cache and redirect to a malicious site all users querying the DNS server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2008-1447

DNS: cache poisoning

Synthesis of the vulnerability

An attacker can predict DNS queries in order to poison the DNS client or cache (caching resolver).
Impacted products: ProxyRA, ProxySG par Blue Coat, IOS by Cisco, Cisco Router, Debian, Dnsmasq, BIG-IP Hardware, TMOS, Fedora, FreeBSD, MPE/iX, Tru64 UNIX, HP-UX, AIX, BIND, Juniper E-Series, Juniper J-Series, JUNOSe, Junos OS, Mandriva Linux, Mandriva NF, Windows 2000, Windows 2003, Windows 2008 R0, Windows (platform) ~ not comprehensive, Windows XP, NetBSD, NetScreen Firewall, ScreenOS, NLD, Netware, OES, OpenBSD, OpenSolaris, openSUSE, Solaris, Trusted Solaris, DNS protocol, RHEL, Slackware, SLES, TurboLinux, Unix (platform) ~ not comprehensive, ESX.
Severity: 3/4.
Consequences: data creation/edition.
Provenance: internet server.
Creation date: 09/07/2008.
Revisions dates: 22/07/2008, 24/07/2008, 25/07/2008.
Identifiers: 107064, 239392, 240048, 6702096, 7000912, 953230, BID-30131, c01506861, c01660723, CAU-EX-2008-0002, CAU-EX-2008-0003, CERTA-2002-AVI-189, CERTA-2002-AVI-200, cisco-sa-20080708-dns, CR102424, CR99135, CSCso81854, CVE-2008-1447, draft-ietf-dnsext-forgery-resilience-05, DSA-1544-2, DSA-1603-1, DSA-1604-1, DSA-1605-1, DSA-1617-1, DSA-1619-1, DSA-1619-2, DSA-1623-1, FEDORA-2008-6256, FEDORA-2008-6281, FEDORA-2009-1069, FreeBSD-SA-08:06.bind, HPSBMP02404, HPSBTU02358, HPSBUX02351, MDVSA-2008:139, MS08-037, NetBSD-SA2008-009, powerdns-advisory-2008-01, PSN-2008-06-040, RHSA-2008:0533-01, RHSA-2008:0789-01, SOL8938, SSA:2008-191-02, SSA:2008-205-01, SSRT080058, SSRT090014, SUSE-SA:2008:033, TA08-190B, TLSA-2008-26, VIGILANCE-VUL-7937, VMSA-2008-0014, VMSA-2008-0014.1, VMSA-2008-0014.2, VU#800113.

Description of the vulnerability

The DNS protocol defines a 16 bit identifier to associate an answer to its query. When attacker predicts this identifier and the UDP port number, he can send fake answers and thus poison the DNS cache.

Most implementation use a fixed port number, which increases the probability of a poisoning success. As there is only one chance of success during the TTL period, and as the poisoning does not work for each trial, this direct and old attack is not practical.

However, instead of poisoning the answer record, the attacker can poison additional records. Indeed, when the DNS client asks the address of www.example.com, the DNS server returns:
  www.example.com A 1.2.3.4 (answer)
  example.com NS dns.example.com (authoritative)
  dns.example.com A 1.2.3.5 (additional)

An attacker can therefore force the client to ask the resolution of several names (via a web page containing images for example): aaa.example.com, aab.example.com, ..., aaz.example.com. In his answers, the attacker then always provides the same additional malicious answer (www.example.com A 5.6.7.8). Even if, for example, only aab.example.com is poisoned, its additional record (www.example.com = 5.6.7.8) will be stored in the cache.

An attacker can therefore poison the DNS cache/client and redirect all users to a malicious site.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2868