The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

cybersecurity alert CVE-2009-1574 CVE-2009-1632

IPsec Tools: denials of service

Synthesis of the vulnerability

An attacker can generate several denials of service in IPsec Tools.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/04/2009.
Revision date: 15/05/2009.
Identifiers: BID-34765, CERTA-2002-AVI-235, CVE-2009-1574, CVE-2009-1632, DSA-1804-1, FEDORA-2009-4291, FEDORA-2009-4298, FEDORA-2009-4394, MDVSA-2009:112, MDVSA-2009:112-1, MDVSA-2009:114, RHSA-2009:1036-01, SUSE-SR:2009:012, VIGILANCE-VUL-8684.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IPsec Tools suite implements tools for IPsec. It contains several vulnerabilities.

The isakmp_frag_extract() function of the isakmp_frag.c file does not check if the size indicated in a fragment is longer than the fragment. [severity:2/4; CVE-2009-1574]

An attacker with a valid certificate can generate a memory leak in the eay_check_x509sign() function of crypto_openssl.c. [severity:1/4]

An attacker can generate a memory leak in natt_keepalive_send() and natt_keepalive_remove() functions of nattraversal.c. [severity:2/4; CVE-2009-1632]

An attacker can therefore generate several denials of service in IPsec Tools.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note 8683

Trend Micro: bypassing via RAR, CAB and ZIP

Synthesis of the vulnerability

An attacker can create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/04/2009.
Identifiers: BID-34763, TZO-17-2009, VIGILANCE-VUL-8683.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Trend Micro products detect viruses contained in RAR, CAB and ZIP archives.

However, an attacker can create a slightly malformed archive, which can still be opened by Unrar/Unzip tools, but which cannot be opened by the antivirus.

Depending on Trend Micro product, these archives are handled in three ways:

OfficeScan and ServerProtect are vulnerable when Unrar/Unzip extracts the file on the desktop computer. These products are thus vulnerable when installed on a scan server. [severity:2/4]

InterScan Web Security Suite and InterScan Messaging Security quarantine the file by default. These products are vulnerable if the administrator changed the default configuration. [severity:2/4]

ScanMail does not indicate that the unscanned archive potentially contains a virus. This product is vulnerable in its default configuration. [severity:2/4]

An attacker can therefore create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2009-2454

Citrix Web Interface: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in Citrix Web Interface.
Severity: 2/4.
Creation date: 29/04/2009.
Identifiers: BID-34761, CTX120697, CVE-2009-2454, VIGILANCE-VUL-8682.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Citrix Web Interface (CWI) product can be installed to work with XenApp and XenDesktop.

An attacker can generate a Cross Site Scripting in Citrix Web Interface.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2009-1432

Symantec Reporting Server: message injection

Synthesis of the vulnerability

An attacker can force the login page of Symantec Reporting Server to display a malicious message.
Severity: 1/4.
Creation date: 29/04/2009.
Identifiers: BID-34668, CVE-2009-1432, SYM09-008, VIGILANCE-VUL-8681.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Symantec Reporting Server component is used by several Symantec products to generate reports.

The authentication page of Symantec Reporting Server displays a message for the user. However, this message directly originates from the url.

An attacker can therefore indicate his own message in the url. When the victim clicks on this url, the message of the attacker is then displayed on the Symantec Reporting Server site, which can deceive the victim. This vulnerability can for example be used for a phishing attack.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2009-1429 CVE-2009-1430 CVE-2009-1431

Symantec Alert Management System: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Symantec Alert Management System can be used by an attacker to execute code on the system.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 29/04/2009.
Identifiers: BID-34671, BID-34672, BID-34674, BID-34675, CERTA-2009-AVI-168, CVE-2009-1429, CVE-2009-1430, CVE-2009-1431, SYM09-007, VIGILANCE-VUL-8680, ZDI-09-018.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Alert Management System 2 (AMS2) feature is used in several Symantec products. It contains several vulnerabilities.

A command contained in a packet received on the port 12174/tcp is directly run by CreateProcessA() in Intel LANDesk Common Base Agent (CBA). [severity:3/4; BID-34671, CERTA-2009-AVI-168, CVE-2009-1429]

A remote attacker can send a long packet to the Intel Alert Originator Service (IAO.EXE, 38292/tcp) service in order to generate a buffer overflow. [severity:3/4; BID-34672, CVE-2009-1430, ZDI-09-018]

A local attacker can send a long message to the Intel Alert Originator Service (IAO.EXE) service in order to generate a buffer overflow. [severity:2/4; BID-34674, CVE-2009-1430]

A remote attacker can connect to the Intel File Transfer service (XFR.EXE, 12174/tcp) service and send it a command. [severity:3/4; BID-34675, CVE-2009-1431]

A network attacker can therefore connect to the service and execute code with SYSTEM privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-1428

Symantec Log Viewer: JavaScript injection

Synthesis of the vulnerability

An attacker can execute JavaScript code in the context of the web server of Symantec Log Viewer.
Severity: 2/4.
Creation date: 29/04/2009.
Identifiers: BID-34669, CERTA-2009-AVI-167, CVE-2009-1428, SYM09-006, VIGILANCE-VUL-8679.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Symantec Log Viewer (ccLgView.exe) feature is used in several Symantec products.

The "View Logs - Email Filtering" page of the "Statistics" option displays information coming from the filtered emails. However, the JavaScript code contained inside emails is not filtered before being injected in the HTML page.

An attacker can therefore execute JavaScript code in the context of the web server of Symantec Log Viewer, when the administrator sees logs.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2009-1478

Solaris: denial of service via DTrace

Synthesis of the vulnerability

A local attacker can use DTrace in order to stop the system.
Severity: 1/4.
Creation date: 29/04/2009.
Revision date: 04/05/2009.
Identifiers: 257708, 6823388, BID-34753, CVE-2009-1478, VIGILANCE-VUL-8678.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The DTrace feature is used to trace processes in order to debug their execution.

A user can use an ioctl to exchange information with DTrace. This ioctl uses:
 - /dev/dtrace/helper for dtrace_ioctl_helper() of usr/src/uts/common/dtrace/dtrace.c
 - /dev/dtrace/provider/fasttrap for fasttrap_ioctl() of usr/src/uts/common/dtrace/fasttrap.c

However, the dtrace_ioctl_helper() and fasttrap_ioctl() functions do not correctly validate data structure given to the ioctl. Malicious data thus panic the kernel.

A local attacker can therefore use DTrace in order to stop the system.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2009-1492 CVE-2009-1493

Adobe Acrobat/Reader: code execution via JavaScript

Synthesis of the vulnerability

An attacker can create a PDF document containing malicious JavaScript code in order to execute code on the computer of victims opening the document.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/04/2009.
Identifiers: 259028, 6836837, APSA09-02, APSB09-06, BID-34736, BID-34740, CERTA-2009-AVI-176, CVE-2009-1492, CVE-2009-1493, RHSA-2009:0478-01, SA34924_BA, SUSE-SA:2009:027, SUSE-SR:2009:011, VIGILANCE-VUL-8677, VU#970180.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A PDF document can contain JavaScript code. The Adobe JavaScript engine is impacted by two vulnerabilities.

An attacker can generate a memory corruption in the getAnnots() method. [severity:3/4; BID-34736, CERTA-2009-AVI-176, CVE-2009-1492]

An attacker can generate a buffer overflow in the customDictionaryOpen() method. [severity:3/4; BID-34740, CVE-2009-1493, SA34924_BA]

An attacker can therefore create a PDF document containing malicious JavaScript code in order to execute code on the computer of victims opening the document.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2009-0719

HP-UX: file access via useradd

Synthesis of the vulnerability

After running the useradd command, a local attacker can access to some files.
Severity: 1/4.
Creation date: 28/04/2009.
Identifiers: BID-34748, c01539431, CERTA-2009-AVI-170, CVE-2009-0719, HPSBUX02366, SSRT080120, VIGILANCE-VUL-8676.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The useradd command adds users on the system. The /etc/default/useradd file indicates default parameters:
 - HOMEDIR : home directory
 - GROUPID : gid
 - etc.

When /etc/default/useradd is missing, or when HOMEDIR/GROUPID parameters are not defined, the useradd command associates an invalid homedir/gid to the user. The user can then access to resources that he should not have access to.

After running the useradd command, a local attacker can therefore access to some files, if his parameters are incorrect.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-2438

OpenView NNM: code execution

Synthesis of the vulnerability

A remote attacker can execute code on the server using a vulnerability of HP OpenView Network Node Manager.
Severity: 3/4.
Creation date: 28/04/2009.
Revision date: 28/04/2009.
Identifiers: BID-34738, c01723303, CVE-2008-2438, HPSBMA02424, SSRT080125, VIGILANCE-VUL-8675.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenView NNM (Network Node Manager) product manages a network of computers.

The OVALARMSRV service, which listens on ports 2953/tcp and 2954/tcp, handles alarms.

An attacker can connect to the port 2954/tcp and generate a buffer overflow in the OVALARMSRV service.

A remote attacker can then execute code on the server.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 820 821 822 823 824 825 826 827 828 830 832 833 834 835 836 837 838 839 840 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2930