The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Wheezy

vulnerability note CVE-2008-0668

Gnumeric: several vulnerabilities

Synthesis of the vulnerability

An attacker can create a malicious Excel file in order to corrupt the memory when it is opened in Gnumeric.
Impacted products: Debian, Fedora, Mandriva Linux, NLD, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 08/02/2008.
Identifiers: 361375, 505330, CVE-2008-0668, DSA-1546-1, FEDORA-2008-1313, FEDORA-2008-1403, MDVSA-2008:056, SUSE-SR:2008:016, VIGILANCE-VUL-7564.

Description of the vulnerability

The Gnumeric program is a spreadsheet. When victim opens a malicious Excel/XLS file with Gnumeric, several memory corruptions can occur.

A malicious Excel file creates an overflow in the excel_read_HLINK() function of ms-excel-read.c.. [severity:3/4; CVE-2008-0668]

A malicious Excel file generates integer overflows during sum operations. [severity:2/4]

These vulnerabilities lead to a denial of service or to code execution.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2007-6698

OpenLDAP: denial of service via NOOP/attr

Synthesis of the vulnerability

An authenticated attacker can modify an attribute with NOOP in order to stop slapd.
Impacted products: Debian, Fedora, Mandriva Corporate, Mandriva Linux, OpenLDAP, openSUSE, RHEL, TurboLinux.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 08/02/2008.
Identifiers: CVE-2007-6698, DSA-1541-1, FEDORA-2008-1307, MDVSA-2008:058, RHSA-2008:0110-01, SUSE-SR:2008:010, TLSA-2008-38, VIGILANCE-VUL-7563.

Description of the vulnerability

OpenLDAP implements the No-Op (NOOP, No Operation) extension to check if a request works without running it. The error code LDAP_X_NO_OPERATION is then returned.

However, if No-Op is used to test an attribute change with a BDB backend, a memory free error occurs in servers/slapd/back-bdb/modify.c. This error stops the service.

An authenticated attacker can therefore create a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2008-0554

netpbm: buffer overflow via GIF

Synthesis of the vulnerability

An attacker can create a malicious GIF image in order to create an overflow in giftopnm.
Impacted products: Debian, Mandriva Corporate, NLD, OES, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 08/02/2008.
Identifiers: 464056, BID-27682, CERTA-2008-AVI-239, CVE-2008-0554, DSA-1493-1, DSA-1579-1, MDVSA-2008:039, RHSA-2008:0131-01, VIGILANCE-VUL-7561.

Description of the vulnerability

Netpbm graphic utility suite converts images using PNM image formats.

The converter/other/giftopnm.c file contains the readImageData() function which loads a GIF image. However, this function does not check if one of the fields in the image has a size larger than MAX_LWZ_BITS. This error creates an overflow.

An attacker can therefore create a malicious GIF image in order to execute code in giftopnm.

This vulnerability has a common origin with VIGILANCE-VUL-7542 (SDL_image), VIGILANCE-VUL-7556 (Tk) et VIGILANCE-VUL-7562 (GD).
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2008-0304 CVE-2008-0412 CVE-2008-0413

Seamonkey: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Seamonkey, the worst one leading to code execution.
Impacted products: Debian, Fedora, SeaMonkey, openSUSE, RHEL, Slackware.
Severity: 4/4.
Consequences: user access/rights.
Provenance: internet server.
Confidence: confirmed by the editor (5/5).
Creation date: 08/02/2008.
Identifiers: BID-26669, BID-27406, BID-27683, BID-28012, BID-29303, CERTA-2008-AVI-062, CERTA-2008-AVI-101, CERTA-2008-AVI-105, CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0592, CVE-2008-0593, DSA-1484-1, DSA-1697-1, FEDORA-2008-1435, FEDORA-2008-1459, FEDORA-2008-1535, FEDORA-2008-1669, MFSA 2008-01, MFSA 2008-02, MFSA 2008-03, MFSA 2008-05, MFSA 2008-06, MFSA 2008-07, MFSA 2008-09, MFSA 2008-10, MFSA 2008-12, MFSA 2008-13, RHSA-2008:0104-01, SSA:2008-043-01, SUSE-SA:2008:008, VIGILANCE-VUL-7559, VU#309608, VU#661651, VU#879056.

