| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
History of vulnerabilities analyzed by Vigil@nce:
IPsec Tools: denials of service
Synthesis of the vulnerability
An attacker can generate several denials of service in IPsec Tools.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/04/2009.
Revision date: 15/05/2009.
Identifiers: BID-34765, CERTA-2002-AVI-235, CVE-2009-1574, CVE-2009-1632, DSA-1804-1, FEDORA-2009-4291, FEDORA-2009-4298, FEDORA-2009-4394, MDVSA-2009:112, MDVSA-2009:112-1, MDVSA-2009:114, RHSA-2009:1036-01, SUSE-SR:2009:012, VIGILANCE-VUL-8684.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The IPsec Tools suite implements tools for IPsec. It contains several vulnerabilities.
The isakmp_frag_extract() function of the isakmp_frag.c file does not check if the size indicated in a fragment is longer than the fragment. [severity:2/4; CVE-2009-1574]
An attacker with a valid certificate can generate a memory leak in the eay_check_x509sign() function of crypto_openssl.c. [severity:1/4]
An attacker can generate a memory leak in natt_keepalive_send() and natt_keepalive_remove() functions of nattraversal.c. [severity:2/4; CVE-2009-1632]
An attacker can therefore generate several denials of service in IPsec Tools.
Full Vigil@nce bulletin... (Free trial) |
Trend Micro: bypassing via RAR, CAB and ZIP
Synthesis of the vulnerability
An attacker can create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/04/2009.
Identifiers: BID-34763, TZO-17-2009, VIGILANCE-VUL-8683.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Trend Micro products detect viruses contained in RAR, CAB and ZIP archives.
However, an attacker can create a slightly malformed archive, which can still be opened by Unrar/Unzip tools, but which cannot be opened by the antivirus.
Depending on Trend Micro product, these archives are handled in three ways:
OfficeScan and ServerProtect are vulnerable when Unrar/Unzip extracts the file on the desktop computer. These products are thus vulnerable when installed on a scan server. [severity:2/4]
InterScan Web Security Suite and InterScan Messaging Security quarantine the file by default. These products are vulnerable if the administrator changed the default configuration. [severity:2/4]
ScanMail does not indicate that the unscanned archive potentially contains a virus. This product is vulnerable in its default configuration. [severity:2/4]
An attacker can therefore create a RAR, CAB or ZIP archive containing a virus which is not detected by Trend Micro.
Full Vigil@nce bulletin... (Free trial) |
Citrix Web Interface: Cross Site Scripting
Synthesis of the vulnerability
An attacker can generate a Cross Site Scripting in Citrix Web Interface.
Severity: 2/4.
Creation date: 29/04/2009.
Identifiers: BID-34761, CTX120697, CVE-2009-2454, VIGILANCE-VUL-8682.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Citrix Web Interface (CWI) product can be installed to work with XenApp and XenDesktop.
An attacker can generate a Cross Site Scripting in Citrix Web Interface.
Full Vigil@nce bulletin... (Free trial) |
Symantec Reporting Server: message injection
Synthesis of the vulnerability
An attacker can force the login page of Symantec Reporting Server to display a malicious message.
Severity: 1/4.
Creation date: 29/04/2009.
Identifiers: BID-34668, CVE-2009-1432, SYM09-008, VIGILANCE-VUL-8681.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Symantec Reporting Server component is used by several Symantec products to generate reports.
The authentication page of Symantec Reporting Server displays a message for the user. However, this message directly originates from the url.
An attacker can therefore indicate his own message in the url. When the victim clicks on this url, the message of the attacker is then displayed on the Symantec Reporting Server site, which can deceive the victim. This vulnerability can for example be used for a phishing attack.
Full Vigil@nce bulletin... (Free trial) |
Symantec Alert Management System: several vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities of Symantec Alert Management System can be used by an attacker to execute code on the system.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 29/04/2009.
Identifiers: BID-34671, BID-34672, BID-34674, BID-34675, CERTA-2009-AVI-168, CVE-2009-1429, CVE-2009-1430, CVE-2009-1431, SYM09-007, VIGILANCE-VUL-8680, ZDI-09-018.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Alert Management System 2 (AMS2) feature is used in several Symantec products. It contains several vulnerabilities.
A command contained in a packet received on the port 12174/tcp is directly run by CreateProcessA() in Intel LANDesk Common Base Agent (CBA). [severity:3/4; BID-34671, CERTA-2009-AVI-168, CVE-2009-1429]
A remote attacker can send a long packet to the Intel Alert Originator Service (IAO.EXE, 38292/tcp) service in order to generate a buffer overflow. [severity:3/4; BID-34672, CVE-2009-1430, ZDI-09-018]
A local attacker can send a long message to the Intel Alert Originator Service (IAO.EXE) service in order to generate a buffer overflow. [severity:2/4; BID-34674, CVE-2009-1430]
A remote attacker can connect to the Intel File Transfer service (XFR.EXE, 12174/tcp) service and send it a command. [severity:3/4; BID-34675, CVE-2009-1431]
A network attacker can therefore connect to the service and execute code with SYSTEM privileges.
Full Vigil@nce bulletin... (Free trial) |
Symantec Log Viewer: JavaScript injection
Synthesis of the vulnerability
An attacker can execute JavaScript code in the context of the web server of Symantec Log Viewer.
Severity: 2/4.
Creation date: 29/04/2009.
Identifiers: BID-34669, CERTA-2009-AVI-167, CVE-2009-1428, SYM09-006, VIGILANCE-VUL-8679.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Symantec Log Viewer (ccLgView.exe) feature is used in several Symantec products.
The "View Logs - Email Filtering" page of the "Statistics" option displays information coming from the filtered emails. However, the JavaScript code contained inside emails is not filtered before being injected in the HTML page.
An attacker can therefore execute JavaScript code in the context of the web server of Symantec Log Viewer, when the administrator sees logs.
Full Vigil@nce bulletin... (Free trial) |
Solaris: denial of service via DTrace
Synthesis of the vulnerability
A local attacker can use DTrace in order to stop the system.
Severity: 1/4.
Creation date: 29/04/2009.
Revision date: 04/05/2009.
Identifiers: 257708, 6823388, BID-34753, CVE-2009-1478, VIGILANCE-VUL-8678.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The DTrace feature is used to trace processes in order to debug their execution.
A user can use an ioctl to exchange information with DTrace. This ioctl uses:
- /dev/dtrace/helper for dtrace_ioctl_helper() of usr/src/uts/common/dtrace/dtrace.c
- /dev/dtrace/provider/fasttrap for fasttrap_ioctl() of usr/src/uts/common/dtrace/fasttrap.c
However, the dtrace_ioctl_helper() and fasttrap_ioctl() functions do not correctly validate data structure given to the ioctl. Malicious data thus panic the kernel.
A local attacker can therefore use DTrace in order to stop the system.
Full Vigil@nce bulletin... (Free trial) |
Adobe Acrobat/Reader: code execution via JavaScript
Synthesis of the vulnerability
An attacker can create a PDF document containing malicious JavaScript code in order to execute code on the computer of victims opening the document.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/04/2009.
Identifiers: 259028, 6836837, APSA09-02, APSB09-06, BID-34736, BID-34740, CERTA-2009-AVI-176, CVE-2009-1492, CVE-2009-1493, RHSA-2009:0478-01, SA34924_BA, SUSE-SA:2009:027, SUSE-SR:2009:011, VIGILANCE-VUL-8677, VU#970180.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
A PDF document can contain JavaScript code. The Adobe JavaScript engine is impacted by two vulnerabilities.
An attacker can generate a memory corruption in the getAnnots() method. [severity:3/4; BID-34736, CERTA-2009-AVI-176, CVE-2009-1492]
An attacker can generate a buffer overflow in the customDictionaryOpen() method. [severity:3/4; BID-34740, CVE-2009-1493, SA34924_BA]
An attacker can therefore create a PDF document containing malicious JavaScript code in order to execute code on the computer of victims opening the document.
Full Vigil@nce bulletin... (Free trial) |
HP-UX: file access via useradd
Synthesis of the vulnerability
After running the useradd command, a local attacker can access to some files.
Severity: 1/4.
Creation date: 28/04/2009.
Identifiers: BID-34748, c01539431, CERTA-2009-AVI-170, CVE-2009-0719, HPSBUX02366, SSRT080120, VIGILANCE-VUL-8676.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The useradd command adds users on the system. The /etc/default/useradd file indicates default parameters:
- HOMEDIR : home directory
- GROUPID : gid
- etc.
When /etc/default/useradd is missing, or when HOMEDIR/GROUPID parameters are not defined, the useradd command associates an invalid homedir/gid to the user. The user can then access to resources that he should not have access to.
After running the useradd command, a local attacker can therefore access to some files, if his parameters are incorrect.
Full Vigil@nce bulletin... (Free trial) |
OpenView NNM: code execution
Synthesis of the vulnerability
A remote attacker can execute code on the server using a vulnerability of HP OpenView Network Node Manager.
Severity: 3/4.
Creation date: 28/04/2009.
Revision date: 28/04/2009.
Identifiers: BID-34738, c01723303, CVE-2008-2438, HPSBMA02424, SSRT080125, VIGILANCE-VUL-8675.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The OpenView NNM (Network Node Manager) product manages a network of computers.
The OVALARMSRV service, which listens on ports 2953/tcp and 2954/tcp, handles alarms.
An attacker can connect to the port 2954/tcp and generate a buffer overflow in the OVALARMSRV service.
A remote attacker can then execute code on the server.
Full Vigil@nce bulletin... (Free trial) |
Previous page Next page Direct access to page
1
21
41
61
81
101
121
141
161
181
201
221
241
261
281
301
321
341
361
381
401
421
441
461
481
501
521
541
561
581
601
621
641
661
681
701
721
741
761
781
801
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
861
881
901
921
941
961
981
1001
1021
1041
1061
1081
1101
1121
1141
1161
1181
1201
1221
1241
1261
1281
1301
1321
1341
1361
1381
1401
1421
1441
1461
1481
1501
1521
1541
1561
1581
1601
1621
1641
1661
1681
1701
1721
1741
1761
1781
1801
1821
1841
1861
1881
1901
1921
1941
1961
1981
2001
2021
2041
2061
2081
2101
2121
2141
2161
2181
2201
2221
2241
2261
2281
2301
2321
2341
2361
2381
2401
2421
2441
2461
2481
2501
2521
2541
2561
2581
2601
2621
2641
2661
2681
2701
2721
2741
2761
2781
2801
2821
2841
2861
2881
2901
2921
2930
|