| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Debian Wheezy
e2fsprogs: several integer overflows
Synthesis of the vulnerability
An attacker can create a malicious ext2 image in order to execute code with rights of users handling it with e2fsprogs tools.
Impacted products: XenServer, Debian, Fedora, Mandriva Corporate, Mandriva Linux, Mandriva NF, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive, ESX.
Severity: 1/4.
Creation date: 07/12/2007.
Identifiers: BID-26772, CERTA-2008-AVI-116, CERTA-2008-AVI-563, CTX118766, CVE-2007-5497, DSA-1422, FEDORA-2007-4447, FEDORA-2007-4461, MDKSA-2007:242, RHSA-2008:0003-01, SUSE-SR:2007:025, VIGILANCE-VUL-7396, VMSA-2008-0004.1.
Description of the vulnerability
The e2fsprogs suite contains the libext2fs library and tools to handle partitions in ext2 format.
The ext2fs_get_mem() function allocates a memory area. This function is used 20 times in the libext2fs library to allocate a size resulting from a multiplication of numbers coming from the ext2 image. However, if the multiplication overflows, the allocated memory area is too short, which leads to a heap overflow when data are copied.
An attacker can therefore create a malicious ext2 image in order to execute code with rights of users handling it with e2fsprogs tools.
Complete Vigil@nce bulletin.... (Free trial) |
MySQL: table access via DATA or INDEX DIRECTORY
Synthesis of the vulnerability
An attacker can create a table using DATA or INDEX DIRECTORY option in order to access system tables.
Impacted products: Debian, Fedora, Mandriva Corporate, Mandriva Linux, MySQL Community, MySQL Enterprise, NLD, OES, Percona Server, XtraDB Cluster, RHEL, SLES.
Severity: 2/4.
Creation date: 07/12/2007.
Identifiers: BID-26765, CVE-2007-5969, DSA-1451-1, FEDORA-2007-4465, FEDORA-2007-4471, MDKSA-2007:243, RHSA-2007:1155-01, RHSA-2007:1157-01, VIGILANCE-VUL-7392.
Description of the vulnerability
The CREATE TABLE SQL command creates a table. For example:
CREATE TABLE mytable ...
The DATA DIRECTORY and INDEX DIRECTORY options indicates paths where data and index files are located. For example:
CREATE TABLE mytable ... DATA DIRECTORY='/data'
CREATE TABLE mytable ... INDEX DIRECTORY='/idx'
These options use Unix symbolic links.
However, a local attacker can point these links to other files. He can thus use RENAME TABLE to access to other tables, such as system tables.
This vulnerability therefore permits a local attacker to elevate his privileges.
Complete Vigil@nce bulletin.... (Free trial) |
ZABBIX: command execution with root group
Synthesis of the vulnerability
An attacker can use ZABBIX to execute commands with gid 0.
Impacted products: Debian, Fedora, Unix (platform) ~ not comprehensive, Zabbix.
Severity: 2/4.
Creation date: 06/12/2007.
Identifiers: 452682, BID-26680, CVE-2007-6210, DSA-1420-1, FEDORA-2007-4160, FEDORA-2007-4176, VIGILANCE-VUL-7390.
Description of the vulnerability
The ZABBIX program permits to monitor the network.
The "UserParameter" variable of /etc/zabbix/zabbix-agentd.conf indicates commands which can be executed. They are run with the uid and the gid of zabbix user. In order to do so, privileges are lost with (simplified code):
setgid(gid_of_zabbix);
setuid(uid_of_zabbix);
However, additional groups are not reset with initgroups(). The root (0) group thus persists.
A local attacker can therefore execute commands with privileges of root group.
Complete Vigil@nce bulletin.... (Free trial) |
OpenOffice, HSQLDB: Java code execution
Synthesis of the vulnerability
An attacker can create a malicious database in order to execute code with rights of victim.
Impacted products: OpenOffice, Debian, Fedora, Mandriva Linux, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 05/12/2007.
Identifiers: 103141, 6621547, CERTA-2007-AVI-519, CVE-2007-4575, CVE-2007-4576-ERROR, DSA-1419-1, FEDORA-2007-4119, FEDORA-2007-4120, FEDORA-2007-4171, FEDORA-2007-4172, FEDORA-2007-762, MDVSA-2008:095, RHSA-2007:1048-01, RHSA-2007:1090-01, RHSA-2008:0151-01, RHSA-2008:0158-01, RHSA-2008:0213-01, SUSE-SA:2007:067, VIGILANCE-VUL-7388.
Description of the vulnerability
The HSQLDB database is written in Java. This database is used by the BASE application of OpenOffice 2.
A HSQLDB database can access to all public methods of available Java classes. No restriction is imposed.
An attacker can therefore create a malicious BASE file in order to execute code on computer of victims opening it with OpenOffice.
Complete Vigil@nce bulletin.... (Free trial) |
Asterisk: SQL injections
Synthesis of the vulnerability
An attacker can inject SQL queries via two vulnerabilities of Asterisk.
Impacted products: Asterisk Open Source, Debian, openSUSE.
Severity: 2/4.
Creation date: 30/11/2007.
Identifiers: AST-2007-025, AST-2007-026, BID-26645, BID-26647, CVE-2007-6170, CVE-2007-6171, DSA-1417-1, SUSE-SR:2008:005, VIGILANCE-VUL-7381.
Description of the vulnerability
The Asterisk software phone is affected by two vulnerabilities related to PostgreSQL modules.
Data received by the res_config_pgsql module are not escaped, which permits to inject data in SQL queries for the PostgreSQL database. [severity:2/4; AST-2007-025, BID-26645, CVE-2007-6171]
ANI and DNIS data received by the cdr_pgsql module are not escaped, which permits to inject data in SQL queries for the PostgreSQL database. [severity:2/4; AST-2007-026, BID-26647, CVE-2007-6170]
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: buffer overflow of isdn_net_setcfg
Synthesis of the vulnerability
A local attacker can elevate his privileges via an overflow of the isdn_net_setcfg() function.
Impacted products: Debian, Linux, Mandriva Corporate, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity: 2/4.
Creation date: 30/11/2007.
Identifiers: BID-27497, CERTA-2002-AVI-197, CERTA-2009-AVI-451, CVE-2007-6063, CVE-2007-6151, DSA-1436-1, DSA-1479-1, DSA-1503-1, DSA-1504-1, MDVSA-2008:008, MDVSA-2008:086, MDVSA-2008:112, RHSA-2008:0055-01, RHSA-2008:0154-01, RHSA-2008:0211-01, RHSA-2008:0787-01, RHSA-2008:0973-03, RHSA-2009:0001-01, SUSE-SA:2007:064, SUSE-SA:2008:006, SUSE-SA:2008:007, SUSE-SA:2008:017, SUSE-SA:2008:032, SUSE-SU-2011:0928-1, VIGILANCE-VUL-7380, VMSA-2008-00011, VMSA-2008-00011.1, VMSA-2008-00011.2, VMSA-2009-0014, VMSA-2009-0014.1, VMSA-2009-0014.2.
Description of the vulnerability
The IIOCNETSCF ioctl permits to configure parameters of a network interface. For ISDN/RNIS, this ioctl can be used by unprivileged users.
This ioctl is associated to the isdn_net_setcfg() function of drivers/isdn/i41/isdn_net.c file. However this function does not check size of the field containing the phone number before copying it with strcpy().
A local attacker can therefore create a buffer overflow in order to execute privileged code on the system.
Complete Vigil@nce bulletin.... (Free trial) |
ht-Dig: Cross Site Scripting
Synthesis of the vulnerability
An attacker can use an Cross Site Scripting attack on ht://Dig.
Impacted products: Debian, Fedora, openSUSE, RHEL, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 29/11/2007.
Identifiers: BID-26610, CVE-2007-6110, DSA-1429-1, FEDORA-2007-3907, FEDORA-2007-3958, FEDORA-2007-757, RHSA-2007:1095-01, SUSE-SR:2007:025, VIGILANCE-VUL-7373.
Description of the vulnerability
The ht://Dig suite indexes a web site, then proposes a search interface. It contains several programs:
- htfuzzy : index creation
- htsearch : search for documents
- etc.
The htsearch program does not correctly filter its "sort" parameter, before displaying it back in the HTML page.
An attacker can therefore use ht://Dig to create a Cross Site Scripting attack.
Complete Vigil@nce bulletin.... (Free trial) |
cairo: integer overflow
Synthesis of the vulnerability
An attacker can create a malicious PNG image in order to create an overflow during its import in cairo.
Impacted products: Debian, Fedora, Mandriva Corporate, Mandriva Linux, openSUSE, RHEL, Slackware, SLES, Unix (platform) ~ not comprehensive, VMware ACE, VMware Player, VMware Server, VMware Workstation.
Severity: 2/4.
Creation date: 29/11/2007.
Identifiers: 387431, BID-26650, CERTA-2007-AVI-517, CVE-2007-5503, DSA-1542-1, FEDORA-2007-3818, MDVSA-2008:019, RHSA-2007:1078-02, SSA:2007-337-01, SUSE-SR:2008:003, VIGILANCE-VUL-7371, VMSA-2008-0014, VMSA-2008-0014.1, VMSA-2008-0014.2.
Description of the vulnerability
The cairo library is used to generate vector images.
In several places, it computes size of array by multiplying image width by its height, without checking if the obtained integer has overflowed. This integer is then used to allocate a memory area.
An attacker can therefore create a malicious PNG image and invite victim to import it in a software linked to cairo in order to execute code.
Complete Vigil@nce bulletin.... (Free trial) |
PCRE: integer overflows of regular expressions
Synthesis of the vulnerability
When attacker can change the regular expression used by a program, he can corrupt its memory in order for example to execute code.
Impacted products: Debian, Mandriva Corporate, Mandriva NF, NLD, OES, openSUSE, RHEL, Snort, SLES, Unix (platform) ~ not comprehensive, ESX.
Severity: 1/4.
Creation date: 12/11/2007.
Revision date: 29/11/2007.
Identifiers: BID-26462, BID-26725, BID-26727, CERTA-2007-AVI-513, CERTA-2008-AVI-103, CERTA-2008-AVI-207, CERTA-2008-AVI-239, CESA-2007-006, CVE-2005-4872, CVE-2006-7224-REJECT, CVE-2006-7225, CVE-2006-7226, CVE-2006-7227, CVE-2006-7228, DSA-1570-1, MDVSA-2008:012, RHSA-2007:1052-01, RHSA-2007:1052-02, RHSA-2007:1059-01, RHSA-2007:1063-01, RHSA-2007:1065-01, RHSA-2007:1068-01, RHSA-2007:1076-02, RHSA-2007:1077-01, RHSA-2008:0546-01, SUSE-SA:2007:062, SUSE-SA:2008:004, VIGILANCE-VUL-7332, VMSA-2008-0003, VMSA-2008-0003.1, VMSA-2008-0007, VMSA-2008-0007.1, VMSA-2008-0007.2.
Description of the vulnerability
The PCRE library implements Perl compatible regular expressions (different than POSIX). Several vulnerabilities affect this library.
An attacker can create an integer overflow in pcre_compile(), via "name_count" and "max_name_size". [severity:1/4; CERTA-2007-AVI-513, CVE-2006-7227]
A sequence like "(?P<0>)(?P<1>)" creates a denial of service. [severity:1/4; CVE-2005-4872]
An attacker can create several integer overflows in pcre_compile(), via "max", "min" and "duplength". [severity:1/4; CERTA-2008-AVI-103, CERTA-2008-AVI-207, CVE-2006-7228]
A special sequence such as "[[,abc,]]" creates a denial of service during its compilation. [severity:1/4; BID-26725, CVE-2006-7225]
A malicious sequence such as "(xxx(?P>B)){3}" can create a memory corruption. [severity:1/4; BID-26727, CVE-2006-7226]
When attacker can change the regular expression used by a program, he can thus corrupt its memory in order for example to execute code. In some cases, he can also read memory contents or create a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
Firefox, Seamonkey: several vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities were announced in Firefox and Seamonkey, the worst one leading to code execution.
Impacted products: Debian, Fedora, HP-UX, Mandriva Corporate, Mandriva Linux, Firefox, SeaMonkey, Netscape Navigator, openSUSE, RHEL, Slackware, TurboLinux.
Severity: 4/4.
Creation date: 27/11/2007.
Identifiers: 369814, 373911, 391028, 393326, 402649, 403331, BID-26385, BID-26589, BID-26593, c00771742, CERTA-2007-AVI-509, CVE-2007-5947, CVE-2007-5959, CVE-2007-5960, CVE-2007-6589, DSA-1424-1, DSA-1425-1, FEDORA-2007-3952, FEDORA-2007-3962, FEDORA-2007-4098, FEDORA-2007-4106, FEDORA-2007-756, HPSBUX02153, MDKSA-2007:246, MFSA2007-37, MFSA2007-38, MFSA2007-39, RHSA-2007:1082-01, RHSA-2007:1083-01, RHSA-2007:1084-01, SSA:2007-331-01, SSA:2007-333-01, SSRT061181, SUSE-SA:2007:066, TLSA-2007-54, VIGILANCE-VUL-7366, VU#715737.
Description of the vulnerability
Several vulnerabilities were announced in Firefox and Seamonkey.
An attacker can upload a jar archive on a public site in order to create a Cross Site Scripting on this site (VIGILANCE-VUL-7326). [severity:4/4; 369814, 403331, BID-26385, CERTA-2007-AVI-509, CVE-2007-5947, CVE-2007-6589, MFSA2007-37, VU#715737]
Three memory corruptions can be used to create a denial of service or to execute code. [severity:4/4; 373911, 391028, 393326, BID-26593, CVE-2007-5959, MFSA2007-38]
An attacker can alter the Referer HTTP header when the window.location variable is set. [severity:4/4; 402649, BID-26589, CVE-2007-5960, MFSA2007-39]
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Debian Wheezy:
|