| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
History of vulnerabilities analyzed by Vigil@nce:
GNOME: unlocking gnome-screensaver
Synthesis of the vulnerability
A local attacker can plug a second screen, in order to stop gnome-screensaver.
Impacted products: Fedora, NLD, OES, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user console.
Creation date: 15/02/2010.
Identifiers: 564464, 609789, BID-38248, CVE-2010-0422, FEDORA-2010-1855, SUSE-SR:2010:004, VIGILANCE-VUL-9452.
Description of the vulnerability
The gnome-screensaver program locks the screen and displays a drawing.
When a system is locked, an attacker can:
- plug a second screen
- wait for its autodetection, and wait for the password input form to be displayed on this screen
- unplug the secondary screen
- press a few keyboard keys
The gnome-screensaver then tries to handle keys associated to a non existing screen, which stops it.
A local attacker can therefore plug a second screen, in order to stop gnome-screensaver, and to access to user's session.
Full Vigil@nce bulletin... (Free trial) |
OpenOffice.org: several vulnerabilities
Synthesis of the vulnerability
An attacker can invite the victim to open a malicious document with OpenOffice.org, in order to execute code on his computer.
Impacted products: OpenOffice, Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/02/2010.
Identifiers: BID-19849, BID-35671, BID-38218, CERTA-2006-AVI-384, CERTA-2007-AVI-546, CERTA-2009-AVI-279, CERTA-2009-AVI-435, CERTA-2009-AVI-452, CERTA-2009-AVI-538, CERTA-2010-AVI-080, CERTA-2010-AVI-253, CERTA-2010-AVI-499, CVE-2006-4339, CVE-2009-0217, CVE-2009-2493, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, DSA-1995-1, FEDORA-2010-1847, FEDORA-2010-1941, MDVSA-2010:221, RHSA-2010:0101-02, SUSE-SA:2010:017, VIGILANCE-VUL-9451, VU#456745, VU#466161, VU#845620.
Description of the vulnerability
Several vulnerabilities were announced in OpenOffice.org.
An attacker can create a malicious PKCS #1 signature which will be accepted as valid (VIGILANCE-VUL-6140). [severity:2/4; BID-19849, CERTA-2006-AVI-384, CERTA-2007-AVI-546, CVE-2006-4339, VU#845620]
The XMLDsig recommendation allows an attacker to bypass the signature of an XML document (VIGILANCE-VUL-8864). [severity:3/4; BID-35671, CERTA-2009-AVI-279, CERTA-2009-AVI-452, CERTA-2010-AVI-253, CVE-2009-0217, VU#466161]
On Windows, OpenOffice installs a vulnerable MSVC Runtime (VIGILANCE-VUL-8895). [severity:3/4; CERTA-2009-AVI-435, CERTA-2009-AVI-538, CVE-2009-2493, VU#456745]
An attacker can invite the victim to open a document containing a malicious XPM image with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CERTA-2010-AVI-499, CVE-2009-2949]
An attacker can invite the victim to open a document containing a malicious GIF image with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CVE-2009-2950]
An attacker can invite the victim to open a Word document containing a malicious sprmTDefTable field with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CVE-2009-3301]
An attacker can invite the victim to open a Word document containing a malicious sprmTSetBrc field with OpenOffice.org, in order to execute code on his computer. [severity:3/4; CVE-2009-3302]
Full Vigil@nce bulletin... (Free trial) |
Adobe LiveCycle: information disclosure via BlazeDS
Synthesis of the vulnerability
An attacker can use a vulnerability of BlazeDS, in order to read files located on the LiveCycle server.
Impacted products: Adobe LiveCycle.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 12/02/2010.
Identifiers: APSB10-05, CVE-2009-3960, VIGILANCE-VUL-9450.
Description of the vulnerability
The BlazeDS technology is used by Java applications to exchange messages and data with a back-end server.
The Adobe LiveCycle service uses BlazeDS.
An attacker can send an XML query to BlazeDS, which contains an external reference. BlazeDS then injects a local file in its answer.
An attacker can therefore use a vulnerability of BlazeDS, in order to read files located on the LiveCycle server.
Full Vigil@nce bulletin... (Free trial) |
Squid: denial of service via HTCP
Synthesis of the vulnerability
An attacker can send a malicious HTCP query to Squid, in order to stop it.
Impacted products: Fedora, Mandriva Linux, openSUSE, Squid.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 12/02/2010.
Identifiers: 2858, BID-38212, CVE-2010-0639, FEDORA-2010-2434, FEDORA-2010-2983, FEDORA-2010-3064, MDVSA-2010:060, openSUSE-SU-2012:0102-1, SQUID-2010:2, VIGILANCE-VUL-9449.
Description of the vulnerability
The HTCP (Hypertext Caching Protocol) protocol is used between cache servers. When the htcp_port directive is used in the configuration file of Squid, HTCP is enabled (this is not the default case).
When HTCP is enabled, an attacker can connect to the port 4827, and send an invalid HTCP query. A NULL pointer is then dereferenced in the htcpAccessCheck() function of the src/htcp.c file.
An attacker can therefore send a malicious HTCP query to Squid, in order to stop it.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via futex_lock_pi
Synthesis of the vulnerability
A local attacker can create a program using the Priority Inheritance, in order to stop the kernel.
Impacted products: Linux, Mandriva Linux, openSUSE.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 12/02/2010.
Identifiers: 14256, CVE-2010-0623, MDVSA-2010:088, openSUSE-SU-2013:0927-1, SUSE-SA:2010:018, VIGILANCE-VUL-9448.
Description of the vulnerability
The pthread_mutexattr_init(&mutattr) function initializes attributes of a mutex. The pthread_mutexattr_setprotocol(&mutattr, PTHREAD_PRIO_INHERIT) function indicates that the mutex inherits the priority of its thread. The pthread_mutex_init(..., &mutattr) function initializes a mutex.
A Priority Inheritance mutex is implemented with a futex (file), which can be stored on a temporary ext3 filesystem (tmpfs).
The futex_lock_pi() function does not sufficiently decrement the number of users of a resource. When the tmpfs filesystem is unmounted, a fatal error then occurs in ext3_put_super().
A local attacker can thus create a program using the Priority Inheritance and tmpfs, in order to stop the kernel.
Full Vigil@nce bulletin... (Free trial) |
KDE: unlocking KRunner lock module
Synthesis of the vulnerability
A local attacker can stop KDE KScreenSaver by pressing on a key, in order to access to user's session.
Impacted products: Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user console.
Creation date: 12/02/2010.
Revision date: 18/02/2010.
Identifiers: 217882, 226449, 579280, advisory-20100217-1, BID-38214, CVE-2010-0923, VIGILANCE-VUL-9447.
Description of the vulnerability
The KScreenSaver program locks the screen and displays a drawing. It uses the KRunner Lock module.
The KRunner Lock module creates a new process to check the password. However, if the attacker quickly presses on the Return key, two processes can exist in parallel. The second process thus uses resources which are not available, and stops KScreenSaver.
A local attacker can therefore stop KDE KScreenSaver by pressing on Return key several times per second, in order to access to user's session.
Full Vigil@nce bulletin... (Free trial) |
GNOME: unlocking gnome-screensaver
Synthesis of the vulnerability
A local attacker can stop gnome-screensaver when the authentication window shakes, in order to access to user's session.
Impacted products: Mandriva Linux, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user console.
Creation date: 12/02/2010.
Identifiers: 598476, BID-38211, CVE-2010-0732, MDVSA-2010:109, SUSE-SR:2010:008, VIGILANCE-VUL-9446.
Description of the vulnerability
The gnome-screensaver program locks the screen and displays a drawing.
When the user entered five times an invalid password, the authentication window shakes. However, during this visual effect, an attacker can keep pressing the Enter key, in order to stop gnome-screensaver.
A local attacker can therefore stop gnome-screensaver when the authentication window shakes, in order to access to user's session.
Full Vigil@nce bulletin... (Free trial) |
Adobe Flash: two vulnerabilities
Synthesis of the vulnerability
An attacker can use two Adobe Flash vulnerabilities, in order to access to a domain, or to generate a denial of service.
Impacted products: Flash Player, NLD, OES, OpenSolaris, openSUSE, Solaris, RHEL, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/02/2010.
Identifiers: APSB10-06, BID-38198, BID-38200, CERTA-2010-AVI-078, CERTA-2010-AVI-081, CVE-2010-0186, CVE-2010-0187, RHSA-2010:0102-01, RHSA-2010:0103-01, SUSE-SR:2010:004, SUSE-SR:2010:006, VIGILANCE-VUL-9445.
Description of the vulnerability
Two vulnerabilities were announced in Adobe Flash.
A Flash application, which can be included in a pdf document, can query a domain different from its origin domain. [severity:3/4; BID-38198, CERTA-2010-AVI-078, CERTA-2010-AVI-081, CVE-2010-0186]
An attacker can generate a denial of service. [severity:1/4; BID-38200, CVE-2010-0187]
An attacker can therefore use two Adobe Flash vulnerabilities, in order to access to a domain, or to generate a denial of service.
Full Vigil@nce bulletin... (Free trial) |
SAP: three vulnerabilities
Synthesis of the vulnerability
An attacker can use three vulnerabilities of the SAP environment, in order to obtain sensitive information, or to execute some actions.
Impacted products: SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/02/2010.
Identifiers: 1175239, 1421523, 1424863, BID-38181, BID-38183, CVE-2010-1609, ONAPSIS-2010-002, ONAPSIS-2010-003, ONAPSIS-2010-004, VIGILANCE-VUL-9444.
Description of the vulnerability
Three vulnerabilities were announced in the SAP environment.
When the Java Message-Driven Bean example is installed, an attacker can read files located on the server. [severity:2/4; 1421523, ONAPSIS-2010-002]
An attacker can generate a Cross Site Scripting in WebDynpro, in order for example to obtain sensitive information. [severity:2/4; 1424863, BID-38181, CVE-2010-1609, ONAPSIS-2010-003]
An attacker can send an email to a victim authenticated to a SAP J2EE application, in order to execute some actions. [severity:2/4; 1175239, BID-38183, ONAPSIS-2010-004]
Full Vigil@nce bulletin... (Free trial) |
PHP: file creation via session_save_path
Synthesis of the vulnerability
An attacker can use the session_save_path() PHP function, in order to create a file outside allowed directories.
Impacted products: PHP.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user account.
Creation date: 11/02/2010.
Identifiers: BID-38182, CVE-2010-1130, VIGILANCE-VUL-9443.
Description of the vulnerability
The session_save_path() function defines the path of the directory where PHP has to store files containing session information. This function supports an advanced syntax to define the number of sub-directories:
session_save_path("5;/data/session");
However, by using several ';' characters, an attacker can define another directory, which is not checked:
session_save_path(";/data/session;/another_directory");
An attacker can therefore use the session_save_path() PHP function, in order to create a file outside allowed directories.
Full Vigil@nce bulletin... (Free trial) |
Previous page Next page Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2775
|