Description of the vulnerability

Several vulnerabilities were announced in Seamonkey.

Several memory corruptions can lead to code execution. [severity:4/4; CERTA-2008-AVI-062, CERTA-2008-AVI-101, CVE-2008-0412, CVE-2008-0413, MFSA 2008-01]

An attacker can create a special page, then invite user to press keys and a button, to upload a file (VIGILANCE-VUL-7382). [severity:1/4; BID-26669, CVE-2008-0414, MFSA 2008-02]

A JavaScript script can for example execute code with chrome privileges. [severity:4/4; CVE-2008-0415, MFSA 2008-03]

An attacker can use a "chrome://" uri in order to access to Javascript files located on computer of victim (VIGILANCE-VUL-7523). [severity:2/4; BID-27406, CVE-2008-0418, MFSA 2008-05, VU#309608]

A site using designMode can obtain information, stop the browser and eventually execute code. [severity:3/4; CVE-2008-0419, MFSA 2008-06, VU#879056]

An attacker can create a BMP image with an invalid biClrUsed field of BITMAPINFOHEADER header in order to read a memory fragment. [severity:2/4; CVE-2008-0420, MFSA 2008-07]

An attacker can use "Content-Disposition: attachment" and "Content-Type: plain/text" to disturb text file handling. [severity:1/4; CVE-2008-0592, MFSA 2008-09]

A script can obtain the contents of the url after a 302 redirect. [severity:1/4; CVE-2008-0593, MFSA 2008-10]

An attacker can send an email with a external-body MIME type in order to generate a buffer overflow of 3 bytes. [severity:4/4; BID-28012, CERTA-2008-AVI-105, CVE-2008-0304, MFSA 2008-12, VU#661651]

An attacker can create several Cross Site Scripting by changing character encodings. [severity:2/4; BID-29303, CVE-2008-0416, MFSA 2008-13]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2008-0412 CVE-2008-0413 CVE-2008-0414

Firefox: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Firefox, the worst one leading to code execution.
Impacted products: Debian, Fedora, Mandriva Corporate, Mandriva Linux, Firefox, Netscape Navigator, NLD, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, TurboLinux.
Severity: 4/4.
Consequences: user access/rights.
Provenance: internet server.
Confidence: confirmed by the editor (5/5).
Creation date: 08/02/2008.
Identifiers: 238492, 6663845, 6681417, 6695896, BID-24293, BID-26669, BID-27406, BID-27683, BID-29303, CERTA-2008-AVI-062, CERTA-2008-AVI-101, CVE-2007-3090-ERROR, CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594, DSA-1484-1, DSA-1489-1, DSA-1506-1, FEDORA-2008-1435, FEDORA-2008-1459, FEDORA-2008-1535, FEDORA-2008-1669, MDVSA-2008:048, MFSA 2008-01, MFSA 2008-02, MFSA 2008-03, MFSA 2008-04, MFSA 2008-05, MFSA 2008-06, MFSA 2008-07, MFSA 2008-08, MFSA 2008-09, MFSA 2008-10, MFSA 2008-11, MFSA 2008-13, RHSA-2008:0103-01, SSA:2008-043-01, SUSE-SA:2008:008, TLSA-2008-9, VIGILANCE-VUL-7558, VU#309608, VU#879056.

Description of the vulnerability

Several vulnerabilities were announced in Firefox.

Several memory corruptions can lead to code execution. [severity:4/4; CERTA-2008-AVI-062, CERTA-2008-AVI-101, CVE-2008-0412, CVE-2008-0413, MFSA 2008-01]

An attacker can create a special page, then invite user to press keys and a button, to upload a file (VIGILANCE-VUL-7382). [severity:1/4; BID-26669, CVE-2008-0414, MFSA 2008-02]

A JavaScript script can for example execute code with chrome privileges. [severity:4/4; CVE-2008-0415, MFSA 2008-03]

A web site can inject newlines in order to corrupt the password database. [severity:1/4; CVE-2008-0417, MFSA 2008-04]

An attacker can use a "chrome://" uri in order to access to Javascript files located on computer of victim (VIGILANCE-VUL-7523). [severity:2/4; BID-27406, CVE-2008-0418, MFSA 2008-05, VU#309608]

A site using designMode can obtain information, stop the browser and eventually execute code. [severity:3/4; CVE-2008-0419, MFSA 2008-06, VU#879056]

An attacker can create a BMP image with an invalid biClrUsed field of BITMAPINFOHEADER header in order to read a memory fragment. [severity:2/4; CVE-2008-0420, MFSA 2008-07]

An attacker can use Javascript to press the button of a warning dialog (VIGILANCE-VUL-6883). [severity:2/4; BID-24293, CVE-2007-3090-ERROR, CVE-2008-0591, MFSA 2008-08]

An attacker can use "Content-Disposition: attachment" and "Content-Type: plain/text" to disturb text file handling. [severity:1/4; CVE-2008-0592, MFSA 2008-09]

A script can obtain the contents of the url after a 302 redirect. [severity:1/4; CVE-2008-0593, MFSA 2008-10]

A page contained in a DIV can bypass forgery detection warnings. [severity:1/4; CVE-2008-0594, MFSA 2008-11]

An attacker can create several Cross Site Scripting by changing character encodings. [severity:2/4; BID-29303, CVE-2008-0416, MFSA 2008-13]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2008-0553

Tcl/Tk: buffer overflow via GIF

Synthesis of the vulnerability

An attacker can create a malicious GIF image in order to create an overflow in Tcl/Tk applications displaying this image.
Impacted products: Debian, Fedora, Mandriva Corporate, Mandriva Linux, Windows (platform) ~ not comprehensive, openSUSE, Solaris, RHEL, Unix (platform) ~ not comprehensive, VMware ACE, ESX, ESXi, VMware Player, VMware Server, VMware Workstation.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 07/02/2008.
Identifiers: 237465, 464056, 6666523, 6670381, BID-27655, CERTA-2008-AVI-240, CVE-2008-0553, DSA-1490-1, DSA-1491-1, DSA-1598-1, FEDORA-2008-1122, FEDORA-2008-1131, FEDORA-2008-1323, FEDORA-2008-1384, FEDORA-2008-3545, FEDORA-2008-3621, MDVSA-2008:041, RHSA-2008:0135-01, SUSE-SR:2008:013, SUSE-SR:2008:08, VIGILANCE-VUL-7556, VMSA-2008-0009, VMSA-2008-0009.1, VMSA-2008-0009.2.

Description of the vulnerability

The Tcl/Tk environment is used to create text or graphic applications.

The generic/tkImgGIF.c file of Tk contains the ReadImage() function which loads a GIF image. However, this function does not check if one of the fields in the image has a size larger than MAX_LWZ_BITS. This error creates an overflow.

An attacker can therefore create a malicious GIF image in order to execute code in Tcl/Tk applications displaying this image.

This vulnerability has a common origin with VIGILANCE-VUL-7542 (SDL_image), VIGILANCE-VUL-7561 (netpbm) and VIGILANCE-VUL-7562 (GD).
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2008-0485 CVE-2008-0486 CVE-2008-0629

MPlayer: memory corruptions

Synthesis of the vulnerability

An attacker can use four memory corruptions of MPlayer in order to execute code.
Impacted products: Debian, Fedora, Mandriva Corporate, Mandriva Linux, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 05/02/2008.
Revision date: 07/02/2008.
Identifiers: BID-27441, BID-27499, BID-27765, BID-27766, CERTA-2008-AVI-045, CORE-2007-1218, CORE-2008-0122, CVE-2008-0485, CVE-2008-0486, CVE-2008-0629, CVE-2008-0630, DSA-1496-1, DSA-1536-1, FEDORA-2008-1543, FEDORA-2008-1581, MDVSA-2008:045, MDVSA-2008:046, MU-200802-01, SUSE-SR:2008:006, VIGILANCE-VUL-7545.

Description of the vulnerability

An attacker can use four memory corruptions of MPlayer in order to execute code.

