The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun Trusted Solaris

computer vulnerability CVE-2003-1067 CVE-2013-2924 CVE-2013-5821

Solaris: several vulnerabilities of January 2014

Synthesis of the vulnerability

Several vulnerabilities of Solaris were announced in January 2014.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 15/01/2014.
Identifiers: BID-64840, BID-64843, BID-64850, BID-64853, BID-64856, BID-64859, BID-64862, BID-64866, BID-64871, BID-64876, CERTA-2014-AVI-031, cpujan2014, CVE-2003-1067, CVE-2013-2924, CVE-2013-5821, CVE-2013-5833, CVE-2013-5834, CVE-2013-5872, CVE-2013-5875, CVE-2013-5876, CVE-2013-5883, CVE-2013-5885, CVE-2014-0390, VIGILANCE-VUL-14091.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Solaris.

An attacker can use a vulnerability of Localization (L10N), in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64840, CVE-2003-1067]

An attacker can use a vulnerability of "ps", in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64843, CVE-2013-5834]

An attacker can use a vulnerability of Filesystem, in order to trigger a denial of service. [severity:2/4; BID-64850, CVE-2013-5833]

An attacker can use a vulnerability of Kernel, in order to trigger a denial of service. [severity:2/4; BID-64853, CVE-2013-5876]

An attacker can use a vulnerability of Remote Procedure Call (RPC), in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64856, CVE-2013-5821]

An attacker can use a vulnerability of Java Web Console, in order to alter information. [severity:2/4; BID-64859, CVE-2014-0390]

An attacker can use a vulnerability of Kernel, in order to alter information, or to trigger a denial of service. [severity:2/4; BID-64862, CVE-2013-5883]

An attacker can use a vulnerability of Role Based Access Control (RBAC), in order to alter information, or to trigger a denial of service. [severity:1/4; BID-64866, CVE-2013-5875]

An attacker can use a vulnerability of Name Service Cache Daemon (NSCD), in order to trigger a denial of service. [severity:1/4; BID-64871, CVE-2013-5872]

An attacker can use a vulnerability of Localization (L10N), in order to trigger a denial of service. [severity:1/4; CVE-2013-2924]

An attacker can use a vulnerability of Audit, in order to alter information. [severity:1/4; BID-64876, CVE-2013-5885]
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2013-5211

ntp.org: distributed denial of service via monlist

Synthesis of the vulnerability

An attacker can use monlist of ntp.org, in order to trigger a distributed denial of service.
Severity: 2/4.
Creation date: 31/12/2013.
Identifiers: 1532, BID-64692, c04084148, CERTA-2014-AVI-034, CERTFR-2014-AVI-069, CERTFR-2014-AVI-112, CERTFR-2014-AVI-117, CERTFR-2014-AVI-244, CERTFR-2014-AVI-526, CSCtd75033, CSCum44673, CSCum52148, CSCum76937, CSCun84909, CSCur38341, CVE-2013-5211, ESX400-201404001, ESX400-201404402-SG, ESX410-201404001, ESX410-201404402-SG, ESXi400-201404001, ESXi400-201404401-SG, ESXi410-201404001, ESXi410-201404401-SG, ESXi510-201404001, ESXi510-201404101-SG, ESXi510-201404102-SG, ESXi550-201403101-SG, FreeBSD-SA-14:02.ntpd, HPSBUX02960, JSA10613, MBGSA-1401, NetBSD-SA2014-002, openSUSE-SU-2014:0949-1, openSUSE-SU-2014:1149-1, sk98758, SSA:2014-044-02, SSRT101419, VIGILANCE-VUL-14004, VMSA-2014-0002, VMSA-2014-0002.1, VMSA-2014-0002.2, VMSA-2014-0002.4, VMSA-2015-0001.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ntp.org service implements the "monlist" command, which returns the list of the 600 last clients which connected to the server.

However, the size of the reply is larger than the size of the query. Moreover, public NTP servers request no authentication, and UDP packets can be spoofed.

An attacker can therefore use monlist of ntp.org, in order to trigger a distributed denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2013-0398 CVE-2013-3745 CVE-2013-3746

Solaris: several vulnerabilities of July 2013

Synthesis of the vulnerability

Several vulnerabilities of Solaris are fixed by the CPU of July 2013.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 17/07/2013.
Identifiers: BID-61230, BID-61239, BID-61245, BID-61247, BID-61248, BID-61250, BID-61254, BID-61258, BID-61259, BID-61261, BID-61263, BID-61266, BID-61267, BID-61271, BID-61273, BID-61275, CERTA-2013-AVI-416, CERTA-2013-AVI-427, cpujuly2013, CVE-2013-0398, CVE-2013-3745, CVE-2013-3746, CVE-2013-3748, CVE-2013-3750, CVE-2013-3752, CVE-2013-3753, CVE-2013-3754, CVE-2013-3757, CVE-2013-3765, CVE-2013-3773, CVE-2013-3786, CVE-2013-3787, CVE-2013-3797, CVE-2013-3799, CVE-2013-3813, VIGILANCE-VUL-13131.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A Critical Patch Update fixes several vulnerabilities of Solaris.

An attacker can use a vulnerability of Kernel/STREAMS framework, in order to trigger a denial of service. [severity:3/4; BID-61267, CVE-2013-3753]

An attacker can use a vulnerability of Driver/IDM (iSCSI Data Mover), in order to trigger a denial of service. [severity:3/4; BID-61271, CVE-2013-3748]

An attacker can use a vulnerability of Kernel/VM, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-61258, CVE-2013-3750]

An attacker can use a vulnerability of HA for TimesTen, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-61259, CVE-2013-3754]

An attacker can use a vulnerability of Zone Cluster Infrastructure, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-61254, CVE-2013-3746]

An attacker can use a vulnerability of SMF/File Locking Services, in order to alter information, or to trigger a denial of service. [severity:3/4; BID-61263, CVE-2013-3757]

An attacker can use a vulnerability of Kernel, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-61266, CVE-2013-3786]

An attacker can use a vulnerability of Libraries/PAM-Unix, in order to obtain or alter information. [severity:2/4; BID-61230, CVE-2013-3813]

An attacker can use a vulnerability of XSCF Control Package (XCP), in order to trigger a denial of service. [severity:2/4; BID-61247, CVE-2013-3773]

An attacker can use a vulnerability of Utility/Remote Execution Server(in.rexecd), in order to obtain information. [severity:2/4; BID-61250, CVE-2013-0398]

An attacker can use a vulnerability of Kernel, in order to trigger a denial of service. [severity:2/4; BID-61273, CVE-2013-3799]

An attacker can use a vulnerability of Kernel/VM, in order to trigger a denial of service. [severity:2/4; BID-61275, CVE-2013-3765]

An attacker can use a vulnerability of Filesystem/DevFS, in order to trigger a denial of service. [severity:2/4; BID-61239, CVE-2013-3797]

An attacker can use a vulnerability of Service Management Facility (SMF), in order to alter information. [severity:2/4; BID-61245, CVE-2013-3752]

An attacker can use a vulnerability of Kernel, in order to trigger a denial of service. [severity:2/4; BID-61248, CVE-2013-3787]

An attacker can use a vulnerability of Libraries/Libc, in order to trigger a denial of service. [severity:1/4; BID-61261, CVE-2013-3745]
Full Vigil@nce bulletin... (Free trial)

weakness note 13077

Solaris: privilege escalation via 144751-01 postinstall

Synthesis of the vulnerability

A local attacker can use the 144751-01 postinstall script, in order to escalate his privileges on Solaris x86.
Severity: 2/4.
Creation date: 09/07/2013.
Identifiers: BID-61025, VIGILANCE-VUL-13077.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The 144751-01/SUNWos86r/install/postinstall script is executed after the installation of 144751-01 on a x86 platform.

This script runs the following command:
  /sbin/sh /tmp/disketterc.d/rcs9.sh "post"

However, if an attacker previously created the /tmp/disketterc.d/rcs9.sh file, it is executed with root privileges.

A local attacker can therefore use the 144751-01 postinstall script, in order to escalate his privileges on Solaris x86.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2012-0568 CVE-2012-0570 CVE-2013-0403

Solaris: several vulnerabilities of April 2013

Synthesis of the vulnerability

Several vulnerabilities of Solaris are fixed by the CPU of April 2013.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 17/04/2013.
Identifiers: BID-59157, BID-59174, BID-59186, BID-59193, BID-59197, BID-59199, BID-59204, BID-59214, BID-59221, BID-59230, BID-59233, BID-59235, BID-59236, BID-59238, BID-59241, BID-59245, CERTA-2013-AVI-252, cpuapr2013, CVE-2012-0568, CVE-2012-0570, CVE-2013-0403, CVE-2013-0404, CVE-2013-0405, CVE-2013-0406, CVE-2013-0408, CVE-2013-0411, CVE-2013-0412, CVE-2013-0413, CVE-2013-1494, CVE-2013-1496, CVE-2013-1498, CVE-2013-1499, CVE-2013-1507, CVE-2013-1530, VIGILANCE-VUL-12682.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A Critical Patch Update fixes several vulnerabilities of Solaris.

An attacker can use a vulnerability of Filesystem/NFS, in order to obtain or alter information. [severity:2/4; BID-59157, CVE-2013-0405]

An attacker can use a vulnerability of RBAC Configuration, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-59174, CVE-2013-0411]

An attacker can use a vulnerability of Filesystem, in order to create a denial of service. [severity:2/4; BID-59186, CVE-2013-1507]

An attacker can use a vulnerability of Kernel/IO, in order to create a denial of service. [severity:2/4; BID-59199, CVE-2013-1498]

An attacker can use a vulnerability of Kernel/IO, in order to create a denial of service. [severity:2/4; BID-59197, CVE-2013-1496]

An attacker can use a vulnerability of Kernel, in order to create a denial of service. [severity:2/4; BID-59193, CVE-2013-1494]

An attacker can use a vulnerability of CPU performance counters drivers, in order to create a denial of service. [severity:2/4; BID-59204, CVE-2013-0408]

An attacker can use a vulnerability of Remote Execution Service, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-59214, CVE-2013-0413]

An attacker can use a vulnerability of Kernel/IPsec, in order to alter information. [severity:2/4; BID-59245, CVE-2013-0406]

An attacker can use a vulnerability of Kernel, in order to create a denial of service. [severity:2/4; BID-59221, CVE-2013-1530]

An attacker can use a vulnerability of Kernel/Boot, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-59230, CVE-2013-0404]

An attacker can use a vulnerability of pax, in order to alter information, or to create a denial of service. [severity:2/4; BID-59236, CVE-2013-0412]

An attacker can use a vulnerability of Libraries/Libc, in order to create a denial of service. [severity:2/4; BID-59241, CVE-2012-0570]

An attacker can use a vulnerability of Utility/fdformat, in order to obtain information. [severity:2/4; BID-59233, CVE-2012-0568]

An attacker can use a vulnerability of Utility, in order to create a denial of service. [severity:1/4; BID-59235, CVE-2013-0403]

An attacker can use a vulnerability of Network Configuration, in order to create a denial of service. [severity:1/4; BID-59238, CVE-2013-1499]
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2012-3499

Apache httpd: Cross Site Scripting of modules

Synthesis of the vulnerability

An attacker can trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: BID-58165, c03734195, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2012-3499, DSA-2637-1, FEDORA-2013-4541, HPSBUX02866, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, SSRT101139, VIGILANCE-VUL-12457.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache httpd service can use several modules.

However, the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules do not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2012-0569 CVE-2012-3178 CVE-2013-0399

Solaris: several vulnerabilities of January 2013

Synthesis of the vulnerability

Several vulnerabilities of Solaris are fixed by the CPU of January 2013.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 16/01/2013.
Identifiers: BID-57393, BID-57395, BID-57398, BID-57399, BID-57402, BID-57403, BID-57406, BID-57407, CERTA-2013-AVI-031, cpujan2013, CVE-2012-0569, CVE-2012-3178, CVE-2013-0399, CVE-2013-0400, CVE-2013-0407, CVE-2013-0414, CVE-2013-0415, CVE-2013-0417, VIGILANCE-VUL-12334.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A Critical Patch Update fixes several vulnerabilities of Solaris.

An attacker can use a vulnerability of Filesystem/cachefs, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-57398, CVE-2013-0400]

An attacker can use a vulnerability of Utility/Umount, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-57399, CVE-2013-0399]

An attacker can use a vulnerability of Bind, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-57403, CVE-2013-0415]

An attacker can use a vulnerability of Fault Management System (FMS), in order to obtain information. [severity:2/4; BID-57407, CVE-2013-0417]

An attacker can use a vulnerability of Kernel/DTrace, in order to create a denial of service. [severity:1/4; BID-57393, CVE-2013-0407]

An attacker can use a vulnerability of Install/smpatch, in order to obtain or alter information. [severity:2/4; BID-57395, CVE-2012-0569]

An attacker can use a vulnerability of Utility/ksh93, in order to alter information, or to create a denial of service. [severity:1/4; BID-57402, CVE-2013-0414]

An attacker can use a vulnerability of Kernel, in order to create a denial of service. [severity:1/4; BID-57406, CVE-2012-3178]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-0217 CVE-2012-3165 CVE-2012-3187

Solaris: several vulnerabilities of October 2012

Synthesis of the vulnerability

Several vulnerabilities of Solaris are corrected by the CPU of October 2012.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 17/10/2012.
Identifiers: BID-56012, BID-56016, BID-56023, BID-56029, BID-56034, BID-56038, BID-56048, BID-56049, BID-56052, BID-56053, BID-56060, BID-56062, BID-56064, BID-56069, BID-56074, BID-56077, CERTA-2012-AVI-586, cpuoct2012, CVE-2012-0217, CVE-2012-3165, CVE-2012-3187, CVE-2012-3189, CVE-2012-3199, CVE-2012-3203, CVE-2012-3204, CVE-2012-3205, CVE-2012-3206, CVE-2012-3207, CVE-2012-3208, CVE-2012-3209, CVE-2012-3210, CVE-2012-3211, CVE-2012-3212, CVE-2012-3215, CVE-2012-5095, VIGILANCE-VUL-12078, VU#649219.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Solaris.

A remote attacker can use a vulnerability of Kernel, in order to create a denial of service. [severity:3/4; BID-56077, CVE-2012-3210]

An attacker can use a vulnerability of iSCSI COMSTAR, in order to create a denial of service. [severity:3/4; BID-56064, CVE-2012-3189]

An attacker can use a vulnerability of Gnome Trusted Extension, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-56052, CVE-2012-3199]

An administrator in a guest ParaVirtualized 64 bit system can use the SYSRET instruction with an invalid RIP, in order to execute code on the host system with a 64 bit Intel processor (VIGILANCE-VUL-11693). [severity:2/4; CVE-2012-0217, VU#649219]

An attacker can use a vulnerability of Gnome Trusted Extension, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-56048, CVE-2012-3204]

An attacker can use a vulnerability of Kernel, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-56060, CVE-2012-3187]

An attacker can use a vulnerability of Logical Domain(LDOM), in order to alter information, or to create a denial of service. [severity:2/4; BID-56074, CVE-2012-3209]

An attacker can use a vulnerability of Kernel, in order to create a denial of service. [severity:2/4; BID-56062, CVE-2012-3207]

An attacker can use a vulnerability of Kernel/RCTL, in order to create a denial of service. [severity:2/4; BID-56069, CVE-2012-3208]

An attacker can use a vulnerability of Kernel, in order to create a denial of service. [severity:3/4; BID-56038, CVE-2012-3212]

An attacker can use a vulnerability of Kernel/System Call, in order to create a denial of service. [severity:2/4; BID-56049, CVE-2012-3211]

An attacker can use a vulnerability of inetd, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-56029, CVE-2012-5095]

An attacker can use a vulnerability of mailx, in order to obtain or alter information. [severity:2/4; BID-56016, CVE-2012-3165]

An attacker can use a vulnerability of SPARC T3/T4, in order to obtain information. [severity:1/4; BID-56023, CVE-2012-3206]

An attacker can use a vulnerability of Gnome Display Manager (GDM), in order to create a denial of service. [severity:1/4; BID-56053, CVE-2012-3203]

An attacker can use a vulnerability of Vino server, in order to alter information. [severity:1/4; BID-56034, CVE-2012-3205]

An attacker can use a vulnerability of Kernel, in order to obtain information. [severity:1/4; BID-56012, CVE-2012-3215]
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2012-2687

Apache httpd: Cross Site Scripting of mod_negotiation

Synthesis of the vulnerability

When an attacker can upload a file in a directory with MultiViews enabled, he can generate a Cross Site Scripting via the module mod_negotiation of Apache httpd.
Severity: 2/4.
Creation date: 21/08/2012.
Identifiers: BID-55131, c03734195, c03820647, CERTA-2012-AVI-460, CERTFR-2015-AVI-286, CVE-2012-2687, FEDORA-2013-1661, HPSBUX02866, JSA10685, MDVSA-2012:154, MDVSA-2012:154-1, openSUSE-SU-2013:0243-1, openSUSE-SU-2013:0245-1, openSUSE-SU-2013:0248-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, openSUSE-SU-2014:1647-1, RHSA-2012:1591-01, RHSA-2012:1592-01, RHSA-2012:1594-01, RHSA-2013:0130-01, RHSA-2013:0512-02, SOL15901, SSRT101139, VIGILANCE-VUL-11877.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The mod_negotiation module chooses the best document to transmit to the client, based on his language and encoding. The MultiViews configuration directive enables the automatic choice of the document.

The make_variant_list() function of the modules/mappers/mod_negotiation.c file generates the list of available documents, which is included in HTTP 300 replies (Multiple Choices). However, filenames are not filtered before being included in the generated HTML code.

When an attacker can upload a file in a directory with MultiViews enabled, he can therefore generate a Cross Site Scripting via the module mod_negotiation of Apache httpd.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2012-3401

libtiff: memory corruption via tiff2pdf

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Severity: 2/4.
Creation date: 19/07/2012.
Identifiers: 837577, BID-54601, CERTA-2012-AVI-434, CVE-2012-3401, DSA-2552-1, FEDORA-2012-10978, FEDORA-2012-11000, MDVSA-2012:127, MDVSA-2013:046, openSUSE-SU-2012:0955-1, RHSA-2012:1590-01, SUSE-SU-2012:0919-1, VIGILANCE-VUL-11781.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The tiff2pdf tool of the libtiff suite is used to convert a TIFF image to a PDF document.

A TIFF image contains one or several IFD (Image File Directory) indicating specific parameters ("tags") for the image (BitsPerSample, ColorMap, etc.).

The t2p_read_tiff_init() function of the tools/tiff2pdf.c file reads TIFF data. It uses the TIFFSetDirectory() function to skip to the next IFD. If the IFD is malformed, the TIFFSetDirectory() function fails, but the t2p_read_tiff_init() function does not return an error. The tiff2pdf program thus continues to write in memory.

An attacker can therefore invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.