The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HP-UX

computer vulnerability CVE-2014-0098 CVE-2014-0963 CVE-2014-3022

WebSphere AS 8.5: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM WebSphere AS 8.5.
Impacted products: HP-UX, WebSphere AS.
Severity: 3/4.
Creation date: 19/08/2014.
Identifiers: 1681249, c04483248, CERTFR-2014-AVI-131, CVE-2014-0098, CVE-2014-0963, CVE-2014-3022, CVE-2014-3083, CVE-2014-4764, CVE-2014-4767, HPSBUX03150, PI09594, PI13028, PI17025, PI17768, PI21189, PI21284, PI30579, SSRT101681, VIGILANCE-VUL-15205.

Description of the vulnerability

Several vulnerabilities were announced in IBM WebSphere 8.5.

An attacker can trigger an error, in order to obtain sensitive information. [severity:1/4; CVE-2014-3022, PI09594]

An attacker can use a truncated cookie, in order to trigger a denial of service in mod_log_config of Apache HTTP Server (VIGILANCE-VUL-14438). [severity:2/4; CERTFR-2014-AVI-131, CVE-2014-0098, PI13028]

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service (VIGILANCE-VUL-14775). [severity:3/4; CVE-2014-0963, PI17025]

An attacker can traverse directories, in order to read a file outside the root path. [severity:2/4; CVE-2014-3083, PI17768, PI30579]

An attacker can make Load Balancer for IPv4 Dispatcher crash, in order to trigger a denial of service. [severity:3/4; CVE-2014-4764, PI21189]

An attacker can reduce the level of check when installing features from the Liberty Repository. [severity:2/4; CVE-2014-4767, PI21284]
Complete Vigil@nce bulletin.... (free trial)

vulnerability CVE-2014-3505 CVE-2014-3506 CVE-2014-3507

OpenSSL: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: ArubaOS, ProxyAV, ProxySG, SGOS, Clearswift Email Gateway, Clearswift Web Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, WS_FTP Server, MBS, ePO, NetBSD, OpenBSD, OpenSSL, openSUSE, Solaris, Puppet, RHEL, Red Hat JBoss EAP, RSA Authentication Manager, Slackware, Splunk Enterprise, stunnel, Nessus, Ubuntu.
Severity: 3/4.
Creation date: 07/08/2014.
Identifiers: 1684444, aid-08182014, c04404655, CERTFR-2014-AVI-344, CERTFR-2014-AVI-395, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139, DSA-2998-1, ESA-2014-103, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-9301, FEDORA-2014-9308, FreeBSD-SA-14:18.openssl, HPSBUX03095, MDVSA-2014:158, NetBSD-SA2014-008, openSUSE-SU-2014:1052-1, RHSA-2014:1052-01, RHSA-2014:1053-01, RHSA-2014:1054-01, RHSA-2014:1256-01, RHSA-2014:1297-01, RHSA-2015:0126-01, RHSA-2015:0197-01, SA85, SB10084, SOL15564, SOL15568, SOL15573, SSA:2014-220-01, SSRT101674, tns-2014-06, USN-2308-1, VIGILANCE-VUL-15130.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can send DTLS packets that will lead to double free of memory and then a crash, in order to trigger a denial of service. [severity:3/4; CVE-2014-3505]

An attacker can make an application consumes a large amount of memory in the processing of DTLS handshake packets, in order to trigger a denial of service. [severity:3/4; CVE-2014-3506]

An attacker can create a memory leak in the DTLS packet processing, in order to trigger a denial of service. [severity:3/4; CVE-2014-3507]

Pretty printing routines that use OID may provide information about the stack content. An attacker may be able to deduce sensitive information from that. [severity:1/4; CVE-2014-3508]

A client attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-3509]

A server attacker can force a NULL pointer to be dereferenced in the handshake processing if the client supports key exchange with anonymous Diffie-Hellman, in order to trigger a denial of service. [severity:2/4; CVE-2014-3510]

A client attacker can force use of TLS 1.0 by special fragmentation of the Client Hello message, in order to reduce the strength of negotiated algorithms. [severity:1/4; CVE-2014-3511]

An attacker can generate a buffer overflow in the processing of SRP parameters, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-3512]

An attacker can force a NULL pointer to be dereferenced in the TLS client by asserting support for SRP, in order to trigger a denial of service. [severity:2/4; CVE-2014-5139]
Complete Vigil@nce bulletin.... (free trial)

vulnerability CVE-2014-0231

Apache httpd: denial of service via mod_cgid

Synthesis of the vulnerability

An attacker, who is allowed to upload a malicious CGI script on the server, can block mod_cgid of Apache httpd, in order to trigger a denial of service.
Impacted products: Apache httpd, Debian, Fedora, HP-UX, WebSphere AS, NSMXpress, MBS, openSUSE, Solaris, Puppet, RHEL, Red Hat JBoss EAP, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 17/07/2014.
Identifiers: 1690185, 1695392, 7036319, c04686230, c04832246, CERTFR-2015-AVI-286, CVE-2014-0231, DSA-2989-1, FEDORA-2014-8742, FEDORA-2014-9057, HPSBUX03337, HPSBUX03512, JSA10685, MDVSA-2014:142, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0920-01, RHSA-2014:0921-01, RHSA-2014:0922-01, RHSA-2014:1019-01, RHSA-2014:1020-01, RHSA-2014:1021-01, RHSA-2014:1086-01, RHSA-2014:1087-01, RHSA-2014:1088-01, SSA:2014-204-01, SSRT102066, SSRT102254, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2299-1, VIGILANCE-VUL-15070.

Description of the vulnerability

The mod_cgid module of Apache httpd manages CGI scripts.

However, if a CGI script does not consume its standard input, the child process hangs indefinitely.

An attacker, who is allowed to upload a malicious CGI script on the server, can therefore block mod_cgid of Apache httpd, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability announce CVE-2014-0118

Apache httpd: denial of service via mod_deflate

Synthesis of the vulnerability

An attacker can send special data to Apache httpd with mod_deflate as an Input Filter, in order to trigger a denial of service.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, HP-UX, WebSphere AS, NSMXpress, MBS, Solaris, Puppet, RHEL, Red Hat JBoss EAP, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 17/07/2014.
Identifiers: 1690185, 1695392, 7036319, c04686230, c04832246, CERTFR-2015-AVI-286, CVE-2014-0118, DSA-2989-1, FEDORA-2014-8742, FEDORA-2014-9057, HPSBUX03337, HPSBUX03512, JSA10685, MDVSA-2014:142, MDVSA-2015:093, RHSA-2014:0920-01, RHSA-2014:0921-01, RHSA-2014:0922-01, RHSA-2014:1019-01, RHSA-2014:1020-01, RHSA-2014:1021-01, RHSA-2014:1086-01, RHSA-2014:1087-01, RHSA-2014:1088-01, SSA:2014-204-01, SSRT102066, SSRT102254, USN-2299-1, VIGILANCE-VUL-15067.

Description of the vulnerability

The mod_deflate module of Apache httpd compresses/uncompresses data.

The decompression of the HTTP body is for example enabled with:
  <Location /dav-area>
    SetInputFilter DEFLATE
  </Location>

However, in this case, special data lead to the consumption of several resources.

An attacker can therefore send special data to Apache httpd with mod_deflate as an Input Filter, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2014-0226

Apache httpd: buffer overflow of mod_status

Synthesis of the vulnerability

An attacker can generate a buffer overflow in mod_status of Apache httpd, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Apache httpd, Apache httpd Modules ~ not comprehensive, Debian, Fedora, HP-UX, WebSphere AS, NSMXpress, MBS, openSUSE, Solaris, Puppet, RHEL, Red Hat JBoss EAP, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 17/07/2014.
Identifiers: 1690185, 1695392, 7036319, c04686230, c04832246, CERTFR-2015-AVI-286, CVE-2014-0226, DSA-2989-1, FEDORA-2014-8742, FEDORA-2014-9057, HPSBUX03337, HPSBUX03512, JSA10685, MDVSA-2014:142, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0920-01, RHSA-2014:0921-01, RHSA-2014:0922-01, RHSA-2014:1019-01, RHSA-2014:1020-01, RHSA-2014:1021-01, RHSA-2014:1086-01, RHSA-2014:1087-01, RHSA-2014:1088-01, SSA:2014-204-01, SSRT102066, SSRT102254, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2299-1, VIGILANCE-VUL-15066, ZDI-14-236.

Description of the vulnerability

The mod_status module can be enabled on Apache httpd:
  <Location /server-status>
    SetHandler server-status
    Require host example.com
  </Location>
Its access is usually restricted.

The ScoreBoard of httpd stores information related to current processes and sessions. The mod_status module reads the ScoreBoard. However, data are not correctly synchronized: when two queries are sent on /server-status and a normal page, the size of data (client, request, vhost) can be inconsistent.

An attacker can therefore generate a buffer overflow in mod_status of Apache httpd, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

vulnerability alert CVE-2014-2483 CVE-2014-2490 CVE-2014-4208

Oracle Java: multiple vulnerabilities of July 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, Fedora, HP-UX, AIX, DB2 UDB, Tivoli Workload Scheduler, WebSphere AS, WebSphere MQ, Domino, Notes, MBS, ePO, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, vCenter, VMware vSphere.
Severity: 3/4.
Creation date: 16/07/2014.
Identifiers: 1680418, 1686749, 1686824, 1689579, 7014224, c04398922, c04398943, CERTFR-2014-AVI-320, cpujul2014, CVE-2014-2483, CVE-2014-2490, CVE-2014-4208, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4223, CVE-2014-4227, CVE-2014-4244, CVE-2014-4247, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4265, CVE-2014-4266, CVE-2014-4268, DSA-2980-1, DSA-2987-1, DSA-2987-2, FEDORA-2014-8395, FEDORA-2014-8407, FEDORA-2014-8417, FEDORA-2014-8441, HPSBUX03091, HPSBUX03092, MDVSA-2014:141, openSUSE-SU-2014:1638-1, openSUSE-SU-2014:1645-1, RHSA-2014:0889-01, RHSA-2014:0890-01, RHSA-2014:0902-01, RHSA-2014:0907-01, RHSA-2014:0908-01, RHSA-2014:1033-01, RHSA-2014:1036-01, RHSA-2014:1041-01, RHSA-2014:1042-01, SB10083, SSRT101667, SSRT101668, SUSE-SU-2014:0961-1, USN-2312-1, USN-2319-1, USN-2319-2, USN-2319-3, VIGILANCE-VUL-15051, VMSA-2014-0008.2, VMSA-2014-0012, ZDI-14-258.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4227]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4219]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2490, ZDI-14-258]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4216]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4247]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2483]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4223]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4262]

An attacker can use a vulnerability of JMX, in order to obtain or alter information. [severity:2/4; CVE-2014-4209]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; CVE-2014-4265]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; CVE-2014-4220]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; CVE-2014-4218]

An attacker can use a vulnerability of Security, in order to obtain information. [severity:2/4; CVE-2014-4252]

An attacker can use a vulnerability of Serviceability, in order to alter information. [severity:2/4; CVE-2014-4266]

An attacker can use a vulnerability of Swing, in order to obtain information. [severity:2/4; CVE-2014-4268]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2014-4264]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; CVE-2014-4221]

An attacker can use a vulnerability of Security, in order to obtain or alter information. [severity:2/4; CVE-2014-4244]

An attacker can use a vulnerability of Security, in order to obtain or alter information. [severity:2/4; CVE-2014-4263]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:1/4; CVE-2014-4208]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2014-0207 CVE-2014-3478 CVE-2014-3479

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, MBS, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 27/06/2014.
Revision date: 04/07/2014.
Identifiers: 67498, bulletinjan2015, c04223376, CERTFR-2014-AVI-296, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4721, DSA-2974-1, DSA-3021-1, DSA-3021-2, FEDORA-2014-7765, FEDORA-2014-7782, FEDORA-2014-7992, FEDORA-2014-9712, HPSBUX03102, MDVSA-2014:130, MDVSA-2014:131, MDVSA-2015:080, openSUSE-SU-2014:0925-1, openSUSE-SU-2014:0945-1, openSUSE-SU-2014:1236-1, RHSA-2014:1012-01, RHSA-2014:1013-01, RHSA-2014:1327-01, RHSA-2014:1606-02, RHSA-2014:1765-01, RHSA-2014:1766-01, RHSA-2015:2155-07, SOL17313, SSA:2014-192-01, SSRT101681, SUSE-SU-2014:0938-1, USN-2276-1, USN-2278-1, VIGILANCE-VUL-14948.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can generate a buffer overflow in Fileinfo cdf_read_short_sector, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-0207]

An attacker can generate a buffer overflow in Fileinfo mconvert, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-3478]

An attacker can generate a buffer overflow in Fileinfo cdf_check_stream_offset, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-3479]

An attacker can generate a buffer overflow in Fileinfo cdf_count_chain, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-3480]

An attacker can generate a buffer overflow in Fileinfo cdf_read_property_info, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-3487]

An attacker can use SPL unserialize(), in order to execute code. [severity:2/4; CVE-2014-3515]

An attacker can change the type of variables, to read a memory fragment of PHP, in order to obtain sensitive information. [severity:1/4; 67498, CVE-2014-4721]
Complete Vigil@nce bulletin.... (free trial)

vulnerability CVE-2013-6323 CVE-2013-6329 CVE-2013-6438

WebSphere AS 8.0: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebSphere AS 8.0.
Impacted products: HP-UX, WebSphere AS.
Severity: 3/4.
Creation date: 24/06/2014.
Identifiers: 1676092, BID-64249, BID-65400, c04483248, CERTFR-2014-AVI-131, CERTFR-2014-AVI-253, CVE-2013-6323, CVE-2013-6329, CVE-2013-6438, CVE-2013-6738, CVE-2013-6747, CVE-2014-0050, CVE-2014-0076, CVE-2014-0098, CVE-2014-0823, CVE-2014-0857, CVE-2014-0859, CVE-2014-0891, CVE-2014-0963, CVE-2014-0965, CVE-2014-3022, HPSBUX03150, PI04777, PI04880, PI05309, PI05324, PI05661, PI07808, PI08892, PI09345, PI09443, PI09594, PI09786, PI11434, PI12648, PI12926, PI13028, PI13162, PI17025, PI19700, SSRT101681, VIGILANCE-VUL-14930.

Description of the vulnerability

Several vulnerabilities were announced in WebSphere AS 8.0.

An attacker can trigger a Cross Site Scripting in Administration Console, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-6323, PI04777, PI04880]

An attacker can send malicious SSLv2 messages to applications using IBM GSKit, in order to trigger a denial of service (VIGILANCE-VUL-14155). [severity:2/4; BID-64249, CVE-2013-6329, PI05309]

An attacker can use Full/Liberty Profile, in order to obtain sensitive information. [severity:2/4; CVE-2014-0823, PI05324]

An attacker can trigger a Cross Site Scripting in Oauth, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-6738, PI05661]

An attacker can use the Administrative Console, in order to escalate his privileges. [severity:2/4; CVE-2014-0857, PI07808]

An attacker can use POST queries, in order to trigger a denial of service. [severity:2/4; CVE-2014-0859, PI08892]

An attacker can send a DAV WRITE query starting by spaces, in order to trigger a denial of service in mod_dav of Apache HTTP Server (VIGILANCE-VUL-14439). [severity:2/4; CERTFR-2014-AVI-131, CVE-2013-6438, PI09345]

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service (VIGILANCE-VUL-14158). [severity:2/4; CVE-2013-6747, PI09443]

An attacker can trigger an error, in order to obtain sensitive information. [severity:1/4; CVE-2014-3022, PI09594]

An attacker can use the Proxy/ODR, in order to obtain sensitive information. [severity:2/4; CVE-2014-0891, PI09786]

An attacker can use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service (VIGILANCE-VUL-14183). [severity:2/4; BID-65400, CVE-2014-0050, PI12648, PI12926, PI13162]

An attacker can use SOAP, in order to obtain sensitive information. [severity:2/4; CVE-2014-0965, PI11434]

An attacker can use a truncated cookie, in order to trigger a denial of service in mod_log_config of Apache HTTP Server (VIGILANCE-VUL-14438). [severity:2/4; CERTFR-2014-AVI-131, CVE-2014-0098, PI13028]

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service (VIGILANCE-VUL-14775). [severity:3/4; CVE-2014-0963, PI17025]

A local attacker can guess the ECDSA secret used by the OpenSSL implementation, in order to obtain sensitive information (VIGILANCE-VUL-14462). [severity:1/4; CERTFR-2014-AVI-253, CVE-2014-0076, PI19700]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2013-6323 CVE-2013-6329 CVE-2013-6438

WebSphere AS 7.0: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebSphere AS 7.0.
Impacted products: HP-UX, WebSphere AS.
Severity: 3/4.
Creation date: 24/06/2014.
Identifiers: 1676091, BID-64249, BID-65400, c04483248, CERTFR-2014-AVI-131, CVE-2013-6323, CVE-2013-6329, CVE-2013-6438, CVE-2013-6738, CVE-2013-6747, CVE-2014-0050, CVE-2014-0098, CVE-2014-0114, CVE-2014-0859, CVE-2014-0891, CVE-2014-0963, CVE-2014-0965, CVE-2014-3022, HPSBUX03150, PI04777, PI04880, PI05309, PI05661, PI08892, PI09345, PI09443, PI09594, PI09786, PI11434, PI12648, PI12926, PI13028, PI13162, PI17025, PI17190, SSRT101681, VIGILANCE-VUL-14929.

Description of the vulnerability

Several vulnerabilities were announced in WebSphere AS 7.0.

An attacker can trigger a Cross Site Scripting in Administration Console, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-6323, PI04777, PI04880]

An attacker can send malicious SSLv2 messages to applications using IBM GSKit, in order to trigger a denial of service (VIGILANCE-VUL-14155). [severity:2/4; BID-64249, CVE-2013-6329, PI05309]

An attacker can trigger a Cross Site Scripting in Oauth, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-6738, PI05661]

An attacker can use POST queries, in order to trigger a denial of service. [severity:2/4; CVE-2014-0859, PI08892]

An attacker can send a DAV WRITE query starting by spaces, in order to trigger a denial of service in mod_dav of Apache HTTP Server (VIGILANCE-VUL-14439). [severity:2/4; CERTFR-2014-AVI-131, CVE-2013-6438, PI09345]

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service (VIGILANCE-VUL-14158). [severity:2/4; CVE-2013-6747, PI09443]

An attacker can trigger an error, in order to obtain sensitive information. [severity:1/4; CVE-2014-3022, PI09594]

An attacker can use the Proxy/ODR, in order to obtain sensitive information. [severity:2/4; CVE-2014-0891, PI09786]

An attacker can use SOAP, in order to obtain sensitive information. [severity:2/4; CVE-2014-0965, PI11434]

An attacker can use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service (VIGILANCE-VUL-14183). [severity:2/4; BID-65400, CVE-2014-0050, PI12648, PI12926, PI13162]

An attacker can use a truncated cookie, in order to trigger a denial of service in mod_log_config of Apache HTTP Server (VIGILANCE-VUL-14438). [severity:2/4; CERTFR-2014-AVI-131, CVE-2014-0098, PI13028]

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service (VIGILANCE-VUL-14775). [severity:3/4; CVE-2014-0963, PI17025]

An attacker can use the "class" parameter, to manipulate the ClassLoader, in order to execute code (VIGILANCE-VUL-14799). [severity:3/4; CVE-2014-0114, PI17190]
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2014-4049

PHP: buffer overflow of DNS TXT

Synthesis of the vulnerability

An attacker can generate a buffer overflow of PHP via DNS TXT, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, MBS, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/06/2014.
Identifiers: bulletinjan2015, c04223376, CVE-2014-4049, DSA-2961-1, FEDORA-2014-7765, FEDORA-2014-7782, HPSBUX03102, MDVSA-2014:130, MDVSA-2015:080, openSUSE-SU-2014:0841-1, openSUSE-SU-2014:0942-1, openSUSE-SU-2014:1133-1, RHSA-2014:1012-01, RHSA-2014:1013-01, RHSA-2014:1765-01, RHSA-2014:1766-01, SOL15761, SSA:2014-192-01, SSRT101681, SUSE-SU-2014:0868-1, SUSE-SU-2014:0869-1, SUSE-SU-2014:0873-1, SUSE-SU-2014:0873-2, USN-2254-1, USN-2254-2, VIGILANCE-VUL-14894.

Description of the vulnerability

The PHP dns_get_record() function obtain DNS Resource Records associated with a hostname.

However, if the size of TXT record data in the DNS reply is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow of PHP via DNS TXT, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HP-UX: