The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer threat bulletin 8654

FortiGate: bypassing via an archive

Synthesis of the vulnerability

An attacker can create an archive containing a virus which is not detected by FortiGate.
Severity: 2/4.
Creation date: 20/04/2009.
Identifiers: BID-34583, VIGILANCE-VUL-8654.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create an archive containing a virus which is not detected by FortiGate.
Full Vigil@nce bulletin... (Free trial)

security announce 8653

Avast: bypassing via RAR

Synthesis of the vulnerability

An attacker can create a RAR archive containing a virus which is not detected by Avast.
Severity: 2/4.
Creation date: 20/04/2009.
Identifiers: BID-34578, TZO-09-2009, VIGILANCE-VUL-8653.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a RAR archive containing a virus which is not detected by Avast.
Full Vigil@nce bulletin... (Free trial)

computer threat note 8652

Linux kernel: buffer overflow via CIFS

Synthesis of the vulnerability

An attacker can setup a malicious CIFS server and invite the victim to mount a share in order to generate an overflow in the kernel.
Severity: 2/4.
Creation date: 20/04/2009.
Identifiers: BID-34612, BID-34615, VIGILANCE-VUL-8652.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The fs/cifs directory of the Linux kernel source code implements a CIFS/SMB client, used to mount a filesystem on a remote share.

The CIFS protocol can by initialized with the Unicode support, to handle international filenames. In this case, data in packets have to be located at offsets which are a multiple of 16 bits. This forces packets to possibly contain a padding byte for each string.

The CIFS_SessSetup() function of the fs/cifs/sess.c file does not handle the padding byte when decoding the "serverDomain" string. This error generates a buffer overflow.

An attacker can therefore setup a malicious CIFS server and invite the victim to mount a share in order to generate an overflow in the kernel.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2009-0307 CVE-2009-2646

BlackBerry Enterprise Server: memory corruption via PDF

Synthesis of the vulnerability

A vulnerability of PDF Distiller can be used by an attacker to create a denial of service or to execute code in BlackBerry Enterprise Server.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/04/2009.
Identifiers: CVE-2009-0307, CVE-2009-2646, KB17953, KB17969, VIGILANCE-VUL-8651.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The BlackBerry Attachment Service service handles attachments for BlackBerry Enterprise Server.

A malformed PDF document can corrupt the memory of PDF Distiller used in BlackBerry Attachment Service.

An attacker can therefore send a malicious PDF document via email in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2009-0307

Blackberry Enterprise Server: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in Mobile Data Service Connection Service of Blackberry Enterprise Server.
Severity: 2/4.
Creation date: 17/04/2009.
Identifiers: BID-34573, CVE-2009-0307, ERNW Security Advisory 01-2009, KB17953, KB17969, VIGILANCE-VUL-8650.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Mobile Data Service Connection Service manages exchanges between mobiles and applications.

The /admin/statistics/ConfigureStatistics page is used to personalize statistics. Fields in this page are not filtered before being displayed.

An attacker can therefore generate a Cross Site Scripting in the "Customize Statistics" page of MDS Connection Service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2009-0946

FreeType: several integer overflows

Synthesis of the vulnerability

An attacker can create a malicious font in order to execute code on computers of FreeType users.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 17/04/2009.
Identifiers: 270268, 491384, 6877323, BID-34550, CERTA-2009-AVI-179, CVE-2009-0946, DSA-1784-1, MDVSA-2009:243, MDVSA-2009:243-1, MDVSA-2009:243-2, RHSA-2009:0329-02, RHSA-2009:1061-02, RHSA-2009:1062-01, SUSE-SR:2009:010, VIGILANCE-VUL-8649.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FreeType2 library handles character fonts and is used by several applications. It has several vulnerabilities.

The ft_smooth_render_generic() function does not check the glyph size. [severity:2/4]

Several functions of src/sfnt/ttcmap.c do not check the size of an array. [severity:2/4]

A compressed font generates an error in the ft_lzwstate_io() function. [severity:2/4]

An integer overflow occurs in the cff_charset_load() function. [severity:2/4]

An attacker can therefore create a malicious font and invite the victim to use it in order to execute code with rights of the application.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2009-1189

D-Bus: denial of service of dbus_signature_validate

Synthesis of the vulnerability

A local attacker can use a malicious signature in order to stop D-Bus and related applications.
Severity: 1/4.
Creation date: 17/04/2009.
Identifiers: 17803, 495804, 659934, CVE-2009-1189, DSA-1837-1, MDVSA-2009:256, MDVSA-2009:256-1, RHSA-2010:0018-01, SUSE-SR:2011:008, SUSE-SU-2011:0123-2, VIGILANCE-VUL-8648, VMSA-2010-0004, VMSA-2010-0004.1, VMSA-2010-0004.2, VMSA-2010-0004.3.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The D-Bus environment is used by applications to exchange information. It is based on a daemon and a library which is used by software.

The VIGILANCE-VUL-8158 vulnerability can be used by a local attacker in order to stop D-Bus and related applications. However, a variant of this vulnerability was not corrected.

An attacker can therefore use it to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2009-0146 CVE-2009-0147 CVE-2009-0165

Xpdf, KPDF, CUPS: code execution via JBIG2

Synthesis of the vulnerability

An attacker can create a PDF file containing a malicious JBIG2 image in order to execute code on the computer of victims opening the document.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 14.
Creation date: 17/04/2009.
Identifiers: 269008, 6827182, BID-34568, BID-34791, CERTA-2009-AVI-156, CERTA-2010-AVI-135, CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188, DSA-1790-1, DSA-1793-1, DSA-2028-1, DSA-2050-1, FEDORA-2009-3753, FEDORA-2009-3769, FEDORA-2009-3794, FEDORA-2009-3820, FEDORA-2009-6972, FEDORA-2009-6973, FEDORA-2009-6982, MDVSA-2009:101, MDVSA-2009:281, MDVSA-2009:282, MDVSA-2009:282-1, MDVSA-2009:283, MDVSA-2009:331, MDVSA-2009:346, MDVSA-2010:055, MDVSA-2010:087, MDVSA-2010:096, MDVSA-2011:175, RHSA-2009:0429-01, RHSA-2009:0430-01, RHSA-2009:0431-01, RHSA-2009:0458-01, RHSA-2009:0480-01, RHSA-2009:1501-01, RHSA-2009:1502-01, RHSA-2009:1503-01, RHSA-2010:0399-01, RHSA-2010:0400-01, SSA:2009-116-01, SSA:2009-129-01, SUSE-SA:2009:024, SUSE-SR:2009:010, SUSE-SR:2009:012, VIGILANCE-VUL-8647, VU#196617.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A PDF document is composed of "stream" objects. These objects can contain pages, images, fonts, etc. An image can be compressed with the JBIG2 (Joint Bi-level Image experts Group) compression algorithm. Several programs (Xpdf, KPDF, CUPS) share the same source code and are impacted by the same vulnerabilities of JBIG2.

Several buffer overflows can occur in setBitmap() and readSymbolDictSeg() functions. [severity:3/4; CERTA-2009-AVI-156, CVE-2009-0146]

Several integer overflows can occur in the JBIG2 decoder. [severity:3/4; CVE-2009-0147]

An integer overflow can occur in the JBIG2 decoder. [severity:2/4; CVE-2009-0165]

An uninitialized memory area can be freed, which corrupts it. [severity:3/4; CVE-2009-0166]

A malicious symbol dictionary segment generates a buffer overflow. [severity:3/4; BID-34791, CVE-2009-0195]

The program can read after the end of data, which stops it. [severity:1/4; CVE-2009-0799]

Several data validation errors lead to code execution. [severity:2/4; CVE-2009-0800]

An integer overflow leads to code execution. [severity:3/4; CVE-2009-1179]

A memory free error corrupts the memory. [severity:3/4; CVE-2009-1180]

A NULL pointer can be dereferenced, which stops the application. [severity:1/4; CVE-2009-1181]

The MMR decoder contains several buffer overflows. [severity:3/4; CVE-2009-1182]

The MMR decoder can generate an infinite loop. [severity:1/4; CVE-2009-1183]

An attacker can generate an interger overflow in CairoOutputDev.cc. [severity:3/4; CVE-2009-1187]

An attacker can generate an interger overflow in splash/SplashBitmap.cc. [severity:3/4; CVE-2009-1188]

An attacker can therefore create a PDF file containing a malicious JBIG2 image in order to execute code on the computer of victims opening the document.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2009-0163

CUPS: integer overflow via TIFF

Synthesis of the vulnerability

An attacker can create a malicious TIFF image and print it in order to create a denial of service or to execute code in CUPS.
Severity: 3/4.
Creation date: 17/04/2009.
Identifiers: BID-34571, CVE-2009-0163, DSA-1773-1, FEDORA-2009-3753, FEDORA-2009-3769, MDVSA-2009:281, MDVSA-2009:282, MDVSA-2009:282-1, MDVSA-2009:283, RHSA-2009:0428-01, RHSA-2009:0429-01, SSA:2009-116-01, STR #3031, VIGILANCE-VUL-8646.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

CUPS (Common UNIX Printing System) provides printers management under Unix. It listens on the 631/udp port, where clients connect.

The _cupsImageReadTIFF() function computes the size of a memory buffer from an integer multiplication:
  bufsize = width * height;
However, this multiplication can overflow and lead to the allocation of a short memory area. A memory corruption thus occurs when data are copied in this memory area.

An attacker can therefore print a malicious TIFF image in order to generate an integer overflow leading to a denial of service or to code execution on the server where CUPS is installed.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2009-1332

Sun Directory Server: file detection via help

Synthesis of the vulnerability

An attacker can use the help page of Sun Java System Directory Server to detect if a file exists, and to see its first line.
Severity: 2/4.
Creation date: 16/04/2009.
Identifiers: 255848, 6492611, BID-34548, CVE-2009-1332, VIGILANCE-VUL-8645.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The /manual/help/help script of Sun Java System Directory Server displays help pages. For example:
  http://server:390/manual/help/help?helpdir=...

If an attacker requests an invalid page, an error message is displayed. However, this message varies depending on the file:
 - if the file does not exist, the message is generic
 - if the file exists, the message is specific, and can contain the first line of the file.

An attacker can use the help page of Sun Java System Directory Server to detect if a file exists, and to see its first line.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 817 818 819 820 821 822 823 824 825 827 829 830 831 832 833 834 835 836 837 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2928