The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Mandrake Linux

vulnerability bulletin CVE-2008-2109

libid3tag: denial of service via ID3 Unknown Encoding

Synthesis of the vulnerability

An attacker can generate a fatal error via ID3 Unknown Encoding of libid3tag, in order to trigger a denial of service.
Impacted products: Fedora, Mandriva Linux, openSUSE Leap.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/03/2018.
Identifiers: CVE-2008-2109, FEDORA-2008-3757, FEDORA-2008-3874, FEDORA-2008-3976, MDVSA-2008:103, openSUSE-SU-2018:0735-1, VIGILANCE-VUL-25593.

Description of the vulnerability

An attacker can generate a fatal error via ID3 Unknown Encoding of libid3tag, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-4599

ICU: buffer overflow of _canonicalize

Synthesis of the vulnerability

An attacker can generate a buffer overflow in _canonicalize of ICU, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, WebSphere MQ, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/03/2016.
Identifiers: 1975091, ADV-2019-002, CVE-2011-4599, DSA-2397-1, FEDORA-2011-17101, FEDORA-2011-17119, MDVSA-2011:194, openSUSE-SU-2012:0100-1, RHSA-2011:1815-01, SUSE-SU-2012:0457-1, SUSE-SU-2012:0481-1, VIGILANCE-VUL-19177.

Description of the vulnerability

An attacker can generate a buffer overflow in _canonicalize of ICU, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2010-3856

glibc: privilege elevation via LD_AUDIT and constructor

Synthesis of the vulnerability

A local attacker can use the LD_AUDIT variable and the constructor of a system library, in order to obtain privileges of suid/sgid programs.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Slackware, SLES, ESX.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 25/10/2010.
Revision date: 07/11/2014.
Identifiers: BID-44347, CERTA-2002-AVI-272, CVE-2010-3856, DSA-2122-1, DSA-2122-2, FEDORA-2010-16641, FEDORA-2010-16655, FEDORA-2010-16851, MDVSA-2010:212, openSUSE-SU-2010:0912-1, openSUSE-SU-2010:0913-1, openSUSE-SU-2010:0914-1, RHSA-2010:0793-01, RHSA-2010:0872-02, SSA:2010-301-01, SUSE-SA:2010:052, VIGILANCE-VUL-10068, VMSA-0001.3, VMSA-2011-0001, VMSA-2011-0001.1, VMSA-2011-0001.2, VMSA-2011-0001.3.

Description of the vulnerability

The glibc/ld.so program dynamically loads libraries.

The LD_AUDIT environment variable indicates an object list (Link-Auditing interface), that ld.so has to load.

When a program is suid or sgid, libraries indicated in LD_AUDIT are only loaded if they are located in a system library (such as /lib).

However, constructors of some libraries in /lib were not securely conceived. For example, the constructor of /lib/libpcprofile.so (installed with the glibc package) accepts to create a file with a name indicated in the PCPROFILE_OUTPUT variable.

A local attacker can therefore use the LD_AUDIT variable and the constructor of libpcprofile.so, in order to obtain privileges of suid/sgid programs.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-1635 CVE-2013-1643

PHP: file access via SOAP

Synthesis of the vulnerability

An attacker can use two vulnerabilities of the SOAP feature of PHP, in order to read or to write to a file.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, Solaris, PHP, RHEL, Slackware, SLES.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/02/2013.
Identifiers: BID-58224, BID-58766, CERTFR-2014-AVI-244, CVE-2013-1635, CVE-2013-1643, DSA-2639-1, FEDORA-2013-3891, FEDORA-2013-3927, MDVSA-2013:016, MDVSA-2013:114, openSUSE-SU-2013:1244-1, openSUSE-SU-2013:1249-1, RHSA-2013:1307-01, RHSA-2013:1615-02, RHSA-2013:1814-01, SSA:2013-081-01, SUSE-SU-2013:1285-1, SUSE-SU-2013:1285-2, SUSE-SU-2013:1317-1, SUSE-SU-2013:1351-1, VIGILANCE-VUL-12475.

Description of the vulnerability

The SOAP (Simple Object Access Protocol) feature is used to call methods on objects. The PHP interpreter implements SOAP, however this implementation is impacted by two vulnerabilities.

An attacker can use the soap.wsdl_cache_dir directive, in order to write a file outside the open_basedir directory. [severity:2/4; CVE-2013-1635]

An attacker can use an external entity, in order to read a server file. [severity:2/4; CVE-2013-1643]

An attacker can therefore use two vulnerabilities of the SOAP feature of PHP, in order to read or to write to a file.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2012-4558

Apache httpd: Cross Site Scripting of mod_proxy_balancer

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Impacted products: Apache httpd, Debian, Fedora, NSMXpress, Mandriva Linux, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/02/2013.
Identifiers: BID-58165, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CERTFR-2015-AVI-286, CVE-2012-4558, DSA-2637-1, FEDORA-2013-4541, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, VIGILANCE-VUL-12458.

Description of the vulnerability

The Apache httpd mod_proxy_balancer module is used to balance the load between several mod_proxy services.

However, the manager interface of this module does not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2012-3499

Apache httpd: Cross Site Scripting of modules

Synthesis of the vulnerability

An attacker can trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Impacted products: Apache httpd, Debian, Fedora, HP-UX, NSMXpress, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, JBoss EAP by Red Hat, Slackware.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/02/2013.
Identifiers: BID-58165, c03734195, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2012-3499, DSA-2637-1, FEDORA-2013-4541, HPSBUX02866, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, SSRT101139, VIGILANCE-VUL-12457.

Description of the vulnerability

The Apache httpd service can use several modules.

However, the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules do not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-0169 CVE-2013-1484 CVE-2013-1485

Oracle JRE, JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Oracle JRE and JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HP-UX, Domino, Notes, IRAD, Tivoli System Automation, WebSphere AS Traditional, WebSphere MQ, Mandriva Linux, ePO, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 20/02/2013.
Identifiers: BID-57778, BID-58027, BID-58028, BID-58029, BID-58031, c03714148, c03735640, CERTA-2013-AVI-142, CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, FEDORA-2013-2764, FEDORA-2013-2813, HPSBUX02857, HPSBUX02867, IC90659, javacpufeb2013update, KLYH95CMCJ, MDVSA-2013:014, MDVSA-2013:095, openSUSE-SU-2013:0375-1, openSUSE-SU-2013:0378-1, RHSA-2013:0273-01, RHSA-2013:0274-01, RHSA-2013:0275-01, RHSA-2013:0531-01, RHSA-2013:0532-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SB10041, SSRT101103, SUSE-SU-2013:0328-1, SUSE-SU-2013:0440-1, SUSE-SU-2013:0440-4, SUSE-SU-2013:0440-6, SUSE-SU-2013:0456-1, SUSE-SU-2013:0456-2, SUSE-SU-2013:0456-3, SUSE-SU-2013:0456-4, SUSE-SU-2013:0701-2, swg21627634, swg21633311, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12437, ZDI-13-040, ZDI-13-041, ZDI-13-042.

Description of the vulnerability

Several vulnerabilities were announced in Oracle JRE and JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-58031, CVE-2013-1487]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-58029, CVE-2013-1486]

An attacker can use a vulnerability of Proxy.newProxyInstance and setUncaughtExceptionHandler, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-58027, CVE-2013-1484, ZDI-13-040, ZDI-13-042]

An attacker can use a vulnerability of doPrivilegedWithCombiner, in order to alter information. [severity:2/4; BID-58028, CVE-2013-1485, ZDI-13-041]

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session (VIGILANCE-VUL-12374). [severity:1/4; BID-57778, CVE-2013-0169]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-0255

PostgreSQL: denial of service via enum_recv

Synthesis of the vulnerability

An authenticated attacker can call enum_recv, in order to read the memory of PostgreSQL, or to stop it.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, Solaris, PostgreSQL, RHEL.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: user account.
Creation date: 07/02/2013.
Identifiers: 907892, BID-57844, CERTA-2013-AVI-103, CVE-2013-0255, DSA-2630-1, FEDORA-2013-2123, FEDORA-2013-2152, MDVSA-2013:012, MDVSA-2013:142, openSUSE-SU-2013:0318-1, openSUSE-SU-2013:0319-1, RHSA-2013:1475-01, VIGILANCE-VUL-12390.

Description of the vulnerability

PostgreSQL supports enumerated types. For example:
  CREATE TYPE color AS ENUM ('red', 'green', 'blue');

The enum_recv function reads an enumerated type. However, it is not correctly declared, and it can read outside an array.

An authenticated attacker can therefore call enum_recv, in order to read the memory of PostgreSQL, or to stop it.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-0169 CVE-2013-1619 CVE-2013-1620

TLS, DTLS: information disclosure in CBC mode, Lucky 13

Synthesis of the vulnerability

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Impacted products: Bouncy Castle JCE, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, DB2 UDB, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, Juniper SBR, Mandriva Linux, McAfee Email and Web Security, ePO, MySQL Enterprise, NetScreen Firewall, ScreenOS, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Opera, Java Oracle, Solaris, pfSense, SSL protocol, RHEL, JBoss EAP by Red Hat, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Consequences: data reading.
Provenance: LAN.
Number of vulnerabilities in this bulletin: 7.
Creation date: 05/02/2013.
Identifiers: 1639354, 1643316, 1672363, BID-57736, BID-57774, BID-57776, BID-57777, BID-57778, BID-57780, BID-57781, c03710522, c03883001, CERTA-2013-AVI-099, CERTA-2013-AVI-109, CERTA-2013-AVI-339, CERTA-2013-AVI-454, CERTA-2013-AVI-543, CERTA-2013-AVI-657, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2014-AVI-286, CERTFR-2019-AVI-311, CERTFR-2019-AVI-325, CVE-2013-0169, CVE-2013-1619, CVE-2013-1620, CVE-2013-1621, CVE-2013-1622-REJECT, CVE-2013-1623, CVE-2013-1624, DLA-1518-1, DSA-2621-1, DSA-2622-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESX410-201312001, ESX410-201312401-SG, ESX410-201312403-SG, ESXi410-201307001, ESXi410-201307401-SG, ESXi510-201401101-SG, FEDORA-2013-2110, FEDORA-2013-2128, FEDORA-2013-2764, FEDORA-2013-2793, FEDORA-2013-2813, FEDORA-2013-2834, FEDORA-2013-2892, FEDORA-2013-2929, FEDORA-2013-2984, FEDORA-2013-3079, FEDORA-2013-4403, FreeBSD-SA-13:03.openssl, GNUTLS-SA-2013-1, HPSBUX02856, HPSBUX02909, IC90385, IC90395, IC90396, IC90397, IC90660, IC93077, JSA10575, JSA10580, JSA10759, JSA10939, Lucky 13, MDVSA-2013:014, MDVSA-2013:018, MDVSA-2013:019, MDVSA-2013:040, MDVSA-2013:050, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2013:0807-1, openSUSE-SU-2016:0640-1, RHSA-2013:0273-01, RHSA-2013:0274-01, RHSA-2013:0275-01, RHSA-2013:0531-01, RHSA-2013:0532-01, RHSA-2013:0587-01, RHSA-2013:0588-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, RHSA-2013:1135-01, RHSA-2013:1144-01, RHSA-2013:1181-01, RHSA-2013:1455-01, RHSA-2013:1456-01, RHSA-2014:0371-01, RHSA-2014:0372-01, RHSA-2014:0896-01, RHSA-2015:1009, SOL14190, SOL15630, SSA:2013-040-01, SSA:2013-042-01, SSA:2013-242-01, SSA:2013-242-03, SSA:2013-287-03, SSA-556833, SSRT101104, SSRT101289, SUSE-SU-2013:0328-1, SUSE-SU-2014:0320-1, SUSE-SU-2014:0322-1, swg21633669, swg21638270, swg21639354, swg21640169, VIGILANCE-VUL-12374, VMSA-2013-0006.1, VMSA-2013-0007.1, VMSA-2013-0009, VMSA-2013-0009.1, VMSA-2013-0009.2, VMSA-2013-0009.3, VMSA-2013-0015.

Description of the vulnerability

The TLS protocol uses a block encryption algorithm. In CBC (Cipher Block Chaining) mode, the encryption depends on the previous block.

When an incorrect encrypted message is received, a fatal error message is sent to the sender. However, the duration of the generation of this error message depends on the number of valid bytes, used by a MAC hash.

An attacker can therefore inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.

In order to guess a clear block, 2^23 TLS sessions are required. So, to exploit this vulnerability, the TLS client has to permanently open a new session, as soon as the previous one ended with a fatal error.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-0418

FreeBSD, NetBSD, pure-ftpd: denial of service via glob

Synthesis of the vulnerability

An attacker can use a special file path, in order to force the system to consume a lot of memory resources.
Impacted products: Fedora, FreeBSD, Mandriva Linux, NetBSD.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 02/05/2011.
Revision date: 04/02/2013.
Identifiers: BID-47671, CVE-2011-0418, FEDORA-2011-7374, FEDORA-2011-7434, MDVSA-2011:094, VIGILANCE-VUL-10611.

Description of the vulnerability

The glob() function of the libc/glibc searches file paths matching a pattern. The GLOB_BRACE extension allows the usage of braces to search "ab" and "ac":
  glob ("a{b,c}", GLOB_BRACE|GLOB_LIMIT, NULL, &result)

The GLOB_LIMIT macro limits the number of results, in order to protect an application against denials of service. It is for example used in FTP servers.

However, if the query uses GLOB_BRACE and is complex, the GLOB_LIMIT macro is inefficient.

An attacker can therefore use a special file path, in order to force the system to consume a lot of memory resources. As an attack method, he can for example connect to a FTP server installed on the computer.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.