| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
History of vulnerabilities analyzed by Vigil@nce:
Oracle AS: several vulnerabilities of October 2008
Synthesis of the vulnerability
Several vulnerabilities are corrected by the CPU of October 2008.
Impacted products: Oracle AS, Oracle Portal.
Severity: 3/4.
Consequences: privileged access/rights, data reading, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 15/10/2008.
Identifiers: CERTA-2008-AVI-508, CPUOct2008, CVE-2008-2588, CVE-2008-2619, CVE-2008-3975, CVE-2008-3977, CVE-2008-3986, CVE-2008-3987, VIGILANCE-VUL-8179.
Description of the vulnerability
The CPU (Critical Patch Update) of October 2008 corrects several vulnerabilities of Oracle Application Server. Oracle's announce contains a detailed table, summarized below.
An attacker (via HTTP and not authenticated) can alter information via a vulnerability of Oracle Portal. [severity:3/4; CVE-2008-3975]
An attacker (via HTTP and not authenticated) can alter information via a vulnerability of Oracle Portal. [severity:3/4; CVE-2008-3977]
An attacker (via HTTP and authenticated) can create a denial of service via a vulnerability of Oracle Reports Developer. [severity:2/4; CVE-2008-2619]
An attacker (local and not authenticated) can obtain information via a vulnerability of Oracle JDeveloper. [severity:2/4; CERTA-2008-AVI-508, CVE-2008-2588]
An attacker (local and authenticated) can obtain information via a vulnerability of Oracle Discoverer Administrator. [severity:1/4; CVE-2008-3986]
An attacker (local and authenticated) can obtain information via a vulnerability of Oracle Discoverer Desktop. [severity:1/4; CVE-2008-3987]
Full Vigil@nce bulletin... (Free trial) |
Oracle Database: several vulnerabilities of October 2008
Synthesis of the vulnerability
Several vulnerabilities are corrected by the CPU of October 2008.
Impacted products: Oracle DB.
Severity: 2/4.
Consequences: privileged access/rights, data reading, data creation/edition.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 15.
Creation date: 15/10/2008.
Revisions dates: 13/11/2008, 07/01/2009.
Identifiers: CPUOct2008, CVE-2008-2624, CVE-2008-2625, CVE-2008-3976, CVE-2008-3980, CVE-2008-3982, CVE-2008-3983, CVE-2008-3984, CVE-2008-3989, CVE-2008-3990, CVE-2008-3991, CVE-2008-3992, CVE-2008-3994, CVE-2008-3995, CVE-2008-3996, CVE-2008-4005, VIGILANCE-VUL-8178.
Description of the vulnerability
The CPU (Critical Patch Update) of October 2008 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on DMSYS.ODM_MODEL_UTIL) can obtain information, alter information or create a denial of service via a vulnerability of Oracle Data Mining. [severity:2/4; CVE-2008-3989]
An attacker (via Oracle Net, authenticated, with the Create Public Synonym privilege) can obtain information, alter information or create a denial of service via a vulnerability of Oracle OLAP. [severity:2/4; CVE-2008-2624]
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on DBMS_CDC_PUBLISH) can obtain or alter information via a vulnerability of Change Data Capture. [severity:2/4; CVE-2008-3995]
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on DBMS_CDC_IPUBLISH) can obtain or alter information via a vulnerability of Change Data Capture. [severity:2/4; CVE-2008-3996]
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on DMSYS.DBMS_DM_EXP_INTERNAL) can obtain or alter information via a vulnerability of Oracle Data Mining. [severity:2/4; CVE-2008-3992]
An attacker (via Oracle Net, authenticated, allowed to create a session) can obtain or alter information via a vulnerability of Oracle Spatial. [severity:2/4; CVE-2008-3976]
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on SYS.LT or WMSYS.LT) can obtain or alter information via a vulnerability of Workspace Manager. [severity:2/4; CVE-2008-3982]
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on SYS.LT or WMSYS.LT) can obtain or alter information via a vulnerability of Workspace Manager. [severity:2/4; CVE-2008-3983]
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on SYS.LT or WMSYS.LT) can obtain or alter information via a vulnerability of Workspace Manager. [severity:2/4; CVE-2008-3984]
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on WMSYS.LTADM) can obtain or alter information via a vulnerability of Workspace Manager. [severity:2/4; CVE-2008-3994]
An attacker (via Oracle Net, authenticated, allowed to create a trigger) can obtain or alter information via a vulnerability of Upgrade. [severity:2/4; CVE-2008-3980]
An attacker (via Oracle Net, authenticated, allowed to create a session) can obtain information, alter information or create a denial of service via a vulnerability of Oracle Application Express. [severity:2/4; CVE-2008-4005]
An attacker (via Oracle Net, not authenticated) can obtain or alter information via a vulnerability of Core RDBMS. This vulnerability can be used by an attacker to connect to the server without authenticating. [severity:2/4; CVE-2008-2625]
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on OLAPSYS.CWM2_OLAP_AW_AWUTIL) can obtain information, alter information or create a denial of service via a vulnerability of Oracle OLAP. [severity:2/4; CVE-2008-3990]
An attacker (via Oracle Net, authenticated, with the EXECUTE privilege on OLAPSYS.CWM2_OLAP_AW_AWUTIL) can obtain information, alter information or create a denial of service via a vulnerability of Oracle OLAP. [severity:1/4; CVE-2008-3991]
Full Vigil@nce bulletin... (Free trial) |
VLC: memory corruption via XSPF
Synthesis of the vulnerability
An attacker can create a malicious XSPF playlist and invite the victim to open it with VLC in order to execute code on his computer.
Impacted products: VLC.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 15/10/2008.
Identifiers: BID-31758, CERTA-2008-AVI-509, CORE-2008-1010, CVE-2008-4558, VIGILANCE-VUL-8177.
Description of the vulnerability
The VideoLAN VLC program displays multimedia documents.
The XSPF (XML Format for Sharing Playlist) format associates a numeric identifier to each multimedia document. For example:
...
<identifier>0</identifier><location>song.mp3</location>...
<identifier>1</identifier><location>track.mp3</location>...
However, VLC directly uses this identifier as an array index. An attacker can thus for example use a negative identifier to corrupt the memory.
An attacker can therefore create a malicious XSPF playlist and invite the victim to open it with VLC in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: bypassing S_APPEND
Synthesis of the vulnerability
A local attacker can use the splice() function to bypass the S_APPEND restriction.
Impacted products: Debian, Fedora, Linux, Mandriva Linux, openSUSE, RHEL.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 15/10/2008.
Identifiers: BID-31903, CERTA-2002-AVI-217, CVE-2008-4554, DSA-1681-1, DSA-1687-1, FEDORA-2008-8929, FEDORA-2008-8980, MDVSA-2008:224, MDVSA-2008:224-1, RHSA-2008:1017-01, RHSA-2009:0009-02, SUSE-SA:2009:003, SUSE-SA:2009:030, VIGILANCE-VUL-8176.
Description of the vulnerability
A file can have special properties:
- S_NOATIME: do not update access time
- S_APPEND: open in append only mode
- etc.
The splice() system call, added in version 2.6.17, can for example be used to transfer data between descriptors. However, when splice() is used, the S_APPEND property is not honoured.
A local attacker can use the splice() function to bypass the S_APPEND restriction.
Full Vigil@nce bulletin... (Free trial) |
Windows: privilege elevation via AFD
Synthesis of the vulnerability
A local attacker can create an error in Ancillary Function Driver in order to execute code with system privileges.
Impacted products: Windows 2003, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 15/10/2008.
Revision date: 16/10/2008.
Identifiers: 956803, BID-31673, CERTA-2008-AVI-507, CVE-2008-3464, MS08-066, VIGILANCE-VUL-8175.
Description of the vulnerability
The afd.sys (Ancillary Function Driver) driver is used to access to Winsock network features.
The TDI (Transport Driver Interface) interface is used to communicate with AFD.
However, TDI does not correctly check User Mode parameters given to the kernel, which corrupts the memory.
A local attacker can therefore create an error in Ancillary Function Driver in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial) |
Windows 2000 MSMQ: code execution
Synthesis of the vulnerability
An attacker can send a malicious RPC query to the Message Queuing service in order to execute code.
Impacted products: Windows 2000.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 15/10/2008.
Identifiers: 951071, BID-31637, CERTA-2008-AVI-506, CVE-2008-3479, MS08-065, TPTI-08-07, VIGILANCE-VUL-8174.
Description of the vulnerability
The Message Queuing (MSMQ - mqsvc.exe) service handles messages of a distributed application. It is disabled by default.
When a RPC query contains a long string, a buffer overflow occurs when it is copied by mqsvc.exe.
An attacker can therefore send a malicious RPC query to the Message Queuing service in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial) |
Windows: privilege elevation via Virtual Address Descriptor
Synthesis of the vulnerability
A local attacker can generate an integer overflow in Virtual Address Descriptors in order to obtain system privileges.
Impacted products: Windows 2003, Windows 2008 R0, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 15/10/2008.
Identifiers: 956841, BID-31675, CERTA-2008-AVI-505, CVE-2008-4036, MS08-064, VIGILANCE-VUL-8173.
Description of the vulnerability
VADs (Virtual Address Descriptors) are used by applications to handle their own memory space.
However, a program can force a variable to be decremented in VAD implementation, which creates an integer overflow.
A local attacker can therefore execute a malicious program in order to obtain system privileges.
Full Vigil@nce bulletin... (Free trial) |
Windows: buffer overflow of SMB
Synthesis of the vulnerability
An authenticated attacker can execute code on servers sharing files via SMB.
Impacted products: Windows 2000, Windows 2003, Windows 2008 R0, Windows Vista, Windows XP.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: user account.
Creation date: 15/10/2008.
Identifiers: 957095, BID-31647, CERTA-2008-AVI-504, CVE-2008-4038, MS08-063, VIGILANCE-VUL-8172.
Description of the vulnerability
The SMB/CIFS protocol is used to share files or printers. This protocol uses commands: open a session, create a directory, etc.
One of these commands, which can only be called after an authentication, does not correctly check the filename size, which creates a buffer overflow.
An authenticated attacker can therefore execute code on servers sharing files via SMB.
Full Vigil@nce bulletin... (Free trial) |
Windows IIS IPP: integer overflow
Synthesis of the vulnerability
An attacker can generate an overflow on the Internet Printing Protocol service in order to execute code.
Impacted products: IIS, Windows 2000, Windows 2003, Windows 2008 R0, Windows Vista, Windows XP.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 15/10/2008.
Identifiers: 953155, BID-31682, CERTA-2008-AVI-503, CVE-2008-1446, MS08-062, VIGILANCE-VUL-8171, VU#793233.
Description of the vulnerability
The Microsoft Internet Printing Protocol service can be enabled on Microsoft IIS to allow remote users to print. The IPP protocol is based on HTTP.
An attacker allowed to connect to IPP can send a malicious HTTP POST query in order to generate an integer overflow.
An attacker can thus execute code.
Full Vigil@nce bulletin... (Free trial) |
Windows kernel: privilege elevation
Synthesis of the vulnerability
Three vulnerabilities of Windows kernel can be used by a local attacker to obtain system privileges.
Impacted products: Windows 2000, Windows 2003, Windows 2008 R0, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/10/2008.
Identifiers: 954211, BID-31570, BID-31651, BID-31652, BID-31653, CERTA-2008-AVI-502, CVE-2008-2250, CVE-2008-2251, CVE-2008-2252, CVE-2008-4510, MS08-061, VIGILANCE-VUL-8170.
Description of the vulnerability
Three vulnerabilities of Windows kernel can be used by a local attacker to obtain system privileges.
The kernel does not correctly check properties passed during windows creation. [severity:2/4; BID-31651, CERTA-2008-AVI-502, CVE-2008-2250]
When several threads use system calls, a double memory free occurs, and corrupts the memory. [severity:2/4; BID-31570, BID-31653, CVE-2008-2251, CVE-2008-4510]
Some data transmitted from the User Mode are not correctly checked by the kernel. [severity:2/4; BID-31652, CVE-2008-2252]
Full Vigil@nce bulletin... (Free trial) |
Previous page Next page Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2779
|