| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Debian Wheezy
Linux kernel: buffer overflow of NFSv4 ACLs
Synthesis of the vulnerability
A local attacker can create an overflow in the nfsd service in order to elevate his privileges.
Impacted products: Debian, Linux, RHEL.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 05/09/2008.
Identifiers: BID-31133, CERTA-2002-AVI-206, CVE-2008-3915, DSA-1636-1, RHSA-2008:0857-02, VIGILANCE-VUL-8093.
Description of the vulnerability
The Linux kernel implements a NFS service.
POSIX ACLs of shared files are converted to NFS ACLs, represented as ACEs (Access Control Entries). The init_state() function of fs/nfsd/nfs4acl.c allocates memories areas which contain ACEs of users and groups. However, the allocated size is short of 4*numberacl bytes (size difference between posix_user_ace_state and posix_ace_state structures).
A local attacker, allowed to change POSIX ACLs of files shared by NFS, can therefore define several ACLs, in order to generate an overflow. This overflow leads to code execution in the kernel.
Full Vigil@nce bulletin... (Free trial) |
Python: several overflows
Synthesis of the vulnerability
Several overflows of Python can lead to a denial of service or to code execution.
Impacted products: Debian, Mandriva Linux, Mandriva NF, NLD, OES, OpenSolaris, openSUSE, Solaris, Python, RHEL, Slackware, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 05/09/2008.
Identifiers: 230640, 273570, 6853618, BID-30491, CERTA-2008-AVI-345, CERTA-2008-AVI-391, CVE-2008-1679, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144, DSA-1667-1, DSA-1977-1, MDVSA-2008:163, MDVSA-2008:164, MDVSA-2008:186, MDVSA-2009:036, RHSA-2009:1176-01, RHSA-2009:1177-01, RHSA-2009:1178-02, SSA:2008-217-01, SUSE-SR:2008:017, VIGILANCE-VUL-8091, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5.
Description of the vulnerability
An attacker can create a malicious Python program or use special data in order to generate several overflows.
The vulnerability VIGILANCE-VUL-7290 related to imageop was not fully corrected. [severity:1/4; CERTA-2008-AVI-345, CVE-2008-1679]
Several integer overflows can occur in stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule and mmapmodule modules. [severity:2/4; 230640, CERTA-2008-AVI-391, CVE-2008-2315]
An attacker can generate an integer overflow in the _hashopenssl.c file of the hashlib module. [severity:2/4; 230640, CVE-2008-2316]
An attacker can use a long Unicode string in order to create an overflow in the unicode_resize() function or in the PyMem_RESIZE macro. [severity:2/4; CVE-2008-3142]
An attacker can generate overflow in Include/pymem.h, Modules/_csv.c, Modules/_struct.c, Modules/arraymodule.c, Modules/audioop.c, Modules/binascii.c, Modules/cPickle.c, Modules/cStringIO.c, Modules/cjkcodecs/multibytecodec.c, Modules/datetimemodule.c, Modules/md5.c, Modules/rgbimgmodule.c, Modules/stropmodule.c, Objects/bufferobject.c, Objects/listobject.c, Objects/obmalloc.c, Parser/node.c, Python/asdl.c, Python/ast.c, Python/bltinmodule.c and Python/compile.c files. Python version 2.5.2 is corrected. [severity:2/4; CVE-2008-3143]
An attacker can generate several integer overflows in the PyOS_vsnprintf() function of Python/mysnprintf.c. [severity:2/4; CVE-2008-3144]
These overflows can, depending on the context, lead to denials of service or to code execution.
Full Vigil@nce bulletin... (Free trial) |
ClamAV: denials of service
Synthesis of the vulnerability
An attacker can generate several denials of service on ClamAV.
Impacted products: ClamAV, Debian, Fedora, Mandriva Linux, openSUSE.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/09/2008.
Revision date: 04/09/2008.
Identifiers: 1089, 1141, BID-30994, BID-31051, CERTA-2008-AVI-437, CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914, DSA-1660-1, FEDORA-2008-9644, FEDORA-2008-9651, MDVSA-2008:189, MDVSA-2008:189-1, SUSE-SR:2008:018, VIGILANCE-VUL-8082.
Description of the vulnerability
An attacker can generate several denials of service on ClamAV.
A malicious CHM file can generate a denial of service. [severity:2/4; 1089, BID-30994, CERTA-2008-AVI-437, CVE-2008-1389]
Several memory and descriptor leaks can occur in freshclam/manager.c, shared/tar.c, libclamav/others.c and libclamav/sis.c. [severity:2/4; 1141]
Full Vigil@nce bulletin... (Free trial) |
WordNet: code execution
Synthesis of the vulnerability
Several WordNet vulnerabilities can be used by an attacker to execute code.
Impacted products: Debian, Mandriva Linux, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 02/09/2008.
Identifiers: BID-30958, CERTA-2002-AVI-206, CVE-2008-2149, DSA-1634-1, DSA-1634-2, MDVSA-2008:182, MDVSA-2008:182-1, ocert-2008-014, VIGILANCE-VUL-8079.
Description of the vulnerability
The WordNet suite is used to check English language. It has several vulnerabilities.
An attacker can generate an overflow in the morph.c:morphstr(), morph.c:morphword() and search.c:getindex() functions. [severity:1/4]
An attacker can generate an overflow via the WNSEARCHDIR, WNHOME and WNDBVERSION environment variables. [severity:1/4]
An attacker can generate an overflow by loading a malicious database. [severity:2/4]
Depending on the context, an attacker can therefore execute code with privileges of WordNet users.
Full Vigil@nce bulletin... (Free trial) |
Postfix: multiple vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities have been discovered in Postfix.
Impacted products: Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, TurboLinux, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/08/2008.
Revision date: 01/09/2008.
Identifiers: BID-30691, CERTA-2002-AVI-189, CERTA-2008-AVI-420, CVE-2008-2936, CVE-2008-2937, DSA-1629-2, FEDORA-2008-8593, FEDORA-2008-8595, MDVSA-2008:171, MDVSA-2009:224, MDVSA-2009:224-1, RHSA-2008:0839-01, RHSA-2011:0422-01, SUSE-SA:2008:040, TLSA-2008-31, VIGILANCE-VUL-8032, VU#938323.
Description of the vulnerability
Several vulnerabilities have been discovered in Postfix.
Postfix is a mail server. One of its vulnerabilities can be used to obtain super-user privileges. [severity:2/4; CERTA-2008-AVI-420, CVE-2008-2936, SUSE-SA:2008:040]
A Postfix vulnerability permit to a local user to read mail of others users. [severity:2/4; CVE-2008-2937, SUSE-SA:2008:040]
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: using SBNI
Synthesis of the vulnerability
A local privileged attacker can use the SBNI driver even if he does not have the CAP_NET_ADMIN capability.
Impacted products: Debian, Fedora, Linux, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity: 1/4.
Consequences: privileged access/rights.
Provenance: privileged shell.
Creation date: 29/08/2008.
Identifiers: CERTA-2002-AVI-192, CVE-2008-3525, DSA-1653-1, DSA-1655-1, FEDORA-2008-8929, FEDORA-2008-8980, MDVSA-2008:220, MDVSA-2008:220-1, MDVSA-2008:223, RHSA-2008:0787-01, RHSA-2008:0973-03, RHSA-2009:0001-01, SUSE-SA:2008:047, SUSE-SA:2008:048, SUSE-SA:2008:049, SUSE-SA:2008:051, SUSE-SA:2008:052, SUSE-SA:2008:053, SUSE-SR:2008:025, SUSE-SU-2011:0928-1, VIGILANCE-VUL-8073, VMSA-2009-0014, VMSA-2009-0014.1, VMSA-2009-0014.2.
Description of the vulnerability
The drivers/net/wan/sbni.c file implements the support of Granch SBNI12 Leased Line network devices.
The sbni_ioctl() function handles various ioctls :
- SIOCDEVRESINSTATS : reset statistics
- SIOCDEVSHWSTATE : change hardware state
- SIOCDEVENSLAVE : create a slave
- SIOCDEVEMANSIPATE : emancipate a slave
Only the user with the euid 0 is allowed to use these ioctls.
However, if root does not have the CAP_NET_ADMIN capability (unlikely) he should not be able to use these ioctls.
Full Vigil@nce bulletin... (Free trial) |
LibTIFF: code execution via LZW
Synthesis of the vulnerability
An attacker can create a malicious TIFF image in order to execute code on the computer of victims displaying this image with an application linked to LibTIFF.
Impacted products: Debian, Fedora, LibTIFF, Mandriva Linux, Mandriva NF, NLD, OES, OpenSolaris, openSUSE, Solaris, Trusted Solaris, RHEL, SLES, ESX.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 27/08/2008.
Identifiers: 265030, 6743799, 6866731, BID-30832, CERTA-2002-AVI-206, CERTA-2008-AVI-447, CVE-2008-2327, DSA-1632-1, FEDORA-2008-7370, FEDORA-2008-7388, MDVSA-2008:184, RHSA-2008:0847-01, RHSA-2008:0848-01, RHSA-2008:0863-01, SUSE-SR:2008:018, VIGILANCE-VUL-8062, VMSA-2008-0017, VMSA-2008-0017.1, VMSA-2008-0017.2.
Description of the vulnerability
The LibTIFF library provides support for TIFF images (Tagged Image File Format).
A TIFF image can optionally use the LZW (Lempel-Ziv-Welch) compression algorithm. These images are decoded by the LZWDecode() and LZWDecodeCompat() functions of tif_lzw.c file.
However, these functions do not correctly handle the CODE_CLEAR value, which leads to a buffer underflow.
An attacker can therefore create a malicious TIFF image in order to execute code on the computer of victims displaying this image with an application linked to LibTIFF.
Full Vigil@nce bulletin... (Free trial) |
Linux Kernel: denial of service via sctp_setsockopt_auth_key
Synthesis of the vulnerability
A local attacker can use maliciously the "sctp_setsockopt_auth_key()" function in order to create a denial of service on victim's computer.
Impacted products: Debian, Linux, Mandriva Linux, openSUSE, RHEL.
Severity: 2/4.
Consequences: denial of service on client.
Provenance: internet client.
Creation date: 27/08/2008.
Identifiers: BID-30847, CERTA-2002-AVI-206, CVE-2008-3526, DSA-1636-1, MDVSA-2008:223, RHSA-2008:0857-02, SUSE-SA:2008:053, VIGILANCE-VUL-8058.
Description of the vulnerability
SCTP (Stream Control Transmission Protocol) is a control protocol which can be compared in several points to TCP and UDP. SCTP uses sockets.
Linux kernel implement SCTP, and use functions such as "sctp_setsockopt_auth_key()". This last is used to specify authentication options of the socket. SCTP_AUTH_KEY option is not protected against overflow.
An attacker can therefore attribute a malicious value to the SCTP_AUTH_KEY option, in order to generate a denial of service on victim's computer.
Full Vigil@nce bulletin... (Free trial) |
Ruby: denial of service via REXML
Synthesis of the vulnerability
An attacker can create a malicious XML file in order to generate a denial of service on victim's computer.
Impacted products: Debian, Fedora, Slackware, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 26/08/2008.
Identifiers: CERTA-2002-AVI-192, CVE-2008-3790, DSA-1651-1, DSA-1652-1, DSA-1695-1, FEDORA-2008-8736, FEDORA-2008-8738, SSA:2009-120-01, VIGILANCE-VUL-8054.
Description of the vulnerability
Ruby can import libraries such as REXML. This last is used to generate and read XML files.
REXML library is vulnerable if it treats an XML file recursively. If a malicious file is open, this can generate a denial of service.
An attacker can therefore send a malicious XML file to a victim, in order to generate a denial of service on his computer.
Full Vigil@nce bulletin... (Free trial) |
Vim: command execution
Synthesis of the vulnerability
An attacker can take advantage of a lack of sanitization, to execute commands on victim's computer.
Impacted products: Debian, Mandriva Linux, Mandriva NF, RHEL, Unix (platform) ~ not comprehensive, ESX.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 25/08/2008.
Identifiers: CVE-2008-4101, DSA-1733-1, MDVSA-2008:236, MDVSA-2008:236-1, RHSA-2008:0580-01, RHSA-2008:0617-01, RHSA-2008:0618-01, VIGILANCE-VUL-8047, VMSA-2009-0004, VMSA-2009-0004.1, VMSA-2009-0004.2, VMSA-2009-0004.3.
Description of the vulnerability
The Vim program is a text editor compatible with the standard vi. It has a vulnerability related to a lack of command sanitization.
Vulnerabilities are in the "src/normal.c" file, in line 5519 and 5522. Indeed, several characters are not escaped when the K command is used. It is therefore possible to execute application from the Vim command line.
An attacker can therefore take advantages of this lack of sanitisation to execute commands on victim's computer.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Debian Wheezy:
|