An attacker can create a FLAC file containing a long comment in order to create an overflow in libmpdemux/demux_audio.c. [severity:3/4; BID-27441, CORE-2007-1218, CVE-2008-0486]

An attacker can create a MOV file using an incorrect array index in demux_mov.c (libmpdemux), leading to memory corruption. [severity:3/4; BID-27499, CERTA-2008-AVI-045, CORE-2008-0122, CVE-2008-0485]

An attacker can create a playlist file containing a long IPv6 url in order to create an overflow in url.c. [severity:2/4; BID-27766, CVE-2008-0630, MU-200802-01]

An attacker can create a CDDB server returning long data in order to create an overflow in stream_cddb.c. [severity:3/4; BID-27765, CVE-2008-0629, MU-200802-01]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2008-0007

Linux kernel: overflow via VM_DONTEXPAND

Synthesis of the vulnerability

An overflow can occur in drivers without the VM_DONTEXPAND flag.
Impacted products: Debian, Fedora, Linux, Mandriva Corporate, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, RHEL, SLES, TurboLinux, ESX.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 07/02/2008.
Identifiers: BID-27686, BID-27705, CVE-2008-0007, DSA-1503-1, DSA-1504-1, DSA-1565-1, FEDORA-2008-4043, MDVSA-2008:044, MDVSA-2008:072, MDVSA-2008:112, MDVSA-2008:174, RHSA-2008:0211-01, RHSA-2008:0233-01, RHSA-2008:0237-01, RHSA-2008:0787-01, RHSA-2009:0001-01, SUSE-SA:2008:006, SUSE-SA:2008:017, SUSE-SU-2011:0928-1, TLSA-2008-11, VIGILANCE-VUL-7551, VMSA-2008-00011, VMSA-2008-00011.1, VMSA-2008-00011.2.

Description of the vulnerability

The page fault handler is called when an invalid virtual address is used. This handler can for example expand the memory area via mremap().

However, during this extension, offsets are not checked by the kernel or following drivers:
 - drivers/char/drm/drm_vm.c
 - drivers/char/mspec.c
 - fs/ncpfs/mmap.c
 - kernel/relay.c
 - mm/mmap.c
 - sound/oss/via82cxxx_audio.c
 - sound/usb/usx2y/usX2Yhwdep.c
 - sound/usb/usx2y/usx2yhwdeppcm.c
These files should use VM_DONTEXPAND, but this is not the case.

A local attacker can thus corrupt the memory, which creates a denial of service and possibly code execution.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2008-0252

CherryPy: file access

Synthesis of the vulnerability

An attacker can use a malicious cookie in order to create or delete a file via CherryPy.
Impacted products: Debian, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: data creation/edition, data deletion.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 06/02/2008.
Identifiers: BID-27181, CVE-2008-0252, DSA-1481-1, VIGILANCE-VUL-7548.

Description of the vulnerability

The CherryPy environment permits to create web sites in Python.

The lib/filter/sessionfilter.py file (in version 3) or filters/sessionfilter.py file (in version 2) use the value of session cookie as file name. The expiration date of each session is then stored in the [storage_path]/session-[id-of-session] file. This file is deleted at end of session.

However, if the cookie contains "../", the file is created or deleted outside [storage_path] directory. An attacker can therefore create or delete a file on server with rights of CherryPy.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2007-6697 CVE-2008-0544

SDL_image: buffer overflows

Synthesis of the vulnerability

An attacker can create LBM or GIF images in order to execute code via applications linked to SDL_image.
Impacted products: Debian, Fedora, Mandriva Corporate, Mandriva Linux, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 04/02/2008.
Identifiers: 464056, CVE-2007-6697, CVE-2008-0544, DSA-1493-1, FEDORA-2008-1208, FEDORA-2008-1231, MDVSA-2008:040, VIGILANCE-VUL-7542.

Description of the vulnerability

The SDL_image library loads images and import them in SDL (Simple DirectMedia Layer). An attacker can use two buffer overflows of SDL_image.

An attacker can create a GIF image creating an overflow in the ReadImage/LWZReadByte() function of IMG_gif.c file, during LWZ decompression. This vulnerability has a common origin with VIGILANCE-VUL-7556 (Tk), VIGILANCE-VUL-7561 (netpbm) and VIGILANCE-VUL-7562 (GD). [severity:3/4; CVE-2007-6697]

An attacker can create a LBM image creating an overflow in the IMG_LoadLBM_RW() function of IMG_lbm.c file, during RLE decompression. [severity:3/4; CVE-2008-0544]

These overflows lead to a denial of service or to code execution.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Wheezy: