The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability announce CVE-2010-0106 CVE-2010-0107 CVE-2010-0108

Symantec AV, Norton AV: several vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of Symantec and Norton products can be used by an attacker to disable the antivirus or to execute code.
Impacted products: Norton Antivirus, Norton Internet Security, Symantec AV.
Severity: 2/4.
Consequences: user access/rights, data flow.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 18/02/2010.
Identifiers: BID-38127, BID-38129, BID-38222, CERTA-2010-AVI-087, CVE-2010-0106, CVE-2010-0107, CVE-2010-0108, DSECRG-09-039, SYM10-002, SYM10-003, SYM10-004, VIGILANCE-VUL-9462.

Description of the vulnerability

Three vulnerabilities were announced in Symantec and Norton products.

A local attacker can disable the Symantec AntiVirus on-demand scan. [severity:2/4; BID-38127, CERTA-2010-AVI-087, CVE-2010-0106, SYM10-002]

An attacker can generate a buffer overflow in the SYMLTCOM.DLL ActiveX of Norton AV/IS, in order to execute code when the victim browses a malicious web site. [severity:2/4; BID-38129, CVE-2010-0107, SYM10-003]

An attacker can generate a buffer overflow in Symantec Client Proxy (CLIproxy.dll). [severity:1/4; BID-38222, CVE-2010-0108, DSECRG-09-039, SYM10-004]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-1767 CVE-2011-1768

Linux kernel: denial of service via GRE/Tunnel

Synthesis of the vulnerability

When the system starts, an attacker can send a tunneled packet, in order to stop the system.
Impacted products: Debian, Linux, RHEL.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/02/2010.
Identifiers: BID-38301, BID-38303, BID-47852, BID-47853, CVE-2011-1767, CVE-2011-1768, DSA-2240-1, DSA-2264-1, RHSA-2011:0928-01, RHSA-2011:1253-01, VIGILANCE-VUL-9461.

Description of the vulnerability

The Linux kernel implements several tunnel types :
 - GRE (Generic Routing Encapsulation) : net/ipv4/ip_gre.c
 - IP in IP : net/ipv4/ipip.c
 - IPv6 : net/ipv6/ip6_tunnel.c
 - IPv6 : net/ipv6/sit.c
 - IPv6 : net/ipv6/xfrm6_tunnel.c

When these protocols are compiled as kernel modules, and when a packet is received before the module loading, an error occurs in net_generic(), and stops the kernel.

When the system starts, an attacker can therefore send a tunneled packet, in order to stop the system.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2009-1571 CVE-2009-3988 CVE-2010-0159

Firefox, SeaMonkey, Thunderbird: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Firefox, SeaMonkey and Thunderbird can be used by an attacker to execute code on victim's computer.
Impacted products: Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, Thunderbird, openSUSE, RHEL, Slackware, SLES.
Severity: 4/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 18/02/2010.
Identifiers: 455472, 467005, 501934, 504862, 526500, 527567, 528134, 528300, 530880, 531222, 533000, 534051, 534082, BID-38285, BID-38286, BID-38287, BID-38288, BID-38289, CERTA-2010-AVI-080, CERTA-2010-AVI-082, CVE-2009-1571, CVE-2009-3988, CVE-2010-0159, CVE-2010-0160, CVE-2010-0162, DSA-1999-1, MDVSA-2010:042, MDVSA-2010:051, MFSA 2010-01, MFSA 2010-02, MFSA 2010-03, MFSA 2010-04, MFSA 2010-05, openSUSE-SU-2014:1100-1, RHSA-2010:0112-01, RHSA-2010:0113-01, RHSA-2010:0153-02, RHSA-2010:0154-02, SSA:2010-060-01, SSA:2010-065-01, SUSE-SA:2010:015, VIGILANCE-VUL-9460, ZDI-10-019, ZDI-10-046.

Description of the vulnerability

Several vulnerabilities were announced in Firefox, SeaMonkey and Thunderbird.

An attacker can generate several memory corruptions, leading to code execution. [severity:4/4; 467005, 501934, 527567, 528134, 528300, 530880, 534082, BID-38286, CVE-2010-0159, MFSA 2010-01]

An attacker can generate a memory corruption in Web Workers, leading to code execution. [severity:4/4; 531222, 533000, 534051, BID-38285, CVE-2010-0160, MFSA 2010-02, ZDI-10-046]

An HTML page can force the usage of a freed memory area, which leads to code execution. [severity:4/4; 526500, BID-38287, CERTA-2010-AVI-082, CVE-2009-1571, MFSA 2010-03]

An attacker can read window.dialogArguments, in order to generate a Cross Site Scripting. [severity:2/4; 504862, BID-38289, CVE-2009-3988, MFSA 2010-04, ZDI-10-019]

An attacker can use a SVG file and a binary Content-Type, in order to generate a Cross Site Scripting. [severity:2/4; 455472, BID-38288, CVE-2010-0162, MFSA 2010-05]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2010-0151

Cisco FWSM: denial of service of SCCP

Synthesis of the vulnerability

An attacker can use SCCP (Skinny Call Control Protocol) control messages, in order to generate a denial of service.
Impacted products: Cisco Catalyst, IOS by Cisco, Cisco Router.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 17/02/2010.
Identifiers: 111553, BID-38274, cisco-sa-20100217-fwsm, CSCtb60485, CVE-2010-0151, VIGILANCE-VUL-9459.

Description of the vulnerability

The SCCP (Skinny Call Control Protocol) protocol is used by Cisco VoIP phones, to communicate with the CallManager. A packet is composed of:
 - 4 bytes indicating the size
 - 4 null bytes
 - 4 bytes for the message type
 - message

When a malformed SCCP packet transits by Cisco FWSM, it reloads.

An attacker can therefore use SCCP control messages, in order to generate a denial of service.

This vulnerability also impacts Cisco ASA (described in the bulletin VIGILANCE-VUL-9458).
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2010-0149 CVE-2010-0150 CVE-2010-0151

Cisco ASA: several vulnerabilities

Synthesis of the vulnerability

An attacker can generate denials of service in Cisco ASA, or bypass the NTLMv1 authentication.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 17/02/2010.
Identifiers: 111485, BID-38274, BID-38275, BID-38276, BID-38277, BID-38278, BID-38279, BID-38280, BID-38281, CERTA-2010-AVI-084, CERTA-2010-AVI-085, cisco-sa-20100217-asa, CSCsy91157, CSCsz77717, CSCsz79757, CSCtb37219, CSCtb64913, CSCtc47782, CSCtc96018, CSCte21953, CVE-2010-0149, CVE-2010-0150, CVE-2010-0151, CVE-2010-0565, CVE-2010-0566, CVE-2010-0567, CVE-2010-0568, CVE-2010-0569, VIGILANCE-VUL-9458.

Description of the vulnerability

Several vulnerabilities were announced in Cisco ASA.

An attacker can use all available TCP sessions, which stay in the CLOSEWAIT state. [severity:3/4; BID-38275, CERTA-2010-AVI-085, CSCsz77717, CVE-2010-0149]

An attacker can use SIP messages generating a denial of service. [severity:3/4; BID-38277, CSCsy91157, CVE-2010-0150]

An attacker can use SIP messages generating a denial of service. [severity:2/4; BID-38281, CSCtc96018, CVE-2010-0569]

An attacker can use SCCP (Skinny Call Control Protocol) control messages generating a denial of service (VIGILANCE-VUL-9459). [severity:2/4; BID-38274, CERTA-2010-AVI-084, CSCsz79757, CVE-2010-0151]

When WebVPN is configured with the DTLS support, an attacker can send a malicious DTLS message, in order to generate a denial of service. [severity:3/4; BID-38280, CSCtb64913, CVE-2010-0565]

When a malformed TCP packet, matching a "nailed" NAT, is handled by Cisco AIP-SSM in inline mode, the system reboots. [severity:3/4; BID-38278, CSCtb37219, CVE-2010-0566]

An attacker can use IKE messages generating a denial of service. [severity:3/4; BID-38279, CSCtc47782, CVE-2010-0567]

An attacker can use an invalid user name, in order to bypass the NTLMv1 authentication. [severity:3/4; BID-38276, CSCte21953, CVE-2010-0568]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2010-0146 CVE-2010-0147 CVE-2010-0148

Cisco Security Agent: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of Cisco Security Agent, in order to access to files, to inject SQL, or to create a denial of service.
Impacted products: Secure ACS, Cisco CallManager, Cisco MeetingPlace, Cisco Unity ~ precise.
Severity: 3/4.
Consequences: data reading, data creation/edition, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 17/02/2010.
Identifiers: 111512, 111742, BID-38271, BID-38272, BID-38273, CERTA-2010-AVI-086, cisco-sa-20100217-csa, CSCtb89870, CSCtd73275, CSCtd73290, CVE-2010-0146, CVE-2010-0147, CVE-2010-0148, VIGILANCE-VUL-9457.

Description of the vulnerability

Three vulnerabilities were announced in Cisco Security Agent, which can be installed with several Cisco products.

When a server uses the Management Center of Cisco Security Agent version 6.0, an attacker can use a query traversing the root directory, in order to access to a file located on the system. [severity:3/4; BID-38271, CERTA-2010-AVI-086, CSCtd73275, CVE-2010-0146]

When a server uses the Management Center of Cisco Security Agent version 5.1, 5.2 or 6.0, an attacker can use a SQL injection, in order to alter data. [severity:3/4; BID-38272, CSCtd73290, CVE-2010-0147]

When a server uses Cisco Security Agent 5.2, an attacker can generate a denial of service. [severity:2/4; BID-38273, CSCtb89870, CVE-2010-0148]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2010-1083

Linux kernel: information disclosure via USB

Synthesis of the vulnerability

A local attacker, allowed to access to USB devices, can obtain fragments of kernel memory.
Impacted products: Debian, Linux, RHEL, SLES, ESX.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 17/02/2010.
Identifiers: CERTA-2011-AVI-571, CVE-2010-1083, DSA-2053-1, ESX400-201110001, ESX400-201110401-SG, ESX400-201110403-SG, ESX400-201110406-SG, ESX400-201110408-SG, ESX400-201110409-SG, ESX400-201110410-SG, RHSA-2010:0394-01, RHSA-2010:0631-01, RHSA-2010:0723-01, SUSE-SA:2010:019, SUSE-SA:2010:023, SUSE-SA:2010:036, SUSE-SU-2011:0928-1, VIGILANCE-VUL-9456, VMSA-2011-0004.2, VMSA-2011-0009.1, VMSA-2011-0010.2, VMSA-2011-0012, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2012-0005.

Description of the vulnerability

The processcompl() function of the drivers/usb/core/devio.c file manages USB queries. Its access is reserved to root user, or to privileged processes.

When an error occurs, this function still returns a copy of the data buffer. However, this buffer was not initialized, and it thus contains a fragment of kernel memory.

A local attacker, allowed to access to USB devices, can therefore obtain fragments of kernel memory.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2010-0283

MIT krb5: denial of service via handle_tgt_authdata

Synthesis of the vulnerability

An unauthenticated attacker can send a malformed Kerberos message to the KDC of MIT krb5, in order to stop it.
Impacted products: Fedora, MIT krb5, openSUSE, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet server.
Creation date: 17/02/2010.
Identifiers: BID-38260, CVE-2010-0283, FEDORA-2010-1722, MITKRB5-SA-2010-001, SUSE-SR:2010:005, VIGILANCE-VUL-9455.

Description of the vulnerability

The KDC of MIT krb5 manages Kerberos TGT requests from computers.

The handle_tgt_authdata() function manages the authentication of TGT. Since version 1.7 of MIT krb5, this function checks the format of received messages, and quits with an assertion error if the message is malformed.

An attacker can thus send a message with an invalid type (neither KRB5_AS_REQ, nor KRB5_TGS_REQ), in order to generate this assertion error, which stops the KDC.

An unauthenticated attacker can therefore send a malformed Kerberos message to the KDC of MIT krb5, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2010-0186 CVE-2010-0188

Adobe Acrobat/Reader: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two Adobe Acrobat/Reader vulnerabilities, in order to access to a domain, or to execute code.
Impacted products: Acrobat, NLD, OES, openSUSE, RHEL, SLES.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/02/2010.
Revision date: 15/03/2010.
Identifiers: APSB10-07, BID-38195, BID-38198, CERTA-2010-AVI-078, CERTA-2010-AVI-081, CVE-2010-0186, CVE-2010-0188, RHSA-2010:0114-01, SUSE-SR:2010:006, VIGILANCE-VUL-9454.

Description of the vulnerability

Two vulnerabilities were announced in Adobe Acrobat/Reader.

A Flash application, which can be included in a pdf document, can query a domain different from its origin domain. [severity:3/4; BID-38198, CERTA-2010-AVI-078, CERTA-2010-AVI-081, CVE-2010-0186]

A malicious PDF document can corrupt the memory, in order to generate a denial of service, and possibly to execute code. [severity:3/4; CVE-2010-0188]

An attacker can therefore use two Adobe Acrobat/Reader vulnerabilities, in order to access to a domain, or to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2010-0634

flex: invalid code generation

Synthesis of the vulnerability

An attacker can invite the victim to use flex with an invalid lex file, in order to generate incorrect C code.
Impacted products: Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Creation date: 16/02/2010.
Identifiers: 1628314, 1849805, 1849809, 1849812, CVE-2010-0634, VIGILANCE-VUL-9453.

Description of the vulnerability

The flex program reads a specification file defining rules composed of regular expressions and of code, and then generates a C program which executes the code when the related expression is found.

However, flex does not correctly handle comments nor yy_size_t sizes. The generated code is thus invalid.

An attacker can therefore invite the victim to use flex with an invalid lex file, in order to generate incorrect C code.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2846