The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLES

vulnerability announce CVE-2014-1493 CVE-2014-1494 CVE-2014-1496

Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox, Thunderbird and SeaMonkey.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 18/03/2014.
Identifiers: CERTFR-2014-AVI-133, CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1501, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1506, CVE-2014-1507, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514, DSA-2881-1, DSA-2911-1, FEDORA-2014-4106, FEDORA-2014-4330, FEDORA-2014-4338, MFSA 2014-15, MFSA 2014-16, MFSA 2014-17, MFSA 2014-18, MFSA 2014-19, MFSA 2014-20, MFSA 2014-21, MFSA 2014-22, MFSA 2014-23, MFSA 2014-24, MFSA 2014-25, MFSA 2014-26, MFSA 2014-27, MFSA 2014-28, MFSA 2014-29, MFSA 2014-30, MFSA 2014-31, MFSA 2014-32, openSUSE-SU-2014:0419-1, openSUSE-SU-2014:0448-1, openSUSE-SU-2014:1100-1, RHSA-2014:0310-01, RHSA-2014:0316-01, SSA:2014-086-03, SSA:2014-086-05, SSA:2014-086-07, SUSE-SU-2014:0418-1, USN-2150-1, USN-2151-1, VIGILANCE-VUL-14442, ZDI-14-081, ZDI-14-082, ZDI-14-083, ZDI-14-084, ZDI-14-085.

Description of the vulnerability

Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1493, CVE-2014-1494, MFSA 2014-15]

A local attacker can alter a file during the installation. [severity:2/4; CVE-2014-1496, MFSA 2014-16]

An attacker can force a read at an invalid address via a WAV file, in order to trigger a denial of service. [severity:3/4; CVE-2014-1497, MFSA 2014-17]

An attacker can use crypto.generateCRFMRequest, in order to trigger a denial of service. [severity:1/4; CVE-2014-1498, MFSA 2014-18]

An attacker can use WebRTC, in order to deceive the victim. [severity:2/4; CVE-2014-1499, MFSA 2014-19]

An attacker can use onbeforeunload, in order to trigger a denial of service. [severity:1/4; CVE-2014-1500, MFSA 2014-20]

An attacker can use "Open Link in new tab", to read a file, in order to obtain sensitive information. [severity:2/4; CVE-2014-1501, MFSA 2014-21]

An attacker can trigger a Cross Site Scripting in WebGL, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-1502, MFSA 2014-22]

The security policy of "data:" is not restored. [severity:1/4; CVE-2014-1504, MFSA 2014-23]

An attacker can use the Android Crash Reporter, in order to obtain sensitive information. [severity:2/4; CVE-2014-1506, MFSA 2014-24]

An attacker can traverse directories via DeviceStorageFile, in order to read a file outside the root path. [severity:2/4; CVE-2014-1507, MFSA 2014-25]

An attacker can use MathML Polygon, in order to obtain sensitive information. [severity:3/4; CVE-2014-1508, MFSA 2014-26]

An attacker can generate a memory corruption in Cairo, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-1509, MFSA 2014-27]

An attacker can use feDisplacementMap, in order to obtain sensitive information. [severity:3/4; CVE-2014-1505, MFSA 2014-28]

An attacker can use WebIDL-implemented, in order to escalate his privileges. [severity:4/4; CVE-2014-1510, CVE-2014-1511, MFSA 2014-29, ZDI-14-081, ZDI-14-082]

An attacker can use a freed memory area in TypeObject BumpChunk, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1512, MFSA 2014-30, ZDI-14-083]

An attacker can generate a buffer overflow in ArrayBuffer, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1513, MFSA 2014-31, ZDI-14-084]

An attacker can generate a buffer overflow in TypedArrayObject, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1514, MFSA 2014-32, ZDI-14-085]

An attacker can therefore invite the victim to navigate on a malicious site, in order for example to execute code on his computer.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2013-6438

Apache HTTP Server: denial of service via mod_dav

Synthesis of the vulnerability

An attacker can send a DAV WRITE query starting by spaces, in order to trigger a denial of service in mod_dav of Apache HTTP Server.
Impacted products: Apache httpd, BIG-IP Hardware, TMOS, Fedora, HP-UX, NSMXpress, MBS, MES, openSUSE, Solaris, Puppet, RHEL, Red Hat JBoss EAP, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/03/2014.
Identifiers: c04223376, c04483248, CERTFR-2014-AVI-131, CERTFR-2014-AVI-244, CERTFR-2014-AVI-250, CERTFR-2015-AVI-286, CVE-2013-6438, FEDORA-2014-5004, HPSBUX03102, HPSBUX03150, JSA10685, MDVSA-2014:065, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0369-01, RHSA-2014:0370-01, RHSA-2014:0783-01, RHSA-2014:0784-01, RHSA-2014:0825-01, RHSA-2014:0826-01, SOL15300, SSA:2014-086-02, SSRT101681, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2152-1, VIGILANCE-VUL-14439.

Description of the vulnerability

The mod_dav module can be enabled on Apache HTTP Server, to edit documents online.

When data starts by a space, they are removed. However, the size of data is not updated, so the '\0' terminator is written outside the array, which leads to a fatal error.

An attacker can therefore send a DAV WRITE query starting by spaces, in order to trigger a denial of service in mod_dav of Apache HTTP Server.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2014-0098

Apache HTTP Server: denial of service via mod_log_config

Synthesis of the vulnerability

An attacker can use a truncated cookie, in order to trigger a denial of service in mod_log_config of Apache HTTP Server.
Impacted products: Apache httpd, Fedora, HP-UX, NSMXpress, MBS, MES, openSUSE, Solaris, Puppet, RHEL, Red Hat JBoss EAP, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/03/2014.
Identifiers: c04223376, c04483248, CERTFR-2014-AVI-131, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2014-0098, FEDORA-2014-4555, FEDORA-2014-5004, HPSBUX03102, HPSBUX03150, JSA10685, MDVSA-2014:065, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0369-01, RHSA-2014:0370-01, RHSA-2014:0783-01, RHSA-2014:0784-01, RHSA-2014:0825-01, RHSA-2014:0826-01, SSA:2014-086-02, SSRT101681, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2152-1, VIGILANCE-VUL-14438.

Description of the vulnerability

To define cookies, web clients use an HTTP header like:
  Cookie: name=value; name2=value2

The mod_log_config module logs HTTP queries received by Apache httpd. However, if a cookie has no value, a fatal error occurs in the log_cookie() function of the modules/loggers/mod_log_config.c file.

An attacker can therefore use a truncated cookie, in order to trigger a denial of service in mod_log_config of Apache HTTP Server.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2014-2523

Linux kernel: memory corruption via nf_conntrack_proto_dccp

Synthesis of the vulnerability

A remote attacker can generate a memory corruption in nf_conntrack_proto_dccp.c of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, Linux, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 17/03/2014.
Identifiers: CERTFR-2014-AVI-206, CERTFR-2014-AVI-219, CERTFR-2014-AVI-241, CERTFR-2014-AVI-242, CVE-2014-2523, DSA-2906-1, FEDORA-2014-4317, FEDORA-2014-4360, MDVSA-2014:124, openSUSE-SU-2014:0677-1, openSUSE-SU-2014:0678-1, openSUSE-SU-2014:0766-1, RHSA-2014:0439-01, RHSA-2014:0475-01, RHSA-2014:0593-01, RHSA-2014:0634-01, SUSE-SU-2014:0696-1, SUSE-SU-2014:0807-1, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, USN-2173-1, USN-2174-1, USN-2221-1, USN-2223-1, USN-2224-1, USN-2225-1, USN-2227-1, USN-2228-1, VIGILANCE-VUL-14429.

Description of the vulnerability

The DCCP (Datagram Congestion Control Protocol) protocol is used to transmit messages with no sequence.

The Linux netfilter firewall implements the tracking of DCCP sessions in nf_conntrack_proto_dccp.c. However, three functions copy the DCCP packet at an invalid memory address.

A remote attacker can therefore generate a memory corruption in nf_conntrack_proto_dccp.c of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2014-2532

OpenSSH: incorrect filtering of AcceptEnv

Synthesis of the vulnerability

When OpenSSH is configured with AcceptEnv containing a wildcard, an attacker can inject unwanted environment variables, in order for example to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, AIX, Copssh, NSM Central Manager, NSMXpress, MBS, OpenSSH, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 17/03/2014.
Identifiers: CERTFR-2014-AVI-139, CERTFR-2014-AVI-480, CVE-2014-2532, DSA-2894-1, FEDORA-2014-6380, FEDORA-2014-6569, JSA10661, MDVSA-2014:068, MDVSA-2015:095, RHSA-2014:1552-02, SOL15430, SOL15780, SSA:2014-086-06, SUSE-SU-2014:0818-1, USN-2155-1, VIGILANCE-VUL-14428.

Description of the vulnerability

The AcceptEnv directive of OpenSSH indicates a white list of environment variables that the client is allowed to transmit to the session. For example, if sshd_config contains "AcceptEnv VAR" :
  export VAR=hello
  ssh server -o SendEnv=VAR
  > echo $VAR

The AcceptEnv directive can contain wildcards. For example:
  AcceptEnv VARIA*END
However, in this case, characters after the wildcard are ignored, so the directive is equivalent to:
  AcceptEnv VARIA*

When OpenSSH is configured with AcceptEnv containing a wildcard, an attacker can therefore inject unwanted environment variables, in order for example to escalate his privileges.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2014-2497

libgd: NULL pointer dereference via gdImageCreateFromXpm

Synthesis of the vulnerability

An attacker can dereference a NULL pointer in the gdImageCreateFromXpm() function of libgd, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, MBS, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 1/4.
Creation date: 14/03/2014.
Identifiers: 66901, bulletinjan2015, CVE-2014-2497, DSA-3215-1, FEDORA-2014-8458, FEDORA-2015-0432, FEDORA-2015-0503, MDVSA-2014:133, MDVSA-2014:172, MDVSA-2015:153, openSUSE-SU-2014:0784-1, openSUSE-SU-2014:0786-1, RHSA-2014:1326-01, RHSA-2014:1327-01, RHSA-2014:1765-01, RHSA-2014:1766-01, SOL15761, SSA:2014-247-01, SUSE-SU-2014:0868-1, SUSE-SU-2014:0869-1, SUSE-SU-2014:0873-1, SUSE-SU-2014:0873-2, VIGILANCE-VUL-14424.

Description of the vulnerability

The libgd library is used to process images. It is used by PHP.

The gdImageCreateFromXpm() function reads an XPM image. However, it does not check if a pointer is NULL, before using it.

An attacker can therefore dereference a NULL pointer in the gdImageCreateFromXpm() function of libgd, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

vulnerability CVE-2014-0467

Mutt: buffer overflow of mutt_copy_hdr

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the mutt_copy_hdr() function of Mutt, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform).
Severity: 3/4.
Creation date: 14/03/2014.
Identifiers: 1075860, 708731, CVE-2014-0467, DSA-2874-1, FEDORA-2014-5880, FEDORA-2014-6395, FEDORA-2014-6408, openSUSE-SU-2014:0434-1, openSUSE-SU-2014:0436-1, RHSA-2014:0304-01, SSA:2014-071-01, SUSE-SU-2014:0471-1, USN-2147-1, VIGILANCE-VUL-14420.

Description of the vulnerability

The Mutt product is a mail client.

The mutt_copy_hdr() function processes email headers. It is called when the user presses on the "h" key to see headers. However, the header size after the RFC 2047 decoding is not updated. If the size of data is greater than the size of the storage array, an overflow thus occurs.

An attacker can therefore generate a buffer overflow in the mutt_copy_hdr() function of Mutt, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2013-4496

Samba: brute force via SAMR

Synthesis of the vulnerability

An attacker can use SAMR to exploit a brute force, in order to guess the password of a Samba user.
Impacted products: Fedora, MBS, openSUSE, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/03/2014.
Identifiers: CERTFR-2014-AVI-244, CVE-2013-4496, FEDORA-2014-3796, FEDORA-2014-3815, MDVSA-2015:082, openSUSE-SU-2014:0404-1, openSUSE-SU-2014:0405-1, RHSA-2014:0330-01, RHSA-2014:0383-01, SSA:2014-072-01, SUSE-SU-2014:0497-1, USN-2156-1, VIGILANCE-VUL-14408.

Description of the vulnerability

The SAMR (Security Account Manager Remote) protocol is used to manipulate the user database.

An unauthenticated user can call the ChangePasswordUser2 function to change his password. He then has to enter his current password.

However, the account lockout is not managed. An attacker can thus call the function an infinite number of times, until he find the current victim's password.

An attacker can therefore use SAMR to exploit a brute force, in order to guess the password of a Samba user.
Complete Vigil@nce bulletin.... (free trial)

vulnerability alert CVE-2014-0131

Linux kernel: information disclosure via Segmentation Zerocopy

Synthesis of the vulnerability

A local attacker can use fragmented data, in order to obtain memory areas from the Linux kernel memory.
Impacted products: BIG-IP Hardware, TMOS, Fedora, Linux, MBS, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 11/03/2014.
Identifiers: CERTFR-2014-AVI-325, CVE-2014-0131, FEDORA-2014-4317, FEDORA-2014-4360, MDVSA-2014:155, openSUSE-SU-2014:0957-1, openSUSE-SU-2014:0985-1, openSUSE-SU-2015:0566-1, SOL15699, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, SUSE-SU-2015:0481-1, USN-2283-1, USN-2284-1, USN-2285-1, USN-2286-1, USN-2287-1, USN-2289-1, VIGILANCE-VUL-14391.

Description of the vulnerability

A SKB (Socket Kernel Buffer) can store fragmented network data. The Zerocopy feature is used to access to data without performing a copy of the memory area.

However, if a fragmented SKB comes from vhost-net with a Zerocopy, a buffer storing data can be freed, and then returned to the user space.

A local attacker can therefore use fragmented data, in order to obtain memory areas from the Linux kernel memory.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2014-2309

Linux kernel: denial of service via ICMPv6 Router Advertisement

Synthesis of the vulnerability

An attacker can send numerous ICMPv6 Router Advertisement packets, in order to fill the kernel memory, to trigger a denial of service.
Impacted products: Fedora, Linux, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 10/03/2014.
Identifiers: CERTFR-2014-AVI-241, CERTFR-2014-AVI-242, CVE-2014-2309, FEDORA-2014-4317, FEDORA-2014-4360, MDVSA-2014:124, openSUSE-SU-2014:0957-1, openSUSE-SU-2014:0985-1, openSUSE-SU-2015:0566-1, RHSA-2014:0439-01, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, SUSE-SU-2015:0481-1, USN-2221-1, USN-2223-1, USN-2224-1, USN-2225-1, USN-2227-1, USN-2228-1, VIGILANCE-VUL-14386.

Description of the vulnerability

The IPv6 Neighbor Discovery protocol uses 5 types of ICMPv6 packets (RFC 4861):
 - Router Solicitation : query the Ethernet address of a gateway
 - Router Advertisement : answer/announce indicating the gateway
 - etc.

When the Linux kernel receives a Router Advertisement packet, it adds a router in its table. However, there is no limit on the number of routers which can be added.

An attacker can therefore send numerous ICMPv6 Router Advertisement packets, in order to fill the kernel memory, to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLES: