The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Micro Focus Network Node Manager i

vulnerability announce CVE-2011-0786 CVE-2011-0788 CVE-2011-0802

Java JRE/JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Debian, Fedora, HPE NNMi, HP-UX, NSMXpress, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX, vCenter Server.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, client access/rights, data creation/edition, data deletion, data flow, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 08/06/2011.
Identifiers: BID-48133, BID-48134, BID-48135, BID-48136, BID-48137, BID-48138, BID-48139, BID-48140, BID-48141, BID-48142, BID-48143, BID-48144, BID-48145, BID-48146, BID-48147, BID-48148, BID-48149, c02945548, c03316985, c03358587, c03405642, CERTA-2003-AVI-005, CERTA-2011-AVI-336, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873, DSA-2311-1, DSA-2358-1, FEDORA-2011-8003, FEDORA-2011-8020, FEDORA-2011-8028, HPSBMU02797, HPSBMU02799, HPSBUX02697, HPSBUX02777, javacpujune2011, MDVSA-2011:126, openSUSE-SU-2011:0633-1, openSUSE-SU-2011:0706-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2011:0856-01, RHSA-2011:0857-01, RHSA-2011:0860-01, RHSA-2011:0938-01, RHSA-2011:1087-01, RHSA-2011:1159-01, RHSA-2011:1265-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100591, SSRT100854, SSRT100867, SUSE-SA:2011:030, SUSE-SA:2011:032, SUSE-SA:2011:036, SUSE-SU-2011:0632-1, SUSE-SU-2011:0807-1, SUSE-SU-2011:0863-1, SUSE-SU-2011:0863-2, SUSE-SU-2011:0966-1, SUSE-SU-2011:1082-1, TPTI-11-06, VIGILANCE-VUL-10722, VMSA-2011-0013.1, ZDI-11-182, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191, ZDI-11-192, ZDI-11-199.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D (ICC profile), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48137, CVE-2011-0862, TPTI-11-06, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48148, CVE-2011-0873]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48143, CVE-2011-0815]

An attacker can use a vulnerability of Deployment (IE Browser Plugin), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48134, CVE-2011-0817, ZDI-11-182]

An attacker can use a vulnerability of Deployment (Java Web Start), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48138, CVE-2011-0863, ZDI-11-192]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48139, CVE-2011-0864]

An attacker can use a vulnerability of Soundbank Decompression, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48149, CVE-2011-0802, ZDI-11-199]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48145, CVE-2011-0814]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-48142, CVE-2011-0871]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48133, CERTA-2011-AVI-336, CVE-2011-0786]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48135, CVE-2011-0788]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48136, CVE-2011-0866]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-48140, CVE-2011-0868]

An attacker can use a vulnerability of NIO, in order to create a denial of service. [severity:2/4; BID-48141, CVE-2011-0872]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-48144, CVE-2011-0867]

An attacker can use a vulnerability of SAAJ, in order to obtain information. [severity:2/4; BID-48146, CVE-2011-0869]

An attacker can use a vulnerability of Deserialization, in order to alter information. [severity:1/4; BID-48147, CVE-2011-0865]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2011-1855

HP NNMi: altering data

Synthesis of the vulnerability

A local attacker can use a vulnerability in HP Network Node Manager i, in order to obtain or alter information and log files.
Impacted products: HPE NNMi.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user shell.
Creation date: 13/05/2011.
Identifiers: c02821425, CERTA-2011-AVI-289, CVE-2011-1855, SSRT100485, VIGILANCE-VUL-10650.

Description of the vulnerability

A local attacker can use a vulnerability in HP Network Node Manager i, in order to obtain or alter information and log files.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-1534

HP NNMi: code execution

Synthesis of the vulnerability

A remote attacker can execute code in Network Node Manager i.
Impacted products: HPE NNMi.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 19/04/2011.
Identifiers: BID-47420, c02788734, CERTA-2011-AVI-237, CVE-2011-1534, HPSBMA02659, QCCR1B87364, SSRT100440, VIGILANCE-VUL-10575.

Description of the vulnerability

The HP NNMi (Network Node Manager i) product is used to manage networks.

A remote attacker can execute code in Network Node Manager i.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2011-0897 CVE-2011-0898

HP NNMi: two vulnerabilities

Synthesis of the vulnerability

An attacker can obtain information or create a Cross Site Scripting in HP Network Node Manager i.
Impacted products: HPE NNMi.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/04/2011.
Identifiers: BID-47341, c02729035, CVE-2011-0897, CVE-2011-0898, HPSBMA02643, SSRT100416, VIGILANCE-VUL-10563.

Description of the vulnerability

The HP NNMi (Network Node Manager i) product is used to manage networks. Two vulnerabilities were announced.

A local attacker can read some files. [severity:2/4; CVE-2011-0897]

A remote attacker can create a Cross Site Scripting. [severity:2/4; CVE-2011-0898]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-0895

HP NNMi: information disclosure

Synthesis of the vulnerability

A remote attacker can obtain information via HP Network Node Manager i.
Impacted products: HPE NNMi.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 05/04/2011.
Identifiers: BID-47162, c02776387, CERTA-2011-AVI-186, CVE-2011-0895, HPSBMA02652, SSRT100432, VIGILANCE-VUL-10519.

Description of the vulnerability

The HP NNMi (Network Node Manager i) product is used to manage networks.

A remote attacker can obtain information via HP Network Node Manager i.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2010-4422 CVE-2010-4447 CVE-2010-4448

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Debian, Fedora, HPE NNMi, HP-UX, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX, vCenter Server, VMware vSphere.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 16/02/2011.
Identifiers: BID-46091, BID-46386, BID-46387, BID-46388, BID-46391, BID-46393, BID-46394, BID-46395, BID-46397, BID-46398, BID-46399, BID-46400, BID-46401, BID-46402, BID-46403, BID-46404, BID-46405, BID-46406, BID-46407, BID-46409, BID-46410, BID-46411, c02775276, c03316985, c03358587, c03405642, CERTA-2003-AVI-001, CERTA-2011-AVI-079, CERTA-2011-AVI-093, CERTA-2011-AVI-118, CERTA-2011-AVI-196, CERTA-2011-AVI-197, CERTA-2011-AVI-219, CERTA-2011-AVI-474, CERTA-2011-AVI-483, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475, CVE-2010-4476, DSA-2224-1, FEDORA-2011-1631, FEDORA-2011-1645, HPSBMU02797, HPSBMU02799, HPSBUX02685, HPSBUX02777, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, openSUSE-SU-2011:0155-1, RHSA-2011:0281-01, RHSA-2011:0282-01, RHSA-2011:0335-01, RHSA-2011:0357-01, RHSA-2011:0364-01, RHSA-2011:0490-01, RHSA-2011:0870-01, RHSA-2011:0880-01, SSRT100505, SSRT100854, SSRT100867, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SA:2011:024, SUSE-SR:2011:008, SUSE-SU-2011:0490-1, SUSE-SU-2011:0823-1, VIGILANCE-VUL-10368, VMSA-2011-0004.2, VMSA-2011-0005.3, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2011-0013.1, VMSA-2012-0005, ZDI-11-082, ZDI-11-083, ZDI-11-084, ZDI-11-085, ZDI-11-086.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of Deployment Applet2ClassLoader, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46388, CVE-2010-4452, ZDI-11-084]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46391, CVE-2010-4454]

An attacker can use an overflow in Sound XGetSamplePtrFromSnd, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46394, CVE-2010-4462, ZDI-11-085]

An attacker can use a vulnerability of Deployment JNLP Extension, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46386, CVE-2010-4463, ZDI-11-086]

An attacker can use a vulnerability of Swing Clipboard, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46406, CVE-2010-4465, ZDI-11-083]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46395, CVE-2010-4467]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46400, CVE-2010-4469]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-46403, CVE-2010-4473]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-46402, CERTA-2011-AVI-093, CVE-2010-4422]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-46405, CVE-2010-4451]

An attacker can use a vulnerability of Deployment, in order to obtain information on the NTLM authentication. [severity:2/4; BID-46411, CVE-2010-4466, ZDI-11-082]

An attacker can use a vulnerability of JAXP, in order to create a denial of service. [severity:2/4; BID-46387, CVE-2010-4470]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; BID-46399, CVE-2010-4471]

An attacker can use a special double floating point number, in order to create an infinite loop in Java programs (VIGILANCE-VUL-10321). [severity:3/4; BID-46091, BID-46401, CERTA-2011-AVI-079, CERTA-2011-AVI-118, CERTA-2011-AVI-197, CERTA-2011-AVI-219, CERTA-2011-AVI-474, CERTA-2011-AVI-483, CVE-2010-4476]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-46409, CVE-2010-4447]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-46410, CVE-2010-4475]

An attacker can use a vulnerability of JDBC, in order to obtain or alter information. [severity:2/4; BID-46393, CVE-2010-4468]

An attacker can use a vulnerability of Launcher, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-46397, CVE-2010-4450]

An attacker can open numerous UDP ports, in order to facilitate a DNS cache poisoning attack (VIGILANCE-VUL-11087). [severity:2/4; BID-46398, CVE-2010-4448]

An attacker can use a vulnerability of XML Digital Signature, in order to create a denial of service. [severity:2/4; BID-46404, CVE-2010-4472]

An attacker can use a vulnerability of Security, in order to obtain information. [severity:2/4; BID-46407, CVE-2010-4474]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2010-4476

Java JRE: denial of service via a real

Synthesis of the vulnerability

An attacker can use a special double floating point number, in order to create an infinite loop in Java programs.
Impacted products: Debian, Fedora, HPE BAC, HPE NNMi, OpenView, OpenView NNM, Tru64 UNIX, HP-UX, AIX, DB2 UDB, Tivoli Directory Server, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, JBoss AS OpenSource, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Oracle iPlanet Web Server, Java Oracle, Oracle Web Tier, RHEL, JBoss EAP by Red Hat, SLES.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/02/2011.
Identifiers: 1468291, BID-46091, c02729756, c02738573, c02746026, c02752210, c02775276, c02826781, c02906075, c03090723, c03316985, CERTA-2002-AVI-271, CERTA-2012-AVI-286, cpuapr2011, CVE-2010-4476, DSA-2161-1, DSA-2161-2, FEDORA-2011-1231, FEDORA-2011-1263, HPSBMU02690, HPSBTU02684, HPSBUX02633, HPSBUX02641, HPSBUX02642, HPSBUX02645, HPSBUX02685, HPSBUX02725, HPSBUX02777, IZ94331, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, PM32175, PM32177, PM32184, PM32192, PM32194, RHSA-2011:0210-01, RHSA-2011:0211-01, RHSA-2011:0212-01, RHSA-2011:0213-01, RHSA-2011:0214-01, RHSA-2011:0282-01, RHSA-2011:0290-01, RHSA-2011:0291-01, RHSA-2011:0292-01, RHSA-2011:0299-01, RHSA-2011:0333-01, RHSA-2011:0334-01, RHSA-2011:0336-01, RHSA-2011:0348-01, RHSA-2011:0349-01, RHSA-2011:0880-01, SSRT100387, SSRT100390, SSRT100412, SSRT100415, SSRT100505, SSRT100569, SSRT100627, SSRT100854, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SR:2011:008, SUSE-SU-2011:0823-1, swg21469266, swg24030066, swg24030067, VIGILANCE-VUL-10321.

Description of the vulnerability

The number 2.2250738585072011e-308 if the "largest subnormal double number" (in base 2 : 0x0fffffffffffff x 2^-1022).

On a x86 processor, the Java JRE uses x87 FPU registers (80 bit), in order to find bit-after-bit the closest real value. This loop stops when the remainder is inferior to the precision. However, with the number 2.225..., this stop condition is never true (80 bit rounded to 64 bit), and an infinite loop occurs.

An attacker can therefore use a special double floating point number, in order to create an infinite loop in Java programs.

The origin of this vulnerability is the same as VIGILANCE-VUL-10257.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2010-4015

PostgreSQL: buffer overflow of intarray

Synthesis of the vulnerability

When the intarray module is installed on PostgreSQL, an authenticated attacker can create an overflow, in order to execute code.
Impacted products: Debian, Fedora, HPE NNMi, NSM Central Manager, NSMXpress, Mandriva Linux, openSUSE, Solaris, PostgreSQL, RHEL, SLES.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 01/02/2011.
Identifiers: BID-46084, c03333585, CERTA-2002-AVI-280, CVE-2010-4015, DSA-2157-1, FEDORA-2011-0963, FEDORA-2011-0990, HPSBMU02781, MDVSA-2011:021, openSUSE-SU-2011:0254-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, PSN-2012-11-767, RHSA-2011:0197-01, RHSA-2011:0198-01, SSRT100617, SUSE-SR:2011:005, VIGILANCE-VUL-10320.

Description of the vulnerability

The intarray optional module adds PostgreSQL features to process integer arrays.

The "@@" and "~~" operator detects if an array contains some values. The format of the clause is:
  array @@ query_int
For example, to detect if an integer array contain values 1, 2 or 3:
  myArray @@ 1&(2|3)

However, if the query_int field is too long, a buffer overflow occurs.

When the intarray module is installed on PostgreSQL, an authenticated attacker can therefore create an overflow, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2009-3555 CVE-2010-1321 CVE-2010-3541

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HPE NNMi, HP-UX, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX, ESXi, vCenter Server, VirtualCenter, VMware vSphere, VMware vSphere Hypervisor.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 29.
Creation date: 13/10/2010.
Identifiers: BID-43965, BID-43971, BID-43979, BID-43985, BID-43988, BID-43992, BID-43994, BID-43999, BID-44009, BID-44011, BID-44012, BID-44013, BID-44014, BID-44016, BID-44017, BID-44020, BID-44021, BID-44023, BID-44024, BID-44026, BID-44027, BID-44028, BID-44030, BID-44032, BID-44035, BID-44038, BID-44040, c02616748, c03405642, CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-196, CERTA-2010-AVI-219, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-365, CERTA-2010-AVI-500, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2011-AVI-400, CERTA-2012-AVI-241, CERTA-2012-AVI-395, CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, FEDORA-2010-16240, FEDORA-2010-16294, FEDORA-2010-16312, HPSBMU02799, HPSBUX02608, openSUSE-SU-2010:0754-1, openSUSE-SU-2010:0957-1, RHSA-2010:0768-01, RHSA-2010:0770-01, RHSA-2010:0786-01, RHSA-2010:0807-01, RHSA-2010:0865-02, RHSA-2010:0873-02, RHSA-2010:0935-01, RHSA-2010:0986-01, RHSA-2010:0987-01, RHSA-2011:0152-01, RHSA-2011:0169-01, RHSA-2011:0880-01, SSRT100333, SSRT100867, SUSE-SA:2010:061, SUSE-SA:2011:006, SUSE-SA:2011:014, SUSE-SR:2010:019, VIGILANCE-VUL-10040, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2, VMSA-2011-0004.2, VMSA-2011-0005.3, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2012-0005, ZDI-10-202, ZDI-10-203, ZDI-10-204, ZDI-10-205, ZDI-10-206, ZDI-10-207, ZDI-10-208.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43979, CVE-2010-3562]

An attacker can use a vulnerability of 2D (JPEGImageWriter.writeImage), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43985, CVE-2010-3565, ZDI-10-205]

An attacker can use a vulnerability of 2D (ICC Profile Device Information Tag), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43988, CVE-2010-3566, ZDI-10-204]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43992, CVE-2010-3567]

An attacker can use a vulnerability of 2D (ICC Profile Unicode Description), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43965, CVE-2010-3571, ZDI-10-203]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43994, CVE-2010-3554]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43999, CVE-2010-3563]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44012, CVE-2010-3568]

An attacker can use a vulnerability of Java Runtime Environment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44016, CVE-2010-3569]

An attacker can use a vulnerability of Java Web Start, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44021, CVE-2010-3558]

An attacker can use a vulnerability of New Java Plug-in docbase, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44023, CVE-2010-3552, ZDI-10-206]

An attacker can use a vulnerability of Sound (HeadspaceSoundbank.nGetName), in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44026, CVE-2010-3559, ZDI-10-208]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44030, CVE-2010-3572]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44035, CVE-2010-3553]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44038, CVE-2010-3555]

An attacker can use a vulnerability of Java Web Start, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44040, CVE-2010-3550]

An attacker can use a vulnerability of Deployment Toolkit, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-44020, CVE-2010-3570]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44013, CVE-2010-3561]

An attacker can use a vulnerability of JSSE, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-196, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-365, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2012-AVI-241, CVE-2009-3555]

An attacker can use a vulnerability of Kerberos, in order to create a denial of service. [severity:2/4; CERTA-2010-AVI-219, CERTA-2011-AVI-400, CVE-2010-1321]

An attacker can use a vulnerability of Networking, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44027, CVE-2010-3549]

An attacker can use a vulnerability of Swing, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44014, CVE-2010-3557]

An attacker can use a vulnerability of Networking, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44032, CVE-2010-3541]

An attacker can use a vulnerability of Networking, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44028, CVE-2010-3573]

An attacker can use a vulnerability of Networking, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-44011, CVE-2010-3574]

An attacker can use a vulnerability of JNDI, in order to obtain information. [severity:2/4; BID-44017, CVE-2010-3548]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-44009, CVE-2010-3551]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:1/4; BID-44024, CVE-2010-3560]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:4/4; BID-43971, CERTA-2010-AVI-500, CVE-2010-3556]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2010-3433

PostgreSQL: privilege elevation via PL

Synthesis of the vulnerability

A local attacker can redefine a function of a procedural language, and use a role changing mechanism, in order to elevate his privileges on PostgreSQL.
Impacted products: Debian, Fedora, HPE NNMi, NSMXpress, Mandriva Linux, openSUSE, PostgreSQL, RHEL, SLES.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 06/10/2010.
Identifiers: BID-43747, c03333585, CERTA-2002-AVI-272, CERTA-2010-AVI-471, CVE-2010-3433, DSA-2120-1, FEDORA-2010-15852, FEDORA-2010-15954, FEDORA-2010-15960, HPSBMU02781, MDVSA-2010:197, openSUSE-SU-2010:0903-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2010:0742-01, RHSA-2010:0908-01, SSRT100617, SUSE-SR:2010:019, SUSE-SR:2010:020, VIGILANCE-VUL-10005.

Description of the vulnerability

PostgreSQL supports several procedural languages: PL/perl, PL/tcl, PL/PHP, etc.

When a function is created, the "SECURITY" attribute can be used:
  SECURITY DEFINER : function is run with rights of the user who created the function
  SECURITY INVOKER : function is run with rights of the user who called the function

An attacker connected to the database can redefine a standard function in PL/perl, PL/tcl or PL/PHP. He can then call a SECURITY DEFINER function created by a privileged user, and calling the function he redefined. The attacker thus gains privileges of this user.

A similar attack can be created with the SET ROLE and SET SESSION AUTHORIZATION privilege changing features.

A local attacker can therefore redefine a function of a procedural language, and use a role changing mechanism, in order to elevate his privileges on PostgreSQL.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Micro Focus Network Node Manager i: