The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability bulletin CVE-2009-3721

Evolution, yTNEF: vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of yTNEF and of the Evolution TNEF plugin can be used by an attacker to create a file or to execute code on victim's computer.
Impacted products: Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/09/2009.
Identifiers: AK20090601, BID-36294, CVE-2009-3721, oCERT-2009-013, VIGILANCE-VUL-9003.

Description of the vulnerability

The TNEF (Transport Neutral Encapsulation Format) format is used by Microsoft Outlook to send objects to a recipient. An email in TNEF format is made up of the text version of the message, and of the binary attachment containing associated objects.

The yTNEF product and the TNEF plugin for Evolution share the same code, and therefore the two same vulnerabilities.

When the attachment does not contain some properties, its title is used as a filename, in functions saveVCard(), saveVCalendar() and saveVTask(). An attacker can for example use the "/tmp/file" title, in order to create this file on victim's computer. [severity:2/4]

When the filename size is longer than 256 bytes, a buffer overflow occurs in the processTnef() function, and leads to code execution. [severity:3/4]

An attacker can therefore send a TNEF email, in order to create a file or to execute code on victim's computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2009-0199 CVE-2009-2628

VMware ACE, Player, Workstation: buffer overflow of VMnc

Synthesis of the vulnerability

An attacker can invite the victim to see a malicious video, in order to execute code on VMware ACE, Player or Workstation.
Impacted products: VMware ACE, VMware Player, VMware Workstation.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/09/2009.
Identifiers: BID-36290, CERTA-2009-AVI-389, CVE-2009-0199, CVE-2009-2628, VIGILANCE-VUL-9002, VMSA-2009-0010, VMSA-2009-0012, VU#444513.

Description of the vulnerability

The VMware ACE, Player and Workstation products use the VMnc (VMware Movie decoder) codec to display videos.

When a malicious video is opened, a buffer overflow occurs on VMnc.dll.

An attacker can therefore invite the victim to see a malicious video, in order to execute code on VMware ACE, Player or Workstation.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2009-3288

Linux kernel: NULL dereference via sg_build_indirect

Synthesis of the vulnerability

A local attacker can generate an error in a SCSI device, in order to stop the kernel or to execute privileged code.
Impacted products: Linux.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 04/09/2009.
Identifiers: BID-36238, CVE-2009-3288, VIGILANCE-VUL-9001.

Description of the vulnerability

The drivers/scsi/sg.c file implements the interface for generic SCSI devices.

The sg_build_indirect() function, which is called by sg_open(), frees memory pages when an error occurs (such as a cdrom burning error). However, the index to memory pages in not incremented, and __free_pages() is called with a NULL pointer.

A local attacker can therefore generate an error in a SCSI device, in order to stop the kernel.

An attacker can also use this vulnerability with VIGILANCE-VUL-8953/VIGILANCE-VUL-8861 in order to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2009-3087 CVE-2009-3094 CVE-2009-3095

Several products: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in numerous products.
Impacted products: Apache httpd, OpenOffice, NetWorker, F-PROT AV, FreeBSD, OpenView, OpenView NNM, OpenView Operations, HP Operations, Domino, Kaspersky AV, MySQL Community, MySQL Enterprise, OpenSolaris, OpenSSL, Oracle AS, Oracle Directory Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, WebLogic, Percona Server, Samba, Crystal Reports, SAP ERP, NetWeaver, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 23.
Creation date: 04/09/2009.
Revisions dates: 11/09/2009, 26/10/2009.
Identifiers: BID-36242, BID-36243, BID-36248, BID-36250, BID-36252, BID-36253, BID-36254, BID-36257, BID-36258, BID-36263, BID-36267, BID-36285, BID-36286, BID-36813, BID-36818, BID-36819, BID-37640, CERTA-2009-AVI-384, CERTA-2009-AVI-424, CVE-2009-3087, CVE-2009-3094, CVE-2009-3095, CVE-2009-3098, CVE-2009-3099, CVE-2009-3111, CVE-2009-3344, CVE-2009-3345, CVE-2009-3346, CVE-2009-3569, CVE-2009-3570, CVE-2009-3571, CVE-2009-3878, CVE-2009-4481-REJECT, CVE-2009-4484, VIGILANCE-VUL-9000.

Description of the vulnerability

Several vulnerabilities were announced in numerous products. Their technical details are unknown. Individual bulletins will be created when details will be published.

Apache mod_proxy_ftp is impacted by two vulnerabilities: VIGILANCE-VUL-8994 and VIGILANCE-VUL-9038. [severity:1/4; BID-36254, CERTA-2009-AVI-424, CVE-2009-3094, CVE-2009-3095]

EMC Legato NetWorker is impacted by three vulnerabilities. [severity:1/4]

F-PROT Antivirus is impacted by two vulnerabilities. [severity:1/4]

FreeBSD is impacted by two vulnerabilities. [severity:1/4]

FreeRADIUS is impacted by the VIGILANCE-VUL-9016 vulnerability. [severity:1/4; BID-36263, CERTA-2009-AVI-384, CVE-2009-3111, CVE-2009-4481-REJECT]

HP Operations is impacted by two vulnerabilities. [severity:1/4; BID-36253, BID-36258, CVE-2009-3098, CVE-2009-3099]

HP OpenView Network Node Manager is impacted by four vulnerabilities. [severity:1/4; BID-36248]

Lotus Domino is impacted by six vulnerabilities. [severity:1/4; BID-36257, CVE-2009-3087]

Kaspersky Online Antivirus Scanner is impacted by two vulnerabilities. One vulnerability is related to kos-bin-winnt.jar containing the kosglue-7.0.26.0.dll DLL which can contain a Trojan Horse. [severity:1/4; BID-36243]

MySQL is impacted by two vulnerabilities. The first one is VIGILANCE-VUL-9380. [severity:1/4; BID-36242, BID-37640, CVE-2009-4484]

OpenOffice is impacted by three vulnerabilities. [severity:1/4; BID-36285, CVE-2009-3569, CVE-2009-3570, CVE-2009-3571]

OpenSSL is impacted by one vulnerability. [severity:1/4]

Oracle WebLogic is impacted by three vulnerabilities. [severity:1/4]

Oracle Application Server is impacted by five vulnerabilities. [severity:1/4]

PowerArchiver is impacted by one vulnerability. [severity:1/4]

SAP Crystal Reports is impacted by three vulnerabilities. [severity:1/4; BID-36267, CVE-2009-3344, CVE-2009-3345, CVE-2009-3346]

SAP NetWeaver is impacted by six vulnerabilities. [severity:1/4; BID-36252]

Samba is impacted by six vulnerabilities. [severity:1/4; BID-36250]

Sun Java System Directory Server is impacted by two vulnerabilities. [severity:1/4; BID-36286]

Sun Java System Web Proxy Server is impacted by one vulnerability. [severity:1/4]

Solaris is impacted by one vulnerability. [severity:1/4]

Sun Java System WebServer is impacted by one vulnerability. [severity:1/4; BID-36813, CVE-2009-3878]

Solaris is impacted by two vulnerabilities. [severity:1/4; BID-36818, BID-36819]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2009-2346

Asterisk: denial of service via IAX2 Call Number

Synthesis of the vulnerability

An attacker can use all available call numbers, in order to generate a denial of service on Asterisk.
Impacted products: Asterisk Open Source, Fedora.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 04/09/2009.
Identifiers: AST-2009-006, BID-36275, CERTA-2009-AVI-374, CVE-2009-2346, FEDORA-2009-9374, FEDORA-2009-9405, VIGILANCE-VUL-8999.

Description of the vulnerability

The IAX2 protocol dissociates messages using a call number, which is stored on 15 bits (32768 values).

However, an attacker can open 32768 sessions, in order to use all available numbers. Legitimate users are no longer able to use the service.

An attacker can thus use all available call numbers, in order to generate a denial of service on Asterisk.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2009-3176 CVE-2009-3269 CVE-2009-3693

IE: vulnerabilities of several ActiveX of September 2009

Synthesis of the vulnerability

Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.
Impacted products: IE.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 04/09/2009.
Revisions dates: 17/09/2009, 30/09/2009, 01/10/2009.
Identifiers: BID-36217, BID-36231, BID-36346, BID-36409, BID-36434, BID-36435, BID-36440, BID-36546, BID-36548, CVE-2009-3176, CVE-2009-3269, CVE-2009-3693, VIGILANCE-VUL-8998.

Description of the vulnerability

Several ActiveX can be used by a remote attacker to generate a denial of service or to execute code.

An attacker can generate several overflows in the PPSMediaList MList.ocx ActiveX, in order to execute code on victim's computer. [severity:2/4]

An attacker can generate a buffer overflow in the StartVideoSaving() function of the SmartVMD VideoMovementDetection.dll ActiveX, in order to execute code on victim's computer. [severity:2/4; BID-36217]

An attacker can generate a buffer overflow in the Novell iPrint Client ActiveX, in order to execute code on victim's computer. [severity:2/4; BID-36231, CVE-2009-3176]

An attacker can use the DownloadAndInstall() method of the Altiris.AeXNSPkgDL.1 AeXNSPkgDLLib.dll ActiveX, in order to execute a command on victim's computer. [severity:2/4; BID-36346]

An attacker can generate a buffer overflow in the connect() method of the Quiksoft EasyMail emimap4.dll ActiveX, in order to execute code on victim's computer. [severity:2/4; BID-36435]

An attacker can generate a buffer overflow in the AddAttachment() method of the Quiksoft EasyMail emimap4.dll ActiveX, in order to execute code on victim's computer. [severity:2/4; BID-36440]

An attacker can generate a buffer overflow in the LicenseKey parameter of the Quiksoft EasyMail emimap4.dll ActiveX, in order to execute code on victim's computer. [severity:2/4; BID-36409]

An attacker can generate a buffer overflow in the PlayerVersion parameter of the Adobe Shockwave Player ActiveX, in order to execute code on victim's computer. [severity:2/4; BID-36434, CVE-2009-3269]

An attacker can generate an overflow in the JumpMaddedID() and JumpURL() methods of the EMC KeyWorks KeyHelp keyhelp.ocx (or EMC Captiva QuickScan Pro KeyHelp keyhelp.ocx) ActiveX in order to execute code on victim's computer. [severity:2/4; BID-36546]

An attacker can generate an overflow in the ClearUserSettings() method of the Oracle Document Capture BlackIce DEVMODE ActiveX, in order to execute code on victim's computer. [severity:2/4; BID-36548]

An attacker can use the ControlJob() method of the Oracle Document Capture BlackIce DEVMODE ActiveX, in order to execute a command on victim's computer. [severity:2/4; BID-36548]

An attacker can use the MakeHttpRequest() method of the HP LoadRunner 9.5 Persits.XUpload.2 XUpload.ocx ActiveX, in order to execute a command on victim's computer. [severity:2/4; CVE-2009-3693]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2009-2404 CVE-2009-2408

SeaMonkey: vulnerabilities of SSL

Synthesis of the vulnerability

Two vulnerabilities in the handling of X.509 certificates can be used to lure the victim or to execute code.
Impacted products: SeaMonkey, openSUSE, Slackware, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/09/2009.
Identifiers: 480509, 504456, BID-35888, BID-35891, CERTA-2009-AVI-306, CERTA-2009-AVI-350, CERTA-2009-AVI-562, CVE-2009-2404, CVE-2009-2408, MFSA 2009-42, MFSA 2009-43, SSA:2009-250-01, SUSE-SR:2009:016, VIGILANCE-VUL-8997.

Description of the vulnerability

Two vulnerabilities were announced in the handling of X.509 certificates used by SSL.

An attacker can invite the victim to connect to a SSL site using a X.509 certificate with a Common Name containing a null character, in order to deceive the victim (VIGILANCE-VUL-8908). [severity:2/4; 480509, BID-35888, CERTA-2009-AVI-350, CERTA-2009-AVI-562, CVE-2009-2408, MFSA 2009-42]

An attacker can invite the victim to connect to a SSL site using a malicious X.509 certificate, in order to execute code (VIGILANCE-VUL-8906). [severity:3/4; 504456, BID-35891, CERTA-2009-AVI-306, CVE-2009-2404, MFSA 2009-43]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-3767

OpenLDAP: truncation of X.509 with null

Synthesis of the vulnerability

An attacker can invite the victim to connect to a SSL site using a X.509 certificate with a field containing a null character, in order to deceive the victim.
Impacted products: Debian, Fedora, Mandriva Linux, OpenLDAP, RHEL, JBoss EAP by Red Hat, ESX.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 03/09/2009.
Identifiers: 6239, BID-36844, CVE-2009-3767, DSA-1943-1, FEDORA-2010-0752, MDVSA-2010:026, RHSA-2010:0198-04, RHSA-2010:0543-01, RHSA-2011:0896-01, RHSA-2011:0897-01, VIGILANCE-VUL-8996, VMSA-2010-0015, VMSA-2010-0015.1.

Description of the vulnerability

The OpenLDAP client implements a SSL/TLS client.

When a X.509 certificate contains a null character in the Common Name or Subject Alternate Name field, OpenLDAP truncates this field. This vulnerability is similar to VIGILANCE-VUL-8908, even if the vulnerable source code is different.

An attacker can therefore invite the victim to connect to a SSL site using a X.509 certificate with a field containing a null character, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-3765 CVE-2009-3766

Mutt: truncation of X.509 with null

Synthesis of the vulnerability

An attacker can invite the victim to connect to a SSL site using a X.509 certificate with a field containing a null character, in order to deceive the victim.
Impacted products: OpenSolaris, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/09/2009.
Identifiers: BID-36249, BID-36251, CVE-2009-3765, CVE-2009-3766, VIGILANCE-VUL-8995.

Description of the vulnerability

The Mutt messaging client implements a SSL/TLS client.

When a X.509 certificate contains a null character in the Common Name or Subject Alternate Name field, Mutt truncates this field. This vulnerability is similar to VIGILANCE-VUL-8908, even if the vulnerable source code is different.

An attacker can therefore invite the victim to connect to a SSL site using a X.509 certificate with a field containing a null character, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-3094

Apache httpd: denial of service via mod_proxy_ftp

Synthesis of the vulnerability

A malicious FTP server can stop the mod_proxy_ftp module of Apache httpd.
Impacted products: Apache httpd, Debian, Fedora, HPE BAC, HP-UX, Mandriva Linux, Mandriva NF, NLD, OES, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, TurboLinux.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 03/09/2009.
Identifiers: BID-36260, c02160663, c03236227, CVE-2009-3094, DSA-1934-1, FEDORA-2009-12606, FEDORA-2009-12747, HPSBMU02753, HPSBUX02531, MDVSA-2009:240, MDVSA-2009:323, RHSA-2009:1461-01, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0602-02, SSA:2010-024-01, SSRT100108, SSRT100782, SUSE-SA:2009:050, TLSA-2009-30, VIGILANCE-VUL-8994.

Description of the vulnerability

The Apache server contains a "mod_proxy_ftp" module which can be used to manage FTP requests in proxy mode ("ProxyRequests On" in the configuration file).

The PASV and EPSV (RFC 2428) commands ask the FTP server the reserve a port to transfer data in passive mode. The server then answers:
  PASV : 227 Entering Passive Mode. IP1,IP2,IP3,IP4,port1,port2
  EPSV : 229 Entering Extended Passive Mode (|||port|)
The proxy has to parse these lines in order to extract the port number.

However, if the FTP server only returns the code 227 or 229 (not followed by a space), the ap_proxy_ftp_handler() function of the modules/proxy/[mod_]proxy_ftp.c file dereferences a NULL pointer.

A malicious FTP server can therefore invite the victim to connect (via an image on a web page for example), in order to stop the mod_proxy_ftp module of Apache httpd.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2870