The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Micro Focus Network Node Manager i

computer threat bulletin CVE-2011-0786 CVE-2011-0788 CVE-2011-0802

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 08/06/2011.
Identifiers: BID-48133, BID-48134, BID-48135, BID-48136, BID-48137, BID-48138, BID-48139, BID-48140, BID-48141, BID-48142, BID-48143, BID-48144, BID-48145, BID-48146, BID-48147, BID-48148, BID-48149, c02945548, c03316985, c03358587, c03405642, CERTA-2003-AVI-005, CERTA-2011-AVI-336, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873, DSA-2311-1, DSA-2358-1, FEDORA-2011-8003, FEDORA-2011-8020, FEDORA-2011-8028, HPSBMU02797, HPSBMU02799, HPSBUX02697, HPSBUX02777, javacpujune2011, MDVSA-2011:126, openSUSE-SU-2011:0633-1, openSUSE-SU-2011:0706-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2011:0856-01, RHSA-2011:0857-01, RHSA-2011:0860-01, RHSA-2011:0938-01, RHSA-2011:1087-01, RHSA-2011:1159-01, RHSA-2011:1265-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100591, SSRT100854, SSRT100867, SUSE-SA:2011:030, SUSE-SA:2011:032, SUSE-SA:2011:036, SUSE-SU-2011:0632-1, SUSE-SU-2011:0807-1, SUSE-SU-2011:0863-1, SUSE-SU-2011:0863-2, SUSE-SU-2011:0966-1, SUSE-SU-2011:1082-1, TPTI-11-06, VIGILANCE-VUL-10722, VMSA-2011-0013.1, ZDI-11-182, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191, ZDI-11-192, ZDI-11-199.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D (ICC profile), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48137, CVE-2011-0862, TPTI-11-06, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48148, CVE-2011-0873]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48143, CVE-2011-0815]

An attacker can use a vulnerability of Deployment (IE Browser Plugin), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48134, CVE-2011-0817, ZDI-11-182]

An attacker can use a vulnerability of Deployment (Java Web Start), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48138, CVE-2011-0863, ZDI-11-192]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48139, CVE-2011-0864]

An attacker can use a vulnerability of Soundbank Decompression, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48149, CVE-2011-0802, ZDI-11-199]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48145, CVE-2011-0814]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48142, CVE-2011-0871]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48133, CERTA-2011-AVI-336, CVE-2011-0786]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48135, CVE-2011-0788]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48136, CVE-2011-0866]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-48140, CVE-2011-0868]

An attacker can use a vulnerability of NIO, in order to create a denial of service. [severity:2/4; BID-48141, CVE-2011-0872]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-48144, CVE-2011-0867]

An attacker can use a vulnerability of SAAJ, in order to obtain information. [severity:2/4; BID-48146, CVE-2011-0869]

An attacker can use a vulnerability of Deserialization, in order to alter information. [severity:1/4; BID-48147, CVE-2011-0865]
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2011-1855

HP NNMi: altering data

Synthesis of the vulnerability

A local attacker can use a vulnerability in HP Network Node Manager i, in order to obtain or alter information and log files.
Severity: 2/4.
Creation date: 13/05/2011.
Identifiers: c02821425, CERTA-2011-AVI-289, CVE-2011-1855, SSRT100485, VIGILANCE-VUL-10650.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can use a vulnerability in HP Network Node Manager i, in order to obtain or alter information and log files.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2011-1534

HP NNMi: code execution

Synthesis of the vulnerability

A remote attacker can execute code in Network Node Manager i.
Severity: 3/4.
Creation date: 19/04/2011.
Identifiers: BID-47420, c02788734, CERTA-2011-AVI-237, CVE-2011-1534, HPSBMA02659, QCCR1B87364, SSRT100440, VIGILANCE-VUL-10575.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP NNMi (Network Node Manager i) product is used to manage networks.

A remote attacker can execute code in Network Node Manager i.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-0897 CVE-2011-0898

HP NNMi: two vulnerabilities

Synthesis of the vulnerability

An attacker can obtain information or create a Cross Site Scripting in HP Network Node Manager i.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/04/2011.
Identifiers: BID-47341, c02729035, CVE-2011-0897, CVE-2011-0898, HPSBMA02643, SSRT100416, VIGILANCE-VUL-10563.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP NNMi (Network Node Manager i) product is used to manage networks. Two vulnerabilities were announced.

A local attacker can read some files. [severity:2/4; CVE-2011-0897]

A remote attacker can create a Cross Site Scripting. [severity:2/4; CVE-2011-0898]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-0895

HP NNMi: information disclosure

Synthesis of the vulnerability

A remote attacker can obtain information via HP Network Node Manager i.
Severity: 2/4.
Creation date: 05/04/2011.
Identifiers: BID-47162, c02776387, CERTA-2011-AVI-186, CVE-2011-0895, HPSBMA02652, SSRT100432, VIGILANCE-VUL-10519.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP NNMi (Network Node Manager i) product is used to manage networks.

A remote attacker can obtain information via HP Network Node Manager i.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2010-4422 CVE-2010-4447 CVE-2010-4448

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 21.
Creation date: 16/02/2011.
Identifiers: BID-46091, BID-46386, BID-46387, BID-46388, BID-46391, BID-46393, BID-46394, BID-46395, BID-46397, BID-46398, BID-46399, BID-46400, BID-46401, BID-46402, BID-46403, BID-46404, BID-46405, BID-46406, BID-46407, BID-46409, BID-46410, BID-46411, c02775276, c03316985, c03358587, c03405642, CERTA-2003-AVI-001, CERTA-2011-AVI-079, CERTA-2011-AVI-093, CERTA-2011-AVI-118, CERTA-2011-AVI-196, CERTA-2011-AVI-197, CERTA-2011-AVI-219, CERTA-2011-AVI-474, CERTA-2011-AVI-483, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475, CVE-2010-4476, DSA-2224-1, FEDORA-2011-1631, FEDORA-2011-1645, HPSBMU02797, HPSBMU02799, HPSBUX02685, HPSBUX02777, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, openSUSE-SU-2011:0155-1, RHSA-2011:0281-01, RHSA-2011:0282-01, RHSA-2011:0335-01, RHSA-2011:0357-01, RHSA-2011:0364-01, RHSA-2011:0490-01, RHSA-2011:0870-01, RHSA-2011:0880-01, SSRT100505, SSRT100854, SSRT100867, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SA:2011:024, SUSE-SR:2011:008, SUSE-SU-2011:0490-1, SUSE-SU-2011:0823-1, VIGILANCE-VUL-10368, VMSA-2011-0004.2, VMSA-2011-0005.3, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2011-0013.1, VMSA-2012-0005, ZDI-11-082, ZDI-11-083, ZDI-11-084, ZDI-11-085, ZDI-11-086.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of Deployment Applet2ClassLoader, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46388, CVE-2010-4452, ZDI-11-084]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46391, CVE-2010-4454]

An attacker can use an overflow in Sound XGetSamplePtrFromSnd, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46394, CVE-2010-4462, ZDI-11-085]

An attacker can use a vulnerability of Deployment JNLP Extension, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46386, CVE-2010-4463, ZDI-11-086]

An attacker can use a vulnerability of Swing Clipboard, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46406, CVE-2010-4465, ZDI-11-083]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46395, CVE-2010-4467]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46400, CVE-2010-4469]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46403, CVE-2010-4473]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-46402, CERTA-2011-AVI-093, CVE-2010-4422]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-46405, CVE-2010-4451]

An attacker can use a vulnerability of Deployment, in order to obtain information on the NTLM authentication. [severity:2/4; BID-46411, CVE-2010-4466, ZDI-11-082]

An attacker can use a vulnerability of JAXP, in order to create a denial of service. [severity:2/4; BID-46387, CVE-2010-4470]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-46399, CVE-2010-4471]

An attacker can use a special double floating point number, in order to create an infinite loop in Java programs (VIGILANCE-VUL-10321). [severity:3/4; BID-46091, BID-46401, CERTA-2011-AVI-079, CERTA-2011-AVI-118, CERTA-2011-AVI-197, CERTA-2011-AVI-219, CERTA-2011-AVI-474, CERTA-2011-AVI-483, CVE-2010-4476]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-46409, CVE-2010-4447]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-46410, CVE-2010-4475]

An attacker can use a vulnerability of JDBC, in order to obtain or alter information. [severity:2/4; BID-46393, CVE-2010-4468]

An attacker can use a vulnerability of Launcher, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-46397, CVE-2010-4450]

An attacker can open numerous UDP ports, in order to facilitate a DNS cache poisoning attack (VIGILANCE-VUL-11087). [severity:2/4; BID-46398, CVE-2010-4448]

An attacker can use a vulnerability of XML Digital Signature, in order to create a denial of service. [severity:2/4; BID-46404, CVE-2010-4472]

An attacker can use a vulnerability of Security, in order to obtain information. [severity:2/4; BID-46407, CVE-2010-4474]
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2010-4476

Java JRE: denial of service via a real

Synthesis of the vulnerability

An attacker can use a special double floating point number, in order to create an infinite loop in Java programs.
Severity: 3/4.
Creation date: 02/02/2011.
Identifiers: 1468291, BID-46091, c02729756, c02738573, c02746026, c02752210, c02775276, c02826781, c02906075, c03090723, c03316985, CERTA-2002-AVI-271, CERTA-2012-AVI-286, cpuapr2011, CVE-2010-4476, DSA-2161-1, DSA-2161-2, FEDORA-2011-1231, FEDORA-2011-1263, HPSBMU02690, HPSBTU02684, HPSBUX02633, HPSBUX02641, HPSBUX02642, HPSBUX02645, HPSBUX02685, HPSBUX02725, HPSBUX02777, IZ94331, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, PM32175, PM32177, PM32184, PM32192, PM32194, RHSA-2011:0210-01, RHSA-2011:0211-01, RHSA-2011:0212-01, RHSA-2011:0213-01, RHSA-2011:0214-01, RHSA-2011:0282-01, RHSA-2011:0290-01, RHSA-2011:0291-01, RHSA-2011:0292-01, RHSA-2011:0299-01, RHSA-2011:0333-01, RHSA-2011:0334-01, RHSA-2011:0336-01, RHSA-2011:0348-01, RHSA-2011:0349-01, RHSA-2011:0880-01, SSRT100387, SSRT100390, SSRT100412, SSRT100415, SSRT100505, SSRT100569, SSRT100627, SSRT100854, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SR:2011:008, SUSE-SU-2011:0823-1, swg21469266, swg24030066, swg24030067, VIGILANCE-VUL-10321.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The number 2.2250738585072011e-308 if the "largest subnormal double number" (in base 2 : 0x0fffffffffffff x 2^-1022).

On a x86 processor, the Java JRE uses x87 FPU registers (80 bit), in order to find bit-after-bit the closest real value. This loop stops when the remainder is inferior to the precision. However, with the number 2.225..., this stop condition is never true (80 bit rounded to 64 bit), and an infinite loop occurs.

An attacker can therefore use a special double floating point number, in order to create an infinite loop in Java programs.

The origin of this vulnerability is the same as VIGILANCE-VUL-10257.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2010-4015

PostgreSQL: buffer overflow of intarray

Synthesis of the vulnerability

When the intarray module is installed on PostgreSQL, an authenticated attacker can create an overflow, in order to execute code.
Severity: 2/4.
Creation date: 01/02/2011.
Identifiers: BID-46084, c03333585, CERTA-2002-AVI-280, CVE-2010-4015, DSA-2157-1, FEDORA-2011-0963, FEDORA-2011-0990, HPSBMU02781, MDVSA-2011:021, openSUSE-SU-2011:0254-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, PSN-2012-11-767, RHSA-2011:0197-01, RHSA-2011:0198-01, SSRT100617, SUSE-SR:2011:005, VIGILANCE-VUL-10320.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The intarray optional module adds PostgreSQL features to process integer arrays.

The "@@" and "~~" operator detects if an array contains some values. The format of the clause is:
  array @@ query_int
For example, to detect if an integer array contain values 1, 2 or 3:
  myArray @@ 1&(2|3)

However, if the query_int field is too long, a buffer overflow occurs.

When the intarray module is installed on PostgreSQL, an authenticated attacker can therefore create an overflow, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2009-3555 CVE-2010-1321 CVE-2010-3541

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 29.
Creation date: 13/10/2010.
Identifiers: BID-43965, BID-43971, BID-43979, BID-43985, BID-43988, BID-43992, BID-43994, BID-43999, BID-44009, BID-44011, BID-44012, BID-44013, BID-44014, BID-44016, BID-44017, BID-44020, BID-44021, BID-44023, BID-44024, BID-44026, BID-44027, BID-44028, BID-44030, BID-44032, BID-44035, BID-44038, BID-44040, c02616748, c03405642, CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-196, CERTA-2010-AVI-219, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-365, CERTA-2010-AVI-500, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2011-AVI-400, CERTA-2012-AVI-241, CERTA-2012-AVI-395, CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, FEDORA-2010-16240, FEDORA-2010-16294, FEDORA-2010-16312, HPSBMU02799, HPSBUX02608, openSUSE-SU-2010:0754-1, openSUSE-SU-2010:0957-1, RHSA-2010:0768-01, RHSA-2010:0770-01, RHSA-2010:0786-01, RHSA-2010:0807-01, RHSA-2010:0865-02, RHSA-2010:0873-02, RHSA-2010:0935-01, RHSA-2010:0986-01, RHSA-2010:0987-01, RHSA-2011:0152-01, RHSA-2011:0169-01, RHSA-2011:0880-01, SSRT100333, SSRT100867, SUSE-SA:2010:061, SUSE-SA:2011:006, SUSE-SA:2011:014, SUSE-SR:2010:019, VIGILANCE-VUL-10040, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2, VMSA-2011-0004.2, VMSA-2011-0005.3, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2012-0005, ZDI-10-202, ZDI-10-203, ZDI-10-204, ZDI-10-205, ZDI-10-206, ZDI-10-207, ZDI-10-208.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43979, CVE-2010-3562]

An attacker can use a vulnerability of 2D (JPEGImageWriter.writeImage), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43985, CVE-2010-3565, ZDI-10-205]

An attacker can use a vulnerability of 2D (ICC Profile Device Information Tag), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43988, CVE-2010-3566, ZDI-10-204]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43992, CVE-2010-3567]

An attacker can use a vulnerability of 2D (ICC Profile Unicode Description), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43965, CVE-2010-3571, ZDI-10-203]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43994, CVE-2010-3554]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43999, CVE-2010-3563]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44012, CVE-2010-3568]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44016, CVE-2010-3569]

An attacker can use a vulnerability of Java Web Start, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44021, CVE-2010-3558]

An attacker can use a vulnerability of New Java Plug-in docbase, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44023, CVE-2010-3552, ZDI-10-206]

An attacker can use a vulnerability of Sound (HeadspaceSoundbank.nGetName), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44026, CVE-2010-3559, ZDI-10-208]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44030, CVE-2010-3572]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44035, CVE-2010-3553]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44038, CVE-2010-3555]

An attacker can use a vulnerability of Java Web Start, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44040, CVE-2010-3550]

An attacker can use a vulnerability of Deployment Toolkit, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44020, CVE-2010-3570]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44013, CVE-2010-3561]

An attacker can use a vulnerability of JSSE, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-196, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-365, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2012-AVI-241, CVE-2009-3555]

An attacker can use a vulnerability of Kerberos, in order to create a denial of service. [severity:2/4; CERTA-2010-AVI-219, CERTA-2011-AVI-400, CVE-2010-1321]

An attacker can use a vulnerability of Networking, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44027, CVE-2010-3549]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44014, CVE-2010-3557]

An attacker can use a vulnerability of Networking, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44032, CVE-2010-3541]

An attacker can use a vulnerability of Networking, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44028, CVE-2010-3573]

An attacker can use a vulnerability of Networking, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44011, CVE-2010-3574]

An attacker can use a vulnerability of JNDI, in order to obtain information. [severity:2/4; BID-44017, CVE-2010-3548]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-44009, CVE-2010-3551]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:1/4; BID-44024, CVE-2010-3560]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43971, CERTA-2010-AVI-500, CVE-2010-3556]
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2010-3433

PostgreSQL: privilege elevation via PL

Synthesis of the vulnerability

A local attacker can redefine a function of a procedural language, and use a role changing mechanism, in order to elevate his privileges on PostgreSQL.
Severity: 2/4.
Creation date: 06/10/2010.
Identifiers: BID-43747, c03333585, CERTA-2002-AVI-272, CERTA-2010-AVI-471, CVE-2010-3433, DSA-2120-1, FEDORA-2010-15852, FEDORA-2010-15954, FEDORA-2010-15960, HPSBMU02781, MDVSA-2010:197, openSUSE-SU-2010:0903-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2010:0742-01, RHSA-2010:0908-01, SSRT100617, SUSE-SR:2010:019, SUSE-SR:2010:020, VIGILANCE-VUL-10005.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

PostgreSQL supports several procedural languages: PL/perl, PL/tcl, PL/PHP, etc.

When a function is created, the "SECURITY" attribute can be used:
  SECURITY DEFINER : function is run with rights of the user who created the function
  SECURITY INVOKER : function is run with rights of the user who called the function

An attacker connected to the database can redefine a standard function in PL/perl, PL/tcl or PL/PHP. He can then call a SECURITY DEFINER function created by a privileged user, and calling the function he redefined. The attacker thus gains privileges of this user.

A similar attack can be created with the SET ROLE and SET SESSION AUTHORIZATION privilege changing features.

A local attacker can therefore redefine a function of a procedural language, and use a role changing mechanism, in order to elevate his privileges on PostgreSQL.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Micro Focus Network Node Manager i: