The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Wheezy

vulnerability note CVE-2008-2798 CVE-2008-2799 CVE-2008-2802

Thunderbird: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Thunderbird, the worst one leading to code execution.
Impacted products: Debian, Fedora, Mandriva Linux, Thunderbird, RHEL, Slackware, TurboLinux.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 02/07/2008.
Identifiers: BID-30038, CERTA-2002-AVI-189, CERTA-2008-AVI-350, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811, DSA-1615-1, DSA-1621-1, FEDORA-2008-6706, FEDORA-2008-6737, MDVSA-2008:155, MDVSA-2008:155-1, MFSA 2008-21, MFSA 2008-24, MFSA 2008-25, MFSA 2008-26, MFSA 2008-29, MFSA 2008-31, MFSA 2008-33, RHSA-2008:0616-01, SSA:2008-210-05, TLSA-2008-30, VIGILANCE-VUL-7924, VU#607267.

Description of the vulnerability

Several vulnerabilities were announced in Thunderbird.

An attacker can corrupt the memory in order to execute code. [severity:4/4; CERTA-2008-AVI-350, CVE-2008-2798, CVE-2008-2799, MFSA 2008-21]

An attacker can execute a Chrome script via a "fastload" file. [severity:4/4; CVE-2008-2802, MFSA 2008-24]

An attacker can execute code via mozIJSSubScriptLoader.loadSubScript(). [severity:4/4; CVE-2008-2803, MFSA 2008-25]

Several MIME functions incorrectly handle buffers, which can lead to overflows. [severity:1/4; MFSA 2008-26]

A malformed ".properties" files leads to usage of uninitialized memory. [severity:2/4; CVE-2008-2807, MFSA 2008-29]

The alternative name in a certificate can be used to spoof a web site (VIGILANCE-VUL-7351). [severity:1/4; CVE-2008-2809, MFSA 2008-31]

An attacker can execute code when a block is redrawn. [severity:4/4; CVE-2008-2811, MFSA 2008-33, VU#607267]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-2798 CVE-2008-2799 CVE-2008-2800

Firefox/Seamonkey: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Firefox/Seamonkey, the worst one leading to code execution.
Impacted products: Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, TurboLinux.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 02/07/2008.
Identifiers: 256408, 6786624, BID-30038, CERTA-2002-AVI-200, CERTA-2008-AVI-350, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, DSA-1607-1, DSA-1615-1, DSA-1697-1, FEDORA-2008-6127, FEDORA-2008-6193, FEDORA-2008-6196, MDVSA-2008:136, MFSA 2008-20, MFSA 2008-21, MFSA 2008-22, MFSA 2008-23, MFSA 2008-24, MFSA 2008-25, MFSA 2008-26, MFSA 2008-27, MFSA 2008-28, MFSA 2008-29, MFSA 2008-30, MFSA 2008-31, MFSA 2008-32, MFSA 2008-33, RHSA-2008:0547-01, RHSA-2008:0549-01, RHSA-2008:0569-01, SSA:2008-191-01, SSA:2008-191-03, SUSE-SA:2008:034, TLSA-2008-25, VIGILANCE-VUL-7923, VU#607267.

Description of the vulnerability

Several vulnerabilities were announced in Firefox/Seamonkey.

An attacker can corrupt the memory in order to execute code. [severity:4/4; CERTA-2008-AVI-350, CVE-2008-2798, CVE-2008-2799, MFSA 2008-21]

An attacker can create a Cross Site Scripting via JavaScript. [severity:3/4; CVE-2008-2800, MFSA 2008-22]

An attacker can invite the victim to use a modified version of a signed JAR archive. [severity:3/4; CVE-2008-2801, MFSA 2008-23]

An attacker can execute a Chrome script via a "fastload" file. [severity:4/4; CVE-2008-2802, MFSA 2008-24]

An attacker can execute code via mozIJSSubScriptLoader.loadSubScript(). [severity:4/4; CVE-2008-2803, MFSA 2008-25]

Several MIME functions incorrectly handle buffers, which can lead to overflows. [severity:1/4; MFSA 2008-26]

An attacker can upload a file via "originalTarget" and "DOM Range". [severity:3/4; CVE-2008-2805, MFSA 2008-27]

On Mac OS X, an attacker can connect to sockets via Java LiveConnect. [severity:3/4; CVE-2008-2806, MFSA 2008-28]

A malformed ".properties" files leads to usage of uninitialized memory. [severity:2/4; CVE-2008-2807, MFSA 2008-29]

Urls of "file:" type in directory listings are not correctly escaped. [severity:4/4; CVE-2008-2808, MFSA 2008-30]

The alternative name in a certificate can be used to spoof a web site (VIGILANCE-VUL-7351). [severity:1/4; CVE-2008-2809, MFSA 2008-31]

Windows shortcuts indicating a remote url are handled in the local context. [severity:2/4; CVE-2008-2810, MFSA 2008-32]

An attacker can execute code when a block is redrawn. [severity:4/4; CVE-2008-2811, MFSA 2008-33, VU#607267]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2008-2952

OpenLDAP: denial of service via ASN.1 BER

Synthesis of the vulnerability

A non authenticated attacker can send a malicious ASN.1 packet in order to stop the service.
Impacted products: Debian, Fedora, Mandriva Linux, Mandriva NF, NLD, OES, OpenLDAP, openSUSE, RHEL, SLES, TurboLinux.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 01/07/2008.
Identifiers: BID-30013, CERTA-2002-AVI-192, CVE-2008-2952, DSA-1650-1, FEDORA-2008-6029, FEDORA-2008-6062, MDVSA-2008:144, RHSA-2008:0583-01, SUSE-SR:2008:021, TLSA-2008-38, VIGILANCE-VUL-7922, ZDI-08-052.

Description of the vulnerability

The LDAP protocol uses the ASN.1 format encoded in BER (Basic Encoding Rules).

If an element is too short, an assertion error occurs in the ber_get_next() function of libraries/liblber/io.c file.

A non authenticated attacker can therefore send a malicious ASN.1 packet in order to stop the service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-3137 CVE-2008-3138 CVE-2008-3139

Wireshark: denials of service

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service.
Impacted products: Debian, Ethereal, Fedora, openSUSE, RHEL, Wireshark.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 01/07/2008.
Identifiers: BID-30020, CERTA-2002-AVI-207, CVE-2008-3137, CVE-2008-3138, CVE-2008-3139, CVE-2008-3140, CVE-2008-3141, DSA-1673-1, FEDORA-2008-6440, FEDORA-2008-6645, RHSA-2008:0890-01, SUSE-SR:2008:017, VIGILANCE-VUL-7921, wnpa-sec-2008-03.

Description of the vulnerability

The Wireshark/Ethereal program captures packets, in order to help administrator solving network problems. Protocols are decoded by dissectors. They have several vulnerabilities.

An attacker can stop the GSM SMS dissector. [severity:1/4; CVE-2008-3137]

An attacker can stop the PANA or KISMET dissector. [severity:1/4; CVE-2008-3138]

An attacke can stop the RTMPT dissector. [severity:1/4; CVE-2008-3139]

An attacker can obtain memory fragments via the RMI dissector. [severity:2/4; CVE-2008-3141]

An attacke can stop the syslog dissector. [severity:1/4; CVE-2008-3140]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2004-0918

Squid: denial of service of SNMP agent

Synthesis of the vulnerability

By sending malicious data to the SNMP agent of Squid, a network attacker can stop it.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, RedHat Linux, Squid.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 12/10/2004.
Revisions dates: 14/10/2004, 21/10/2004, 22/10/2004, 25/10/2004, 29/10/2004, 30/06/2008.
Identifiers: BID-11385, CERTA-2004-AVI-348, CVE-2004-0918, DSA-576, DSA-576-1, FEDORA-2004-338, FEDORA-2008-6045, FLSA-2006:152809, MDKSA-2004:112, RHSA-2004:591, SQUID-2004:3, SQUID-2008:1, SUSE-SR:2008:014, V6-SQUIDSNMPASN1PARSEDOS, VIGILANCE-VUL-4436.

Description of the vulnerability

The Squid proxy has a SNMP agent which is used by the administrator to obtain information on the cache. This agent has to be compiled in Squid, then enabled in the configuration file.

The SNMP protocol uses ASN.1 to encode data. The asn_parse_header() function of snmplib/asn1.c file of Squid decodes data.

However, a special SNMP packet can create an error in asn_parse_header(), which forces a reload of Squid.

An attacker allowed to send SNMP packets to the UDP port of Squid can thus create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2008-0598

Linux kernel: memory reading via the emulation

Synthesis of the vulnerability

A local attacker can create a malicious program in order to read memory fragments.
Impacted products: Debian, Linux, NLD, OES, RHEL, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 26/06/2008.
Identifiers: 433938, BID-29942, CERTA-2002-AVI-206, CVE-2008-0598, DSA-1630-1, MDVSA-2008:220, MDVSA-2008:220-1, RHSA-2008:0508-01, RHSA-2008:0519-01, RHSA-2008:0973-03, RHSA-2009:0009-02, SUSE-SA:2008:047, SUSE-SA:2008:048, SUSE-SA:2008:049, SUSE-SA:2010:036, VIGILANCE-VUL-7914, VMSA-2009-0014, VMSA-2009-0014.1, VMSA-2009-0014.2.

Description of the vulnerability

The Linux kernel can emulate a 64 environment. In this case, the copy_user() comes from the arch/x86/lib/copy_user_64.S file.

However, this function does not correctly handle error cases, and returns to user uninitialized data.

A local attacker can therefore create a malicious program in order to read memory fragments.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-2729

Linux kernel: reading memory on x86_64

Synthesis of the vulnerability

A local attacker, on a x86_64 processor, can use the copy_user_generic() function in order to obtain kernel memory fragments.
Impacted products: Debian, Linux, RHEL.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 26/06/2008.
Identifiers: 451271, BID-29943, CERTA-2002-AVI-206, CVE-2008-2729, DSA-1630-1, MDVSA-2008:174, RHSA-2008:0508-01, RHSA-2008:0519-01, RHSA-2008:0585-01, RHSA-2008:0849-5, VIGILANCE-VUL-7911.

Description of the vulnerability

The copy_user_generic() function copies data with exception handling.

Its version for x86_64 processor, implemented in the arch/x86_64/lib/copy_user.S file, does not reset the memory when an exception occurs.

A local attacker can therefore throw an exception in order to receive a fragment of kernel memory.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2008-1891 CVE-2008-2662 CVE-2008-2663

Ruby: several vulnerabilities

Synthesis of the vulnerability

Several Ruby vulnerabilities lead to denials of service or to code executions.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Slackware, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 23/06/2008.
Revision date: 25/06/2008.
Identifiers: BID-29903, CERTA-2008-AVI-342, CVE-2008-1891, CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2727-REJECT, CVE-2008-2728-REJECT, DSA-1612-1, DSA-1618-1, FEDORA-2008-5649, FEDORA-2008-5664, MDVSA-2008:140, MDVSA-2008:141, MDVSA-2008:142, RHSA-2008:0561-01, RHSA-2008:0562-01, SSA:2008-179-01, SUSE-SR:2008:017, VIGILANCE-VUL-7905.

Description of the vulnerability

The Ruby language is used to create object oriented scripts. The Ruby environment contains a language interpreter and a web service. Six vulnerabilities impact this environment.

An attacker can generate a memory corruption in the rb_str_buf_append() function of string.c. [severity:3/4; CERTA-2008-AVI-342, CVE-2008-2662]

An attacker can generate several integer overflows in the rb_ary_store() function of array.c. [severity:3/4; CVE-2008-2663]

An attacker can generate an integer overflow in the rb_ary_splice() function via REALLOC_N. [severity:3/4; CVE-2008-2725, CVE-2008-2727-REJECT]

An attacker can generate an integer overflow in the rb_ary_splice() function via "beg + rlen". [severity:3/4; CVE-2008-2726, CVE-2008-2728-REJECT]

An attacker can generate a memory corruption in the rb_str_format() function of string.c. [severity:3/4; CVE-2008-2664]

On a NTFS or FAT filesystem, an attacker can read the content of CGI files. [severity:2/4; CVE-2008-1891]

These vulnerabilities lead to denials of service or to code executions.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2008-2713

ClamAV: memory corruption via Petite

Synthesis of the vulnerability

An attacker can create a malicious Petite file in order to create a denial of service or to execute code in ClamAV.
Impacted products: ClamAV, Debian, Fedora, Mandriva Linux, NLD, OES, openSUSE, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Creation date: 17/06/2008.
Identifiers: BID-29750, CERTA-2008-AVI-382, CVE-2008-2713, DSA-1616-1, DSA-1616-2, FEDORA-2008-5476, MDVSA-2008:122, MDVSA-2008:166, SUSE-SR:2008:014, SUSE-SR:2008:015, VIGILANCE-VUL-7898.

Description of the vulnerability

The Petite program compress Win32 executables.

The libclamav/petite.c function of ClamAV implements the Petite format. The petite_inflate2x_1to9() function does not correctly check sections addresses, which corrupts the memory.

An attacker can therefore create a malicious Petite file in order to create a denial of service or to execute code in ClamAV.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2008-3330

Horde: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate three Cross Site Scripting in Horde products.
Impacted products: Debian, Fedora, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 16/06/2008.
Identifiers: 492578, BID-29745, CVE-2008-3330, DSA-1765-1, FEDORA-2008-5683, FEDORA-2008-5691, VIGILANCE-VUL-7896.

Description of the vulnerability

The Horde, Turba, Horde Groupware and Horde Groupware Webmail Edition products share the same source code and thus the same Cross Site Scripting vulnerabilities.

Contact names are not escaped in the "contact" view, which impacts Turba, Horde Groupware 1.1.x and Horde Groupware Webmail Edition 1.1.x. [severity:2/4; 492578, BID-29745, CVE-2008-3330]

Item names are not escaped in the object browser, which impacts Horde, Horde Groupware and Horde Groupware Webmail Edition. [severity:2/4]

Parameters of the add event screen are not escaped, which impacts Horde Groupware 1.0.x and Horde Groupware Webmail Edition 1.0.x. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Wheezy: