The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HP-UX

vulnerability bulletin CVE-2013-6219

HP-UX: write access with WLI

Synthesis of the vulnerability

An attacker can bypass access restrictions of HP-UX Whitelisting, in order to alter data.
Impacted products: HP-UX.
Severity: 2/4.
Creation date: 22/04/2014.
Identifiers: c04227671, CVE-2013-6219, HPSBUX03001, SSRT101382, VIGILANCE-VUL-14623.

Description of the vulnerability

The HP-UX WLI (Whitelisting) product can be installed on HP-UX to protect file systems.

However, an attacker can bypass access restrictions to data. Technical details are unknown.

An attacker can therefore bypass access restrictions of HP-UX Whitelisting, in order to alter data.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2013-6629 CVE-2013-6954 CVE-2014-0429

Oracle Java: multiple vulnerabilities of April 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, ECC, Fedora, HP-UX, AIX, Tivoli System Automation, WebSphere MQ, Junos Space, Domino, Notes, MBS, ePO, NetIQ Sentinel, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, vCenter, VMware vSphere.
Severity: 3/4.
Creation date: 16/04/2014.
Identifiers: 1680562, 1681114, 7014224, BID-64493, c04398922, c04398943, CERTFR-2014-AVI-185, CERTFR-2014-AVI-382, CERTFR-2014-AVI-480, cpuapr2014, CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428, DSA-2912-1, DSA-2923-1, ESA-2014-044, FEDORA-2014-5277, FEDORA-2014-5280, FEDORA-2014-5290, FEDORA-2014-5336, HPSBUX03091, HPSBUX03092, JSA10659, MDVSA-2014:100, openSUSE-SU-2014:1638-1, openSUSE-SU-2014:1645-1, RHSA-2014:0406-01, RHSA-2014:0407-01, RHSA-2014:0408-01, RHSA-2014:0412-01, RHSA-2014:0413-02, RHSA-2014:0414-01, RHSA-2014:0486-01, RHSA-2014:0508-01, RHSA-2014:0509-01, RHSA-2014:0675-01, RHSA-2014:0685-01, RHSA-2014:0982-01, SB10072, SSRT101667, SSRT101668, SUSE-SU-2014:0639-1, SUSE-SU-2014:0728-1, SUSE-SU-2014:0728-2, SUSE-SU-2014:0728-3, SUSE-SU-2014:0733-1, SUSE-SU-2014:0733-2, USN-2187-1, USN-2191-1, VIGILANCE-VUL-14599, VMSA-2014-0008, VU#650142, ZDI-14-102, ZDI-14-103, ZDI-14-104, ZDI-14-105, ZDI-14-114.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0429]

An attacker can use a vulnerability of Libraries ScriptEngineManager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0457, ZDI-14-105]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0456, ZDI-14-114]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2421, ZDI-14-102]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2410]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2397]

An attacker can use a vulnerability of Libraries permuteArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0432, ZDI-14-104]

An attacker can use a vulnerability of Libraries DropArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0455, ZDI-14-103]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0461]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0448]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2428]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2412]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0451]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0458]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2423]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0452]

An attacker can use a vulnerability of JAXB, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2414]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2402]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0446]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0454]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2427]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2422]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2014-2409]

An attacker can use a vulnerability of JNDI, in order to obtain or alter information. [severity:2/4; CVE-2014-0460]

An attacker can create a malicious image, to dereference a NULL pointer in the png_do_expand_palette() function of libpng, in order to trigger a denial of service. (VIGILANCE-VUL-13989). [severity:2/4; BID-64493, CVE-2013-6954, VU#650142]

An attacker can use a vulnerability of AWT, in order to obtain information. [severity:2/4; CVE-2013-6629]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; CVE-2014-0449]

An attacker can use a vulnerability of JAXP, in order to obtain information. [severity:2/4; CVE-2014-2403]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2014-2401]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0463]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0464]

An attacker can use a vulnerability of 2D, in order to trigger a denial of service. [severity:2/4; CVE-2014-0459]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; CVE-2014-2413]

An attacker can use a vulnerability of Security, in order to obtain or alter information. [severity:2/4; CVE-2014-0453]

An attacker can use a vulnerability of Javadoc, in order to alter information. [severity:1/4; CVE-2014-2398]

A local attacker can create a symbolic link named /tmp/unpack.log, in order to alter the pointed file, with privileges of unpack200 (VIGILANCE-VUL-14196). [severity:1/4; CVE-2014-1876]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:1/4; CVE-2014-2420]
Complete Vigil@nce bulletin.... (free trial)

vulnerability bulletin CVE-2013-5704

Apache httpd: bypassing mod_headers unset

Synthesis of the vulnerability

An attacker can use HTTP Chunked data, in order to bypass the "RequestHeader unset" directive of Apache httpd mod_headers.
Impacted products: Apache httpd, BIG-IP Hardware, TMOS, Fedora, HP-UX, WebSphere AS, MBS, openSUSE, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 01/04/2014.
Identifiers: 1690185, 1695392, 7036319, bulletinjan2015, c04686230, CVE-2013-5704, FEDORA-2014-17153, FEDORA-2014-17195, HPSBUX03337, MDVSA-2014:174, openSUSE-SU-2014:1726-1, RHSA-2014:1972-01, RHSA-2015:0325-02, RHSA-2015:1249-02, SOL16863, SSA:2015-111-03, SSRT102066, USN-2523-1, VIGILANCE-VUL-14503.

Description of the vulnerability

The HTTP Transfer-Encoding header can use the "chunked" type, to indicate that data is split in chunks before being transmitted.

The "RequestHeader unset Abc" directive of the mod_headers module of Apache httpd indicates to remove the HTTP Abc header. However, if an attacker puts the HTTP Abc header in a chunked part, mod_headers does not remove it.

An attacker can therefore use HTTP Chunked data, in order to bypass the "RequestHeader unset" directive of Apache httpd mod_headers.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2013-6438

Apache HTTP Server: denial of service via mod_dav

Synthesis of the vulnerability

An attacker can send a DAV WRITE query starting by spaces, in order to trigger a denial of service in mod_dav of Apache HTTP Server.
Impacted products: Apache httpd, BIG-IP Hardware, TMOS, Fedora, HP-UX, NSMXpress, MBS, MES, openSUSE, Solaris, Puppet, RHEL, Red Hat JBoss EAP, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/03/2014.
Identifiers: c04223376, c04483248, CERTFR-2014-AVI-131, CERTFR-2014-AVI-244, CERTFR-2014-AVI-250, CERTFR-2015-AVI-286, CVE-2013-6438, FEDORA-2014-5004, HPSBUX03102, HPSBUX03150, JSA10685, MDVSA-2014:065, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0369-01, RHSA-2014:0370-01, RHSA-2014:0783-01, RHSA-2014:0784-01, RHSA-2014:0825-01, RHSA-2014:0826-01, SOL15300, SSA:2014-086-02, SSRT101681, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2152-1, VIGILANCE-VUL-14439.

Description of the vulnerability

The mod_dav module can be enabled on Apache HTTP Server, to edit documents online.

When data starts by a space, they are removed. However, the size of data is not updated, so the '\0' terminator is written outside the array, which leads to a fatal error.

An attacker can therefore send a DAV WRITE query starting by spaces, in order to trigger a denial of service in mod_dav of Apache HTTP Server.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2014-0098

Apache HTTP Server: denial of service via mod_log_config

Synthesis of the vulnerability

An attacker can use a truncated cookie, in order to trigger a denial of service in mod_log_config of Apache HTTP Server.
Impacted products: Apache httpd, Fedora, HP-UX, NSMXpress, MBS, MES, openSUSE, Solaris, Puppet, RHEL, Red Hat JBoss EAP, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/03/2014.
Identifiers: c04223376, c04483248, CERTFR-2014-AVI-131, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2014-0098, FEDORA-2014-4555, FEDORA-2014-5004, HPSBUX03102, HPSBUX03150, JSA10685, MDVSA-2014:065, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0369-01, RHSA-2014:0370-01, RHSA-2014:0783-01, RHSA-2014:0784-01, RHSA-2014:0825-01, RHSA-2014:0826-01, SSA:2014-086-02, SSRT101681, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2152-1, VIGILANCE-VUL-14438.

Description of the vulnerability

To define cookies, web clients use an HTTP header like:
  Cookie: name=value; name2=value2

The mod_log_config module logs HTTP queries received by Apache httpd. However, if a cookie has no value, a fatal error occurs in the log_cookie() function of the modules/loggers/mod_log_config.c file.

An attacker can therefore use a truncated cookie, in order to trigger a denial of service in mod_log_config of Apache HTTP Server.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2013-6209

HP-UX: denial of service via NFS rpc.lockd

Synthesis of the vulnerability

An attacker can send a malicious query to the NFS rpc.lockd daemon of HP-UX, in order to trigger a denial of service.
Impacted products: HP-UX.
Severity: 2/4.
Creation date: 11/03/2014.
Identifiers: c04174142, CVE-2013-6209, HPSBUX02976, SSRT101236, VIGILANCE-VUL-14394.

Description of the vulnerability

The NFS service of HP-UX uses the rpc.lockd daemon, to manage locks

However, a remote attacker can stop it. Technical details are unknown.

An attacker can therefore send a malicious query to the NFS rpc.lockd daemon of HP-UX, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

vulnerability bulletin CVE-2013-6200

HP-UX: privilege escalation via m4

Synthesis of the vulnerability

A local attacker can use m4 on HP-UX, in order to escalate his privileges.
Impacted products: HP-UX.
Severity: 2/4.
Creation date: 07/03/2014.
Identifiers: c04103553, CVE-2013-6200, HPSBUX02963, SSRT101297, VIGILANCE-VUL-14373.

Description of the vulnerability

The m4 program generates files from macros.

However, a local attacker can use it to gain an unauthorized access. Technical details are unknown.

A local attacker can therefore use m4 on HP-UX, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability announce CVE-2013-4286

Apache Tomcat: data injection via Content-Length

Synthesis of the vulnerability

An attacker can use two Content-Length headers in order to alter behaviour of HTTP data analysis.
Impacted products: Tomcat, Debian, Fedora, HP-UX, MBS, ePO, Solaris, RHEL, Red Hat JBoss EAP, Ubuntu.
Severity: 1/4.
Creation date: 25/02/2014.
Identifiers: BID-65773, c04483248, CERTFR-2014-AVI-244, CVE-2013-4286, DSA-2897-1, FEDORA-2014-11048, HPSBUX03150, MDVSA-2015:052, RHSA-2014:0343-01, RHSA-2014:0344-01, RHSA-2014:0345-01, RHSA-2014:0373-01, RHSA-2014:0374-01, RHSA-2014:0429-01, RHSA-2014:0458-01, RHSA-2014:0459-01, RHSA-2014:0511-01, RHSA-2014:0525-01, RHSA-2014:0526-01, RHSA-2014:0527-01, RHSA-2014:0528-01, RHSA-2014:0686-01, RHSA-2015:1009, SB10079, SSRT101681, USN-2130-1, VIGILANCE-VUL-14307.

Description of the vulnerability

The Content-Length header indicates size of HTTP data.

When two or several Content-Length headers are present, each entity (client, proxy, server) can take a different decision:
 - use first value
 - use last value
 - etc.
These different behaviors for example permit to inject data to corrupt a cache or obtain sensitive information (VIGILANCE-VUL-4047, VIGILANCE-VUL-6675).

The HTTP and AJP connectors of Tomcat server do not ignore these multiple headers, and are thus impacted by this attack family.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability announce CVE-2013-5870 CVE-2013-5878 CVE-2013-5884

Oracle Java: multiple vulnerabilities of January 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Avamar, Fedora, HP-UX, AIX, IRAD, Tivoli System Automation, WebSphere AS, WebSphere MQ, Junos Space, Domino, Notes, MBS, NetIQ Sentinel, Java OpenJDK, openSUSE, Java Oracle, JavaFX, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 15/01/2014.
Identifiers: 1663938, 1670264, 1671242, 1671245, 1674922, 1675938, 1679983, 4006386, 7014224, BID-64863, BID-64875, BID-64882, BID-64890, BID-64894, BID-64899, BID-64901, BID-64903, BID-64906, BID-64907, BID-64910, BID-64912, BID-64914, BID-64915, BID-64916, BID-64917, BID-64918, BID-64919, BID-64920, BID-64921, BID-64922, BID-64923, BID-64924, BID-64925, BID-64926, BID-64927, BID-64928, BID-64929, BID-64930, BID-64931, BID-64932, BID-64933, BID-64934, BID-64935, BID-64936, BID-64937, c04166777, c04166778, CERTA-2014-AVI-030, CERTFR-2014-AVI-199, CERTFR-2014-AVI-480, cpujan2014, CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0385, CVE-2014-0387, CVE-2014-0403, CVE-2014-0408, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, ESA-2014-002, FEDORA-2014-0885, FEDORA-2014-0945, FEDORA-2014-1048, FEDORA-2014-2071, FEDORA-2014-2088, HPSBUX02972, HPSBUX02973, JSA10659, MDVSA-2014:011, openSUSE-SU-2014:0174-1, openSUSE-SU-2014:0177-1, openSUSE-SU-2014:0180-1, RHSA-2014:0026-01, RHSA-2014:0027-01, RHSA-2014:0030-01, RHSA-2014:0097-01, RHSA-2014:0134-01, RHSA-2014:0135-01, RHSA-2014:0136-01, RHSA-2014:0982-01, SSRT101454, SSRT101455, SUSE-SU-2014:0246-1, SUSE-SU-2014:0266-1, SUSE-SU-2014:0266-2, SUSE-SU-2014:0266-3, SUSE-SU-2014:0451-1, USN-2124-1, USN-2124-2, VIGILANCE-VUL-14087, ZDI-14-013, ZDI-14-038.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64915, CVE-2014-0410]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64899, CVE-2014-0415]

An attacker can use a vulnerability of 2D TTF Font Parsing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64894, CVE-2013-5907, ZDI-14-013, ZDI-14-038]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64935, CVE-2014-0428]

An attacker can use a vulnerability of JNDI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64921, CVE-2014-0422]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64901, CVE-2014-0385]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64931, CVE-2013-5889]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64910, CVE-2014-0408]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64863, CVE-2013-5893]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64932, CVE-2014-0417]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64882, CVE-2014-0387]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64919, CVE-2014-0424]

An attacker can use a vulnerability of Serviceability, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64922, CVE-2014-0373]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64927, CVE-2013-5878]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64890, CVE-2013-5904]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64929, CVE-2013-5870]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64920, CVE-2014-0403]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64916, CVE-2014-0375]

An attacker can use a vulnerability of Beans, in order to obtain information, or to trigger a denial of service. [severity:2/4; BID-64914, CVE-2014-0423]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64934, CVE-2013-5905]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64903, CVE-2013-5906]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64923, CVE-2013-5902]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64917, CVE-2014-0418]

An attacker can use a vulnerability of Deployment, in order to trigger a denial of service. [severity:2/4; BID-64875, CVE-2013-5887]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-64928, CVE-2013-5899]

An attacker can use a vulnerability of CORBA, in order to trigger a denial of service. [severity:2/4; BID-64926, CVE-2013-5896]

An attacker can use a vulnerability of CORBA, in order to obtain information. [severity:2/4; BID-64924, CVE-2013-5884]

An attacker can use a vulnerability of JAAS, in order to alter information. [severity:2/4; BID-64937, CVE-2014-0416]

An attacker can use a vulnerability of JAXP, in order to alter information. [severity:2/4; BID-64907, CVE-2014-0376]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-64930, CVE-2014-0368]

An attacker can use a vulnerability of Security, in order to alter information. [severity:2/4; BID-64933, CVE-2013-5910]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; BID-64906, CVE-2013-5895]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64925, CVE-2013-5888]

An attacker can use a vulnerability of JavaFX, in order to trigger a denial of service. [severity:2/4; BID-64936, CVE-2014-0382]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64912, CVE-2013-5898]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; BID-64918, CVE-2014-0411]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2014-0591

ISC BIND: denial of service via NSEC3

Synthesis of the vulnerability

When an authoritative BIND server manages a zone signed with NSEC3, an attacker can send a special query, in order to trigger a denial of service.
Impacted products: Debian, Fedora, FreeBSD, HP-UX, BIND, MBS, MES, NetBSD, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 14/01/2014.
Identifiers: AA-01085, BID-64801, c04085336, CERTA-2014-AVI-013, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2014-0591, DSA-3023-1, FEDORA-2014-0811, FEDORA-2014-0858, FreeBSD-SA-14:04.bind, HPSBUX02961, MDVSA-2014:002, openSUSE-SU-2014:0199-1, openSUSE-SU-2014:0202-1, RHSA-2014:0043-01, RHSA-2014:1244-01, SSA:2014-028-01, SSA:2014-175-01, SSRT101420, SUSE-SU-2015:0480-1, VIGILANCE-VUL-14058.

Description of the vulnerability

When DNSSEC is used, each DNS record (triplet {name, type, class}) is signed using a RRSIG record. A DNS server that implements DNSSEC returns to the client normal records and RRSIG records. When the client requested a nonexistent record, the DNS server returns NSEC/NSEC3 records which are also signed.

The query_findclosestnsec3() function of the bin/named/query.c file manages NSEC3 records. However, the processing of domain name labels is incorrect, then a memcpy() is performed on an invalid range, so the resulting name is too long, which triggers a call to the INSIST() macro which stops BIND.

It can be noted that the memcpy() function of the GNU glibc 2.18 was optimized, and that it manages ranges in a different way. It appears that only BIND compiled with this libc version is vulnerable.

When an authoritative BIND server manages a zone signed with NSEC3, an attacker can therefore send a special query, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HP-UX: