The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer vulnerability note CVE-2009-0114 CVE-2009-0519 CVE-2009-0520

Flash Player: several vulnerabilities

Synthesis of the vulnerability

Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code, to obtain information or to interact with the victim to force him to execute actions.
Impacted products: Flash Player, Windows (platform) ~ not comprehensive, NLD, OpenSolaris, openSUSE, Solaris, RHEL, SLES, TurboLinux, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 25/02/2009.
Identifiers: 254909, 6764865, 6811035, APSB09-01, BID-33880, BID-33889, BID-33890, CERTA-2009-AVI-076, CVE-2009-0114, CVE-2009-0519, CVE-2009-0520, CVE-2009-0521, CVE-2009-0522, RHSA-2009:0332-01, RHSA-2009:0334-01, SUSE-SA:2009:011, TLSA-2009-12, VIGILANCE-VUL-8489.

Description of the vulnerability

Several Adobe Flash Player vulnerabilities were announced.

A Flash document can create an object, obtain references pointing to this object, and then delete the object. One of the references still points to a uninitialized memory area, which can be used to change it, in order to execute code. [severity:3/4; BID-33880, CVE-2009-0520]

Some data are not correctly checked, which leads to a denial of service. [severity:2/4; BID-33890, CVE-2009-0519]

A Clickjacking attack can be used against the Settings Manager. [severity:2/4; CERTA-2009-AVI-076, CVE-2009-0114]

Under Windows, a vulnerability in the mouse pointer handling leads to a Clickjacking. [severity:2/4; CVE-2009-0522]

Under Linux, an attacker can obtain information leading to a privilege elevation. [severity:3/4; BID-33889, CVE-2009-0521]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2009-0439

WebSphere MQ: privilege elevation via setmqaut, dmpmqaut and dspmqaut

Synthesis of the vulnerability

A local attacker can use the setmqaut, dmpmqaut and dspmqaut commands in order to obtain WebSphere MQ privileges.
Impacted products: MQSeries, WebSphere MQ.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 24/02/2009.
Identifiers: BID-33857, CERTA-2009-AVI-077, CVE-2009-0439, IZ40824, VIGILANCE-VUL-8488.

Description of the vulnerability

The setmqaut command grants and revokes authorizations. The dmpmqaut command dumps authorizations. The dspmqaut command displays authorizations.

Those three commands have a vulnerability which can be used by a local attacker to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2009-0238

Excel: code execution

Synthesis of the vulnerability

An attacker can create a malicious Excel file leading to code execution when it is opened.
Impacted products: Office, Excel.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 24/02/2009.
Revision date: 15/04/2009.
Identifiers: 968272, 968557, BID-33870, CVE-2009-0238, MS09-009, VIGILANCE-VUL-8487.

Description of the vulnerability

An Excel file is composed of objects describing the content of the spreadsheet.

When an Excel file contains a malicious field, its handling corrupts the memory.

This vulnerability can therefore be used by an attacker to execute code when the victim opens a malicious Excel file.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-0801 CVE-2009-1211

Squid, ProxySG: connection to an private service

Synthesis of the vulnerability

An attacker can use an active technology in order to obtain information from a private service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Squid.
Severity: 2/4.
Consequences: data reading, data flow.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/02/2009.
Identifiers: 3234, BID-33858, CVE-2009-0801, CVE-2009-1211, SQUID-2011:1, VIGILANCE-VUL-8486, VU#435052.

Description of the vulnerability

The Host header of the HTTP protocol defines the server name. For example, the "http://example.com/page" url sends the following HTTP query:
  GET /page HTTP/1.1
  host: example.com

Transparent proxies, such as Squid or ProxySG, use the Host header value to determine the server where to connect.

However, some active technologies, such as Flash or Java, can change the Host header.

An attacker can therefore for example create a web site hosting a malicious Java applet. When this applet runs in victim's web browser, it changes the Host header to request the proxy to connect to another computer (such as a computer unreachable from internet). The Java applet thus obtains an access to a private service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-0779

AIX: buffer overflow of pppdial

Synthesis of the vulnerability

A attacker can execute code with a buffer overflow of pppdial.
Impacted products: AIX.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: intranet server.
Creation date: 23/02/2009.
Identifiers: BID-33852, CVE-2009-0779, IZ44199, IZ44220, IZ44332, IZ44388, VIGILANCE-VUL-8485.

Description of the vulnerability

The pppdial command connects to a remote server, in order to establish a PPP (Point to Point Protocol) session.

When pppdial handles a string longer than 4000 characters, a buffer overflow occurs.

If this overflow occurs in parameters of the pppdial command line, this vulnerability can be used by a local attacker to elevate his privileges. If this overflow occurs in data received from the remote server, this vulnerability can be used by a remote attacker to execute code on the computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-0658

Adobe Acrobat/Reader: code execution via JBIG2

Synthesis of the vulnerability

An attacker can create a PDF file containing a malicious JBIG2 image in order to execute code on the computer of victims opening the document.
Impacted products: Acrobat, openSUSE, Solaris, RHEL, SLES, TurboLinux.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 20/02/2009.
Revision date: 24/02/2009.
Identifiers: 256788, 6816953, APSA09-01, APSB09-03, APSB09-04, BID-33751, CERTA-2009-AVI-094, CVE-2009-0658, RHSA-2009:0376-01, SA33901_BA, SUSE-SR:2009:009, TLSA-2009-10, VIGILANCE-VUL-8484, VU#905281.

Description of the vulnerability

A PDF document is composed of "stream" objects. These objects can contain pages, images, fonts, etc.

An image can be compressed with the JBIG2 (Joint Bi-level Image experts Group) compression algorithm.

However, Adobe Acrobat/Reader does not correctly checks data of a JBIG2 image when uncompressing it, which corrupts the memory.

An attacker can therefore create a PDF file containing a malicious JBIG2 image in order to execute code on the computer of victims opening the document.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2009-0780

OpenBSD: denial of service of bgpd

Synthesis of the vulnerability

An attacker can send a BGP message with a long AS path, in order to stop the bgpd daemon.
Impacted products: OpenBSD.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 19/02/2009.
Identifiers: BID-33828, CVE-2009-0780, VIGILANCE-VUL-8483.

Description of the vulnerability

The BGP protocol is used to maintain routes on a large IP network. Each provider network has an ASN (Autonomous System Number), and BGP establishes the list of paths which can be taken to reach another AS. For example, to reach the AS 5:
 - path a: AS 1, AS 2, AS 3, AS 5
 - path b: AS 1, AS 4, AS 5 (shorter, and thus better)

The as_path attribute of a BGP packet indicates the list of ASN already traversed.

When the bgpd daemon of OpenBSD receives a packet, it thus have to complete the as_path attribute. In order to do so, the aspath_prepend() function of the usr.sbin/bgpd/rde_attr.c file computes the required size. However, when the number of ASN in a path exceeds 255, the size is truncated, which creates an error and stops the daemon.

An attacker can therefore send a BGP message with a long AS path, in order to stop the bgpd daemon.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2009-0040

libpng: memory corruption via free

Synthesis of the vulnerability

An attacker can create a malicious PNG image in order to corrupt the memory of applications linked to libpng.
Impacted products: Debian, Fedora, libpng, Mandriva Linux, Mandriva NF, NLD, OpenSolaris, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SLES, VMware ACE, ESX, VMware Player, VMware Workstation.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 19/02/2009.
Identifiers: 259989, 674516, 6745161, 6755267, 6813939, BID-33827, CVE-2009-0040, DSA-1750-1, FEDORA-2009-1976, FEDORA-2009-2045, FEDORA-2009-2112, FEDORA-2009-2131, MDVSA-2009:051, RHSA-2009:0333-01, RHSA-2009:0340-01, SSA:2009-051-01, SUSE-SR:2009:005, VIGILANCE-VUL-8482, VMSA-2009-0007, VMSA-2009-0010, VMSA-2009-0012, VU#649212.

Description of the vulnerability

The libpng library is used by applications creating or manipulating PNG (Portable Network Graphics) image files.

It allocates arrays of elements to store information on images.

However, when there is no available memory, libpng frees all these array entries, even if they were never allocated.

An attacker can therefore create a malicious PNG image in order to corrupt the memory of applications linked to libpng. This vulnerability leads to a denial of service and possibly to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-5907

libpng: memory corruption via png_check_keyword

Synthesis of the vulnerability

An attacker can write a null byte in memory via png_check_keyword().
Impacted products: Debian, libpng, Mandriva Linux, Mandriva NF, openSUSE, SLES.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 19/02/2009.
Identifiers: CVE-2008-5907, DSA-1750-1, MDVSA-2009:051, SUSE-SR:2009:003, VIGILANCE-VUL-8481.

Description of the vulnerability

The libpng library is used by applications creating or manipulating PNG (Portable Network Graphics) image files.

A PNG image is composed of a series of fragments identified by four letters:
 - IHDR : header
 - IDAT : image data
 - tEXT : text
 - zTXt : compressed text with zlib
 - etc.

The png_check_keyword() function of the pngwutil.c file checks the name of keys for tEXT and zTXt fields. This function is called to create an image.

If the key name is too long, png_check_keyword() writes a null byte ('\0') at an invalid address, instead of writing it at the end of the string.

An attacker can therefore write a null byte in memory via png_check_keyword(), when he can control the name of a key to add in a PNG image..
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-6218

libpng: memory leak via tEXT

Synthesis of the vulnerability

An attacker can create an image containing a malicious tEXT field in order to create a denial of service in applications linked to libpng.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, libpng, Mandriva Linux, NLD, OES, openSUSE, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: document.
Creation date: 19/02/2009.
Identifiers: 468990, CERTFR-2014-AVI-502, CVE-2008-6218, DSA-1750-1, FEDORA-2008-9379, FEDORA-2008-9393, MDVSA-2010:133, openSUSE-SU-2011:0915-1, SOL15880, SUSE-SU-2011:0916-1, SUSE-SU-2011:0919-1, VIGILANCE-VUL-8480.

Description of the vulnerability

The libpng library is used by applications creating or manipulating PNG (Portable Network Graphics) image files.

A PNG image is composed of a series of fragments identified by four letters:
 - IHDR : header
 - IDAT : image data
 - tEXT : text
 - etc.

When the png_handle_tEXt() function of pngrutil.c analyzes a PNG image containing a malformed tEXT filed, a memory area is not freed.

An attacker can therefore create an image containing a malicious tEXT field in order to create a denial of service in applications linked to libpng.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2899