The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert CVE-2009-4183

HP OpenView Storage Data Protector: information disclosure

Synthesis of the vulnerability

A local attacker can read data of HP OpenView Storage Data Protector.
Impacted products: OpenView, OpenView Storage Data Protector.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 27/01/2010.
Identifiers: BID-37964, c01992642, CERTA-2010-AVI-036, CVE-2009-4183, HPSBMA02502, SSRT090171, VIGILANCE-VUL-9381.

Description of the vulnerability

The HP OpenView Storage Data Protector product manages data of an enterprise.

A local attacker can read data of HP OpenView Storage Data Protector.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2009-4484

MySQL: buffer overflow via yaSSL

Synthesis of the vulnerability

When MySQL is compiled with yaSSL, an attacker can send an invalid certificate, in order to generate a denial of service or to execute code.
Impacted products: Debian, MySQL Community, MySQL Enterprise, openSUSE, Percona Server, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 26/01/2010.
Revision date: 28/01/2010.
Identifiers: BID-37943, CERTA-2010-AVI-080, CVE-2009-4484, DSA-1997-1, SUSE-SR:2010:007, VIGILANCE-VUL-9380.

Description of the vulnerability

The yaSSL library implements SSL. MySQL contains a copy of yaSSL.

When MySQL is compiled with yaSSL (./configure --with-ssl), it is thus impacted by the VIGILANCE-VUL-9384 vulnerability.

An attacker can therefore send an invalid certificate, in order to generate a denial of service or to execute code on applications linked with yaSSL.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2009-2693 CVE-2009-2901 CVE-2009-2902

Tomcat: three vulnerabilities of deployment

Synthesis of the vulnerability

Three vulnerabilities of the deployment/undeployment feature of Tomcat can be used by an attacker to create or delete files.
Impacted products: Tomcat, Debian, Performance Center, HP-UX, NSM Central Manager, NSMXpress, Mandriva Linux, OpenSolaris, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SLES, ESX, ESXi, vCenter Server, VirtualCenter, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Consequences: data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/01/2010.
Identifiers: BID-37942, BID-37944, BID-37945, c02181353, c02241113, CERTA-2010-AVI-041, CERTA-2010-AVI-284, CERTA-2010-AVI-446, CERTA-2011-AVI-169, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548-ERROR, DSA-2207-1, HPSBMA02535, HPSBUX02541, MDVSA-2010:176, MDVSA-2010:177, openSUSE-SU-2012:1700-1, openSUSE-SU-2012:1701-1, openSUSE-SU-2013:0147-1, PSN-2012-05-584, RHSA-2010:0119-01, RHSA-2010:0580-01, RHSA-2010:0581-01, RHSA-2010:0582-01, RHSA-2010:0583-01, RHSA-2010:0584-01, RHSA-2010:0693-01, SSRT100029, SSRT100145, SUSE-SR:2010:008, VIGILANCE-VUL-9379, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2.

Description of the vulnerability

Three vulnerabilities were announced in the deployment/undeployment feature of Tomcat.

A malicious WAR file can contain "../..", in order to overwrite a file outside the root, when it is deployed. [severity:2/4; BID-37944, CERTA-2010-AVI-041, CERTA-2010-AVI-284, CERTA-2010-AVI-446, CVE-2009-2693, CVE-2009-3548-ERROR]

When the autoDeploy is set (default case), if the undeployment fails, files are left with invalid security constraints. [severity:1/4; BID-37942, CVE-2009-2901]

When a WAR archive is named "...war", its deployment deletes files of running applications (in directories work/engine_name/host_name). [severity:2/4; BID-37945, CVE-2009-2902]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2010-0073

WebLogic: command execution via Node Manager

Synthesis of the vulnerability

An unauthenticated attacker can connect to the WebLogic Node Manager, in order to execute a command located on the system.
Impacted products: WebLogic.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 25/01/2010.
Identifiers: BID-37926, CERTA-2010-AVI-058, CERTA-2010-AVI-074, CVE-2010-0073, VIGILANCE-VUL-9378.

Description of the vulnerability

The Node Manager (beasvc.exe) listens on the port 5556/tcp, so the administrator can manage nodes of the WebLogic domain, via following instructions:
 - start
 - shutdown
 - getState
 - execScript : execute a command
 - etc.

Allowed commands for "execScript" are stored in a WebLogic directory. However, by using "..\..", an attacker can escape from this directory and execute commands available on the hard disk.

An unauthenticated attacker can therefore connect to the WebLogic Node Manager, in order to execute a command located on the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2010-0388

Sun Web Server: format string attack of WebDAV

Synthesis of the vulnerability

When WebDAV is enabled on Sun Java System Web Server, an attacker can use malicious XML data, in order to generate a format string attack, leading to a denial of service or to code execution.
Impacted products: Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 22/01/2010.
Identifiers: 275850, 6916390, BID-37910, CVE-2010-0388, VIGILANCE-VUL-9377.

Description of the vulnerability

The WebDAV extension adds the PROPFIND method to the HTTP protocol, in order to obtain properties of a path. For example:
  PROPFIND /path HTTP/1.1
  [...]
  <?xml version="1.0" encoding="iso-8859-1"?>
    <a:propfind xmlns:a="DAV:">
    <a:prop><a:getcontenttype/></a:prop>
  </a:propfind>

However, if the encoding of XML data contains format parameters, they are directly interpreted.

When WebDAV is enabled on Sun Java System Web Server, an attacker can therefore use malicious XML data, in order to generate a format string attack, leading to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2010-0389

Sun Web Server: denial of service

Synthesis of the vulnerability

An unauthenticated attacker can send an invalid HTTP query to the administration server of Sun Java System Web Server, in order to stop it.
Impacted products: Oracle iPlanet Web Server.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 22/01/2010.
Identifiers: BID-37909, CVE-2010-0389, VIGILANCE-VUL-9376.

Description of the vulnerability

An HTTP query is for example like:
  METHOD path HTTP/1.0
  GET / HTTP/1.0

However, if the administration service of Sun Java System Web Server receives a query with no method name, a NULL pointer is dereferenced in the INTpblock_copy() function of libns-httpd40.so.

An unauthenticated attacker can therefore send an invalid HTTP query to the administration server of Sun Java System Web Server, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-4074 CVE-2010-0027 CVE-2010-0244

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Internet Explorer lead to code execution.
Impacted products: IE, Windows 2000, Windows 2003, Windows 2008 R0, Windows 7, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 21/01/2010.
Identifiers: 978207, BID-37135, BID-37815, BID-37883, BID-37884, BID-37891, BID-37892, BID-37893, BID-37894, BID-37895, CERTA-2010-AVI-025, CERTA-2010-AVI-065, CVE-2009-4074, CVE-2010-0027, CVE-2010-0244, CVE-2010-0245, CVE-2010-0246, CVE-2010-0247, CVE-2010-0248, CVE-2010-0249, ISVA-100216.1, MS10-002, VIGILANCE-VUL-9375, VU#492515, ZDI-10-011, ZDI-10-012, ZDI-10-013, ZDI-10-014.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can use the Anti Cross Site Scripting feature of Internet Explorer 8, in order to create a Cross Site Scripting attack (VIGILANCE-VUL-9254). [severity:1/4; BID-37135, BID-37883, CERTA-2010-AVI-025, CVE-2009-4074]

An attacker can invite the victim to click on a url, in order to execute a program located on victim's computer (VIGILANCE-VUL-9426). [severity:4/4; BID-37884, CERTA-2010-AVI-065, CVE-2010-0027]

An attacker can create a page using a <col> element in a table, and then delete it, in order to corrupt the memory, to execute code. [severity:4/4; BID-37891, CVE-2010-0244, ZDI-10-011]

An attacker can create a page changing the structure of a table, in order to corrupt the memory, to execute code. [severity:4/4; BID-37892, CVE-2010-0245, ZDI-10-013]

The <sub> or <sup> HTML elements are use to display indexes or exponents. However, an error occurs during the computation of position, which corrupts the memory, and leads to code execution. [severity:4/4; BID-37895, CVE-2010-0246, ZDI-10-012]

An attacker can create a page using a uninitialized object or a deleted object, in order to corrupt the memory, to execute code. [severity:4/4; BID-37893, CVE-2010-0247]

An attacker can create a page cloning a DOM object and then deleting it, in order to corrupt the memory, to execute code. [severity:4/4; BID-37894, CVE-2010-0248, ZDI-10-014]

An attacker can use the createEventObject() function, in order to corrupt the memory to execute code (VIGILANCE-VUL-9353). [severity:4/4; BID-37815, CVE-2010-0249, VU#492515]
Full Vigil@nce bulletin... (Free trial)

vulnerability note 9374

SAP BusinessObjects: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of SAP BusinessObjects XI can be used by an attacker to generate a Cross Site Scripting or to obtain information.
Impacted products: Business Objects.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/01/2010.
Identifiers: BID-37900, BID-37972, PR09-02, VIGILANCE-VUL-9374.

Description of the vulnerability

Several vulnerabilities were announced in SAP BusinessObjects XI.

An attacker can use CmcApp/App/frameset.jsp, CrystalReports/jsp/common/progress.jsp, PerformanceManagement/scripts/docLoadUrl.jsp, PerformanceManagement/jsp/viewCrystalReport.jsp and PlatformServices/preferences.do pages to redirect the victim. [severity:2/4]

An attacker can generate a Cross Site Scripting with several pages. [severity:2/4]

By generating errors, an attacker can obtain the installation path. [severity:1/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 9373

Linux kernel: memory reading via Radeon r6xx/r7xx

Synthesis of the vulnerability

When the system has a Radeon r6xx/r7xx video device, a local attacker may read kernel memory.
Impacted products: Linux.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 21/01/2010.
Identifiers: BID-37903, VIGILANCE-VUL-9373.

Description of the vulnerability

The support of Radeon r6xx/r7xx video devices is implemented in the file drivers/gpu/drm/radeon/r600_cs.c.

When a local attacker has an X11 access, he can use an ioctl() to modify registers of the Radeon device, in order to force it to read memory areas of the kernel. This attack is theoretical, and was not implemented.

When the system has a Radeon r6xx/r7xx video device, a local attacker may therefore read kernel memory.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2010-0387

Sun Web Server: buffer overflow via Digest

Synthesis of the vulnerability

An attacker can use a long Digest authentication, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Impacted products: Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 21/01/2010.
Identifiers: 275850, 6916391, 6917212, BID-37896, CVE-2010-0387, VIGILANCE-VUL-9372.

Description of the vulnerability

When the HTTP Digest authentication is enabled on Sun Java System Web Server, it returns to the client:
  HTTP/1.1 401 Unauthorized
  WWW-Authenticate: Digest
     realm="realm@server" ...
The web browser then asks user for his login and password, then replies back with:
  Authorization: Digest username="my_user_name",
     realm="realm@server" ...

However, if data after Digest are too long, a buffer overflow occurs.

An attacker can therefore use a long Digest authentication, in order to generate a buffer overflow, leading to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2846