| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
History of vulnerabilities analyzed by Vigil@nce:
GNOME: unlocking gnome-screensaver
Synthesis of the vulnerability
A local attacker can plug a second screen, in order to stop gnome-screensaver.
Severity: 1/4.
Creation date: 15/02/2010.
Identifiers: 564464, 609789, BID-38248, CVE-2010-0422, FEDORA-2010-1855, SUSE-SR:2010:004, VIGILANCE-VUL-9452.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The gnome-screensaver program locks the screen and displays a drawing.
When a system is locked, an attacker can:
- plug a second screen
- wait for its autodetection, and wait for the password input form to be displayed on this screen
- unplug the secondary screen
- press a few keyboard keys
The gnome-screensaver then tries to handle keys associated to a non existing screen, which stops it.
A local attacker can therefore plug a second screen, in order to stop gnome-screensaver, and to access to user's session.
Full Vigil@nce bulletin... (Free trial) |
OpenOffice.org: several vulnerabilities
Synthesis of the vulnerability
An attacker can invite the victim to open a malicious document with OpenOffice.org, in order to execute code on his computer.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/02/2010.
Identifiers: BID-19849, BID-35671, BID-38218, CERTA-2006-AVI-384, CERTA-2007-AVI-546, CERTA-2009-AVI-279, CERTA-2009-AVI-435, CERTA-2009-AVI-452, CERTA-2009-AVI-538, CERTA-2010-AVI-080, CERTA-2010-AVI-253, CERTA-2010-AVI-499, CVE-2006-4339, CVE-2009-0217, CVE-2009-2493, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, DSA-1995-1, FEDORA-2010-1847, FEDORA-2010-1941, MDVSA-2010:221, RHSA-2010:0101-02, SUSE-SA:2010:017, VIGILANCE-VUL-9451, VU#456745, VU#466161, VU#845620.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in OpenOffice.org.
An attacker can create a malicious PKCS #1 signature which will be accepted as valid (VIGILANCE-VUL-6140). [severity:2/4; BID-19849, CERTA-2006-AVI-384, CERTA-2007-AVI-546, CVE-2006-4339, VU#845620]
The XMLDsig recommendation allows an attacker to bypass the signature of an XML document (VIGILANCE-VUL-8864). [severity:3/4; BID-35671, CERTA-2009-AVI-279, CERTA-2009-AVI-452, CERTA-2010-AVI-253, CVE-2009-0217, VU#466161]
On Windows, OpenOffice installs a vulnerable MSVC Runtime (VIGILANCE-VUL-8895). [severity:3/4; CERTA-2009-AVI-435, CERTA-2009-AVI-538, CVE-2009-2493, VU#456745]
An attacker can invite the victim to open a document containing a malicious XPM image with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CERTA-2010-AVI-499, CVE-2009-2949]
An attacker can invite the victim to open a document containing a malicious GIF image with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CVE-2009-2950]
An attacker can invite the victim to open a Word document containing a malicious sprmTDefTable field with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CVE-2009-3301]
An attacker can invite the victim to open a Word document containing a malicious sprmTSetBrc field with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CVE-2009-3302]
Full Vigil@nce bulletin... (Free trial) |
Adobe LiveCycle: information disclosure via BlazeDS
Synthesis of the vulnerability
An attacker can use a vulnerability of BlazeDS, in order to read files located on the LiveCycle server.
Severity: 3/4.
Creation date: 12/02/2010.
Identifiers: APSB10-05, CVE-2009-3960, VIGILANCE-VUL-9450.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The BlazeDS technology is used by Java applications to exchange messages and data with a back-end server.
The Adobe LiveCycle service uses BlazeDS.
An attacker can send an XML query to BlazeDS, which contains an external reference. BlazeDS then injects a local file in its answer.
An attacker can therefore use a vulnerability of BlazeDS, in order to read files located on the LiveCycle server.
Full Vigil@nce bulletin... (Free trial) |
Squid: denial of service via HTCP
Synthesis of the vulnerability
An attacker can send a malicious HTCP query to Squid, in order to stop it.
Severity: 2/4.
Creation date: 12/02/2010.
Identifiers: 2858, BID-38212, CVE-2010-0639, FEDORA-2010-2434, FEDORA-2010-2983, FEDORA-2010-3064, MDVSA-2010:060, openSUSE-SU-2012:0102-1, SQUID-2010:2, VIGILANCE-VUL-9449.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The HTCP (Hypertext Caching Protocol) protocol is used between cache servers. When the htcp_port directive is used in the configuration file of Squid, HTCP is enabled (this is not the default case).
When HTCP is enabled, an attacker can connect to the port 4827, and send an invalid HTCP query. A NULL pointer is then dereferenced in the htcpAccessCheck() function of the src/htcp.c file.
An attacker can therefore send a malicious HTCP query to Squid, in order to stop it.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via futex_lock_pi
Synthesis of the vulnerability
A local attacker can create a program using the Priority Inheritance, in order to stop the kernel.
Severity: 1/4.
Creation date: 12/02/2010.
Identifiers: 14256, CVE-2010-0623, MDVSA-2010:088, openSUSE-SU-2013:0927-1, SUSE-SA:2010:018, VIGILANCE-VUL-9448.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The pthread_mutexattr_init(&mutattr) function initializes attributes of a mutex. The pthread_mutexattr_setprotocol(&mutattr, PTHREAD_PRIO_INHERIT) function indicates that the mutex inherits the priority of its thread. The pthread_mutex_init(..., &mutattr) function initializes a mutex.
A Priority Inheritance mutex is implemented with a futex (file), which can be stored on a temporary ext3 filesystem (tmpfs).
The futex_lock_pi() function does not sufficiently decrement the number of users of a resource. When the tmpfs filesystem is unmounted, a fatal error then occurs in ext3_put_super().
A local attacker can thus create a program using the Priority Inheritance and tmpfs, in order to stop the kernel.
Full Vigil@nce bulletin... (Free trial) |
KDE: unlocking KRunner lock module
Synthesis of the vulnerability
A local attacker can stop KDE KScreenSaver by pressing on a key, in order to access to user's session.
Severity: 2/4.
Creation date: 12/02/2010.
Revision date: 18/02/2010.
Identifiers: 217882, 226449, 579280, advisory-20100217-1, BID-38214, CVE-2010-0923, VIGILANCE-VUL-9447.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The KScreenSaver program locks the screen and displays a drawing. It uses the KRunner Lock module.
The KRunner Lock module creates a new process to check the password. However, if the attacker quickly presses on the Return key, two processes can exist in parallel. The second process thus uses resources which are not available, and stops KScreenSaver.
A local attacker can therefore stop KDE KScreenSaver by pressing on Return key several times per second, in order to access to user's session.
Full Vigil@nce bulletin... (Free trial) |
GNOME: unlocking gnome-screensaver
Synthesis of the vulnerability
A local attacker can stop gnome-screensaver when the authentication window shakes, in order to access to user's session.
Severity: 2/4.
Creation date: 12/02/2010.
Identifiers: 598476, BID-38211, CVE-2010-0732, MDVSA-2010:109, SUSE-SR:2010:008, VIGILANCE-VUL-9446.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The gnome-screensaver program locks the screen and displays a drawing.
When the user entered five times an invalid password, the authentication window shakes. However, during this visual effect, an attacker can keep pressing the Enter key, in order to stop gnome-screensaver.
A local attacker can therefore stop gnome-screensaver when the authentication window shakes, in order to access to user's session.
Full Vigil@nce bulletin... (Free trial) |
Adobe Flash: two vulnerabilities
Synthesis of the vulnerability
An attacker can use two Adobe Flash vulnerabilities, in order to access to a domain, or to generate a denial of service.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/02/2010.
Identifiers: APSB10-06, BID-38198, BID-38200, CERTA-2010-AVI-078, CERTA-2010-AVI-081, CVE-2010-0186, CVE-2010-0187, RHSA-2010:0102-01, RHSA-2010:0103-01, SUSE-SR:2010:004, SUSE-SR:2010:006, VIGILANCE-VUL-9445.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Two vulnerabilities were announced in Adobe Flash.
A Flash application, which can be included in a pdf document, can query a domain different from its origin domain. [severity:3/4; BID-38198, CERTA-2010-AVI-078, CERTA-2010-AVI-081, CVE-2010-0186]
An attacker can generate a denial of service. [severity:1/4; BID-38200, CVE-2010-0187]
An attacker can therefore use two Adobe Flash vulnerabilities, in order to access to a domain, or to generate a denial of service.
Full Vigil@nce bulletin... (Free trial) |
SAP: three vulnerabilities
Synthesis of the vulnerability
An attacker can use three vulnerabilities of the SAP environment, in order to obtain sensitive information, or to execute some actions.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/02/2010.
Identifiers: 1175239, 1421523, 1424863, BID-38181, BID-38183, CVE-2010-1609, ONAPSIS-2010-002, ONAPSIS-2010-003, ONAPSIS-2010-004, VIGILANCE-VUL-9444.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Three vulnerabilities were announced in the SAP environment.
When the Java Message-Driven Bean example is installed, an attacker can read files located on the server. [severity:2/4; 1421523, ONAPSIS-2010-002]
An attacker can generate a Cross Site Scripting in WebDynpro, in order for example to obtain sensitive information. [severity:2/4; 1424863, BID-38181, CVE-2010-1609, ONAPSIS-2010-003]
An attacker can send an email to a victim authenticated to a SAP J2EE application, in order to execute some actions. [severity:2/4; 1175239, BID-38183, ONAPSIS-2010-004]
Full Vigil@nce bulletin... (Free trial) |
PHP: file creation via session_save_path
Synthesis of the vulnerability
An attacker can use the session_save_path() PHP function, in order to create a file outside allowed directories.
Severity: 1/4.
Creation date: 11/02/2010.
Identifiers: BID-38182, CVE-2010-1130, VIGILANCE-VUL-9443.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The session_save_path() function defines the path of the directory where PHP has to store files containing session information. This function supports an advanced syntax to define the number of sub-directories:
session_save_path("5;/data/session");
However, by using several ';' characters, an attacker can define another directory, which is not checked:
session_save_path(";/data/session;/another_directory");
An attacker can therefore use the session_save_path() PHP function, in order to create a file outside allowed directories.
Full Vigil@nce bulletin... (Free trial) |
Previous page Next page Direct access to page
1
21
41
61
81
101
121
141
161
181
201
221
241
261
281
301
321
341
361
381
401
421
441
461
481
501
521
541
561
581
601
621
641
661
681
701
721
741
761
781
801
821
841
861
881
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
921
941
961
981
1001
1021
1041
1061
1081
1101
1121
1141
1161
1181
1201
1221
1241
1261
1281
1301
1321
1341
1361
1381
1401
1421
1441
1461
1481
1501
1521
1541
1561
1581
1601
1621
1641
1661
1681
1701
1721
1741
1761
1781
1801
1821
1841
1861
1881
1901
1921
1941
1961
1981
2001
2021
2041
2061
2081
2101
2121
2141
2161
2181
2201
2221
2241
2261
2281
2301
2321
2341
2361
2381
2401
2421
2441
2461
2481
2501
2521
2541
2561
2581
2601
2621
2641
2661
2681
2701
2721
2741
2761
2781
2801
2821
2841
2861
2881
2901
2921
2924
|