The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TurboLinux

computer vulnerability CVE-2010-0001

gunzip: code execution via LZW

Synthesis of the vulnerability

An attacker can create a malicious compressed ".Z" archive, in order to execute code on computers of victims opening it with gunzip.
Impacted products: Debian, Fedora, Mandriva Linux, RHEL, Slackware, TurboLinux, Unix (platform) ~ not comprehensive, ESX, ESXi.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 20/01/2010.
Identifiers: BID-37886, CVE-2010-0001, DSA-1974-1, DSA-2074-1, FEDORA-2010-0884, FEDORA-2010-0964, MDVSA-2010:019, MDVSA-2010:020, MDVSA-2011:152, RHSA-2010:0061-02, SSA:2010-060-03, TLSA-2010-6, VIGILANCE-VUL-9365, VMSA-2010-0009, VMSA-2010-0009.1.

Description of the vulnerability

The gunzip program uncompresses LZW archives with the ".Z" extension (created with the "compress" program).

When the archive contains a short position offset, an integer overflow occurs in the unlzw() function of the unlzw.c file. This overflow then leads to a memory corruption.

An attacker can therefore create a malicious compressed archive, in order to execute code on computers of victims opening it with gunzip.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-2624

gunzip: code execution via Huffman

Synthesis of the vulnerability

An attacker can create a malicious compressed ".gz" archive, in order to execute code on computers of victims opening it with gunzip.
Impacted products: Fedora, Mandriva Linux, Solaris, TurboLinux, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 20/01/2010.
Identifiers: 507263, BID-37888, CERTA-2010-AVI-028, CVE-2009-2624, FEDORA-2010-0884, FEDORA-2010-0964, MDVSA-2010:020, TLSA-2010-6, VIGILANCE-VUL-9364.

Description of the vulnerability

The gunzip program uncompresses DEFLATE archives with the ".gz" extension. The DEFLATE format uses the LZ77 algorithm with a Huffman code.

The Huffman coding uses a tree to split data sequences. The huft_build() function of the inflate.c file gunzip does not allocate sufficient space to store branches of this tree. A buffer overflow thus occurs.

An attacker can therefore create a malicious compressed archive, in order to execute code on computers of victims opening it with gunzip.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2010-0097

BIND: cache poisoning with NXDOMAIN

Synthesis of the vulnerability

A remote attacker can send a malicious DNS NXDOMAIN reply, in order to poison the cache of a server with DNSSEC enabled.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Mandriva Linux, NetBSD, OpenSolaris, Solaris, RHEL, Slackware, TurboLinux, ESX, ESXi.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 20/01/2010.
Identifiers: 275890, 6916058, BID-37865, c02097674, CERTA-2010-AVI-020, CVE-2010-0097, DSA-2054-1, DSA-2054-2, FEDORA-2010-0861, FEDORA-2010-0868, HPSBUX02519, IV09491, IV09978, IV10049, IV11742, IV11743, IV11744, MDVSA-2010:021, RHSA-2010:0062-02, SOL17025, SSA:2010-176-01, SSRT100004, TLSA-2010-5, VIGILANCE-VUL-9362, VMSA-2010-0009, VMSA-2010-0009.1, VU#360341.

Description of the vulnerability

The DNSSEC protocol is used to authenticate data of DNS zones.

The NSEC and NSEC3 records are used to indicate that a name does not exist (NXDOMAIN, Non-Existent Domain).

However, BIND keeps these records in its cache, as if they were validated. Next queries will then return these records with the AD (Authenticated Data) bit set.

A remote attacker can therefore send a malicious DNS NXDOMAIN reply, in order to poison the cache of a server with DNSSEC enabled.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2010-0290 CVE-2010-0382

BIND: cache poisoning with DNSSEC

Synthesis of the vulnerability

A remote attacker can send a malicious DNS request/reply, in order to poison the cache of a recursive server with DNSSEC enabled.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Mandriva Linux, OpenSolaris, Solaris, RHEL, TurboLinux, ESX, ESXi.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/01/2010.
Identifiers: 275890, 2828, 2831, 6916058, c02263226, CVE-2009-4022-ERROR, CVE-2010-0290, CVE-2010-0382, DSA-2054-1, DSA-2054-2, FEDORA-2010-0861, FEDORA-2010-0868, HPSBUX02546, IV09491, IV09978, IV10049, IV11742, IV11743, IV11744, MDVSA-2010:021, RHSA-2010:0062-02, RT #20737, RT #20819, SOL15787, SSRT100159, TLSA-2010-5, VIGILANCE-VUL-9361, VMSA-2010-0009, VMSA-2010-0009.1, VU#418861.

Description of the vulnerability

The VIGILANCE-VUL-9224 bulletin describes a vulnerability which can be used by an attacker in order to poison the cache of a recursive server with DNSSEC enabled.

The vulnerability VIGILANCE-VUL-9224 was not fully corrected. Indeed, attacker's answer can also contain CNAME (alias) and DNAME (delegation) records, which are added in the cache with no check. [severity:2/4; 2828, RT #20737]

The solution for the vulnerability VIGILANCE-VUL-9224 introduced a problem in the handling of data requested because they were missing in attacker's answer (not in the "glue", so "out-of-bailiwick"). [severity:2/4; 2831, RT #20819]

A remote attacker can therefore send a malicious DNS request/reply, in order to poison the cache of a recursive server with DNSSEC enabled.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-4022

BIND: cache poisoning with DNSSEC

Synthesis of the vulnerability

A remote attacker can send a malicious DNS request/reply, in order to poison the cache of a recursive server with DNSSEC enabled.
Impacted products: Debian, Fedora, FreeBSD, HP-UX, AIX, Mandriva Linux, NetBSD, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, TurboLinux, Unix (platform) ~ not comprehensive, ESX.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 26/11/2009.
Revision date: 20/01/2010.
Identifiers: 273169, 6902912, BID-37118, c02263226, CERTA-2009-AVI-515, CERTA-2010-AVI-044, CVE-2009-4022, DSA-1961-1, FEDORA-2009-12218, FEDORA-2009-12233, FreeBSD-SA-10:01.bind, HPSBUX02546, MDVSA-2009:304, MDVSA-2009:313-1, RHSA-2009:1620-01, SSA:2009-336-01, SSA:2010-176-01, SSRT100159, SUSE-SA:2009:059, TLSA-2009-33, VIGILANCE-VUL-9224, VMSA-2010-0004, VMSA-2010-0004.1, VMSA-2010-0004.2, VMSA-2010-0004.3, VU#418861.

Description of the vulnerability

The DNSSEC protocol is used to authenticate data of DNS zones. Clients uses the DO (DNSSEC OK) bit in a DNS query to indicate to the resolver that they support DNSSEC. Clients uses the CD (Checking Disable) bit in a DNS query to indicate to the resolver to do not do checks.

A name server allowing recursive queries and honoring DNSSEC is impacted by a vulnerability. Indeed, an attacker located on the internal network can send a query with DO and CD bits set, to this DNS server. This recursive DNS server then contacts a DNS server located on internet in order to resolve the requested name. However, the attacker can be the first to reply. Additional records contained in attacker's answer are then automatically added in the cache.

A remote attacker can therefore send a malicious DNS request/reply, in order to poison the cache of a recursive server with DNSSEC enabled.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2009-4355

OpenSSL: memory leak of CRYPTO_cleanup_all_ex_data

Synthesis of the vulnerability

An attacker can generate a memory leak in some applications using the OpenSSL CRYPTO_cleanup_all_ex_data() function.
Impacted products: Debian, Fedora, HP-UX, NSM Central Manager, NSMXpress, Mandriva Linux, NetBSD, OpenSSL, RHEL, Slackware, TurboLinux, ESX, ESXi.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 13/01/2010.
Identifiers: c02079216, CVE-2009-4355, DSA-1970-1, FEDORA-2010-5357, HPSBUX02517, MDVSA-2010:022, PSN-2012-11-767, RHSA-2010:0054-01, SSA:2010-060-02, SSRT100058, TLSA-2010-4, VIGILANCE-VUL-9348, VMSA-2010-0009, VMSA-2010-0009.1.

Description of the vulnerability

The CRYPTO_cleanup_all_ex_data() function of OpenSSL frees used data. However in OpenSSL versions superior to 0.9.8f, this function does not free the COMP_CTX structure related to zlib compression, which creates a memory leak.

Applications using the OpenSSL CRYPTO_cleanup_all_ex_data() function are thus impacted by a denial of service.

In 2008, the Apache httpd mod_ssl module used this function, and was thus impacted by a denial of service (VIGILANCE-VUL-7969). This vulnerability was corrected by modifying mod_ssl, instead of correcting the root of the problem (OpenSSL).

The PHP module with Curl also uses this function, and is thus impacted by a denial of service. In 2010, developers decided to not correct PHP/Curl, but to correct the root of the problem (OpenSSL).
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2009-4565

Sendmail: truncation of X.509 with null

Synthesis of the vulnerability

When Sendmail uses certificates, an attacker can send a X.509 certificate with a Subject/Issuer field containing a null character, in order to bypass access restrictions.
Impacted products: Debian, Fedora, HP-UX, AIX, Mandriva Linux, Mandriva NF, NLD, OES, OpenSolaris, openSUSE, Solaris, RHEL, Sendmail, SLES, TurboLinux.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 31/12/2009.
Identifiers: 275870, 6913961, BID-37543, c02009860, CERTA-2010-AVI-123, CVE-2009-4565, DSA-1985-1, FEDORA-2010-5399, FEDORA-2010-5470, HPSBUX02508, IZ72510, IZ72515, IZ72526, IZ72528, IZ72539, IZ72602, MDVSA-2010:003, RHSA-2010:0237-05, RHSA-2011:0262-01, SSRT100007, SUSE-SR:2010:006, TLSA-2010-3, VIGILANCE-VUL-9321.

Description of the vulnerability

Sendmail can be configured to use X.509 certificates.

However, when a X.509 certificate contains a null character in the Subject/Issuer field, Sendmail truncates this field. This vulnerability is similar to VIGILANCE-VUL-8908, even if the vulnerable source code is different.

When Sendmail uses certificates, an attacker can therefore send a X.509 certificate with a Subject/Issuer field containing a null character, in order to bypass access restrictions.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2009-3388 CVE-2009-3389 CVE-2009-3979

Firefox, SeaMonkey: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Firefox and SeaMonkey can be used by an attacker to execute code on victim's computer.
Impacted products: Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, NLD, OES, openSUSE, RHEL, Slackware, SLES, TurboLinux.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 16/12/2009.
Identifiers: 293347, 457514, 468771, 470487, 479931, 487872, 494617, 495875, 503451, 504613, 504843, 506267, 510518, 513981, 514232, 514999, 515811, 515882, 516237, 521461, 522374, 522430, 523816, 524121, BID-37349, BID-37360, BID-37361, BID-37362, BID-37363, BID-37364, BID-37365, BID-37366, BID-37367, BID-37368, BID-37369, BID-37370, CERTA-2009-AVI-547, CERTA-2010-AVI-024, CVE-2009-3388, CVE-2009-3389, CVE-2009-3979, CVE-2009-3980, CVE-2009-3981, CVE-2009-3982, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986, CVE-2009-3987, DSA-1956-1, FEDORA-2010-7100, MDVSA-2009:338, MDVSA-2009:339, MFSA 2009-65, MFSA 2009-66, MFSA 2009-67, MFSA 2009-68, MFSA 2009-69, MFSA 2009-70, MFSA 2009-71, RHSA-2009:1673-01, RHSA-2009:1674-01, SSA:2009-351-01, SSA:2009-352-01, SUSE-SA:2009:063, SUSE-SR:2009:020, SUSE-SR:2010:013, TLSA-2009-35, TLSA-2010-1, VIGILANCE-VUL-9292.

Description of the vulnerability

Several vulnerabilities were announced in Firefox and SeaMonkey.

An attacker can generate several memory corruptions, in order to execute code. [severity:4/4; 293347, 457514, 468771, 470487, 479931, 494617, 495875, 506267, 510518, 513981, 514999, 515811, 516237, 522374, 524121, BID-37361, BID-37362, BID-37363, BID-37364, CVE-2009-3979, CVE-2009-3980, CVE-2009-3981, CVE-2009-3982, MFSA 2009-65]

An attacker can generate several memory corruptions in liboggplay, in order to execute code. [severity:4/4; 504843, 523816, BID-37369, CERTA-2009-AVI-547, CERTA-2010-AVI-024, CVE-2009-3388, MFSA 2009-66]

An attacker can generate several memory corruptions in libtheora, in order to execute code. [severity:4/4; 504613, 515882, BID-37368, CVE-2009-3389, MFSA 2009-67]

An attacker can use NTLM authentication data, to authenticate on several sites. [severity:3/4; 487872, BID-37366, CVE-2009-3983, MFSA 2009-68]

An attacker can use document.location to spoof the address of a page. [severity:2/4; 514232, 521461, BID-37367, BID-37370, CVE-2009-3984, CVE-2009-3985, MFSA 2009-69]

An attacker can use window.opener to execute JavaScript code with chrome privileges. [severity:2/4; 522430, BID-37365, CVE-2009-3986, MFSA 2009-70]

An attacker can use GeckoActiveXObject() to list installed ActiveX. [severity:1/4; 503451, BID-37360, CVE-2009-3987, MFSA 2009-71]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-4034 CVE-2009-4136

PostgreSQL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of PostgreSQL, in order to access to user's data.
Impacted products: Debian, Fedora, HPE NNMi, Mandriva Linux, OpenSolaris, openSUSE, Solaris, PostgreSQL, RHEL, SLES, TurboLinux.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/12/2009.
Identifiers: 274870, 6909139, 6909140, 6909142, BID-37333, BID-37334, c03333585, CERTA-2009-AVI-546, CVE-2009-4034, CVE-2009-4136, DSA-1964-1, FEDORA-2009-13363, FEDORA-2009-13381, HPSBMU02781, MDVSA-2009:333, RHSA-2010:0427-01, RHSA-2010:0428-01, RHSA-2010:0429-01, SSRT100617, SUSE-SR:2010:001, TLSA-2010-2, VIGILANCE-VUL-9285.

Description of the vulnerability

Two vulnerabilities were announced in PostgreSQL.

When a SSL certificate is used, an attacker can send a X.509 certificate with a field containing a null character, in order to bypass access restrictions. [severity:2/4; BID-37334, CERTA-2009-AVI-546, CVE-2009-4034]

A local attacker can use an index function, in order to elevate his privileges. [severity:2/4; BID-37333, CVE-2009-4136]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-3794 CVE-2009-3796 CVE-2009-3797

Adobe Flash Player: several vulnerabilities

Synthesis of the vulnerability

Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code or to obtain information.
Impacted products: Flash Player, OpenSolaris, openSUSE, Solaris, RHEL, SLES, TurboLinux.
Severity: 4/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 09/12/2009.
Identifiers: 274250, 6908614, APSB09-19, BID-37199, BID-37266, BID-37267, BID-37269, BID-37270, BID-37272, BID-37273, BID-37275, CERTA-2009-AVI-541, CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951, RHSA-2009:1657-01, RHSA-2009:1658-01, SUSE-SA:2009:062, TLSA-2009-34, VIGILANCE-VUL-9256, ZDI-09-092, ZDI-09-093.

Description of the vulnerability

Several Adobe Flash Player vulnerabilities were announced.

An attacker can execute code via a specially crafted JPEG image. [severity:4/4; BID-37266, CERTA-2009-AVI-541, CVE-2009-3794, ZDI-09-092]

An attacker can inject data in order to execute code. [severity:4/4; BID-37270, CVE-2009-3796]

An attacker can generate a memory corruption, leading to code execution. [severity:4/4; BID-37273, CVE-2009-3797]

An attacker can generate a memory corruption, leading to code execution. [severity:4/4; BID-37275, CVE-2009-3798]

An attacker can generate a integer overflow leading to code execution. [severity:4/4; BID-37267, CVE-2009-3799, ZDI-09-093]

An attacker can generate several memory corruption, leading to code execution. [severity:4/4; BID-37269, CVE-2009-3800]

A vulnerability of Flash Player ActiveX can lead to local filenames disclosure under Windows. [severity:2/4; BID-37272, CVE-2009-3951]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TurboLinux: