The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLES

vulnerability bulletin CVE-2013-7266 CVE-2013-7267 CVE-2013-7268

Linux kernel: memory reading via recv

Synthesis of the vulnerability

A local attacker can call functions of the recv family on the Linux kernel, in order to read fragments of the kernel memory.
Impacted products: Linux, MBS, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 31/12/2013.
Identifiers: BID-64669, BID-64739, BID-64741, BID-64742, BID-64743, BID-64744, BID-64746, BID-64747, CERTA-2014-AVI-010, CERTFR-2014-AVI-106, CERTFR-2014-AVI-107, CVE-2013-6463-REJECT, CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269, CVE-2013-7270, CVE-2013-7271, MDVSA-2014:001, openSUSE-SU-2014:1246-1, SUSE-SU-2014:1138-1, SUSE-SU-2015:0812-1, USN-2128-1, USN-2129-1, USN-2135-1, USN-2136-1, USN-2138-1, USN-2139-1, USN-2141-1, VIGILANCE-VUL-14003.

Description of the vulnerability

The recvmsg() and recvfrom() functions are used to receive data from a network socket.

However, these functions do not correctly check the size of the msg_name length (msg_namelen). Some bytes are thus not initialized before being returned to the user.

A local attacker can therefore call functions of the recv family on the Linux kernel, in order to read fragments of the kernel memory.
Complete Vigil@nce bulletin.... (free trial)

vulnerability CVE-2013-4164 CVE-2013-4363 CVE-2013-4969

Puppet Enterprise 2.8: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Puppet Enterprise 2.8.
Impacted products: Debian, MBS, Puppet, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 30/12/2013.
Identifiers: BID-63873, BID-64552, CERTA-2013-AVI-647, CERTA-2013-AVI-687, CVE-2013-4164, CVE-2013-4363, CVE-2013-4969, CVE-2013-6415, CVE-2013-6417, DSA-2831-1, DSA-2831-2, MDVSA-2014:040, SUSE-SU-2014:0880-1, VIGILANCE-VUL-14000.

Description of the vulnerability

Several vulnerabilities were announced in Puppet Enterprise 2.8.

An attacker can generate a buffer overflow during the conversion of real number by Ruby, in order to trigger a denial of service, and possibly to execute code (VIGILANCE-VUL-13817). [severity:2/4; BID-63873, CERTA-2013-AVI-647, CVE-2013-4164]

An attacker can use a regular expression in RubyGems, in order to trigger a denial of service. [severity:2/4; CVE-2013-4363]

An attacker can use a symbolic link, in order to corrupt a file. [severity:2/4; BID-64552, CVE-2013-4969]

An attacker can trigger a Cross Site Scripting in Ruby on Rails, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-6415]

An attacker can use a SQL injection in Rack and Rails, in order to read or alter data. [severity:2/4; CVE-2013-6417]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability note CVE-2013-4164 CVE-2013-4363 CVE-2013-4491

Puppet Enterprise 3.1: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Puppet Enterprise 3.1.
Impacted products: Fedora, Puppet, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 30/12/2013.
Identifiers: BID-63873, BID-64552, CERTA-2013-AVI-647, CERTA-2013-AVI-687, CVE-2013-4164, CVE-2013-4363, CVE-2013-4491, CVE-2013-4969, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417, FEDORA-2014-0825, FEDORA-2014-0850, SUSE-SU-2014:0880-1, VIGILANCE-VUL-13999.

Description of the vulnerability

Several vulnerabilities were announced in Puppet Enterprise 3.1.

An attacker can generate a buffer overflow during the conversion of real number by Ruby, in order to trigger a denial of service, and possibly to execute code (VIGILANCE-VUL-13817). [severity:2/4; BID-63873, CERTA-2013-AVI-647, CVE-2013-4164]

An attacker can use a regular expression in RubyGems, in order to trigger a denial of service. [severity:2/4; CVE-2013-4363]

An attacker can trigger a Cross Site Scripting in Ruby on Rails, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-4491]

An attacker can use a symbolic link, in order to corrupt a file. [severity:2/4; BID-64552, CVE-2013-4969]

An attacker can use an invalid MIME type in Action View, in order to trigger a denial of service. [severity:2/4; CVE-2013-6414]

An attacker can trigger a Cross Site Scripting in Ruby on Rails, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-6415]

An attacker can use a SQL injection in Rack and Rails, in order to read or alter data. [severity:2/4; CVE-2013-6417]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability CVE-2013-6368

Linux kernel: memory corruption via vapic_addr

Synthesis of the vulnerability

A local attacker can generate a memory corruption via vapic_addr in the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Fedora, Linux, MBS, openSUSE, RHEL, SLES, Ubuntu.
Severity: 2/4.
Creation date: 13/12/2013.
Identifiers: 1032210, BID-64291, CERTA-2014-AVI-010, CERTFR-2014-AVI-107, CVE-2013-6368, FEDORA-2013-23445, FEDORA-2013-23653, MDVSA-2014:001, openSUSE-SU-2014:0204-1, openSUSE-SU-2014:0205-1, openSUSE-SU-2014:0247-1, RHSA-2013:1801-01, RHSA-2014:0163-01, RHSA-2014:0284-01, SUSE-SU-2014:0537-1, USN-2133-1, USN-2134-1, USN-2135-1, USN-2136-1, USN-2138-1, USN-2139-1, USN-2141-1, VIGILANCE-VUL-13945.

Description of the vulnerability

The KVM (Kernel Virtual Machine) feature is used for virtualization.

The kvm_lapic_sync_from_vapic() and kvm_lapic_sync_to_vapic() functions of the arch/x86/kvm/lapic.c file use the vcpu->arch.apic->vapic_addr variable to compute the offset in a memory page. However, if this value is at the end of a page, an error occurs.

A local attacker can therefore generate a memory corruption via vapic_addr in the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2013-6420

PHP: memory corruption via openssl_x509_parse

Synthesis of the vulnerability

An attacker can generate a memory corruption in the openssl_x509_parse() function of PHP, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, MBS, MES, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 11/12/2013.
Identifiers: 1036830, BID-64225, CERTFR-2014-AVI-244, CVE-2013-6420, DSA-2816-1, FEDORA-2013-23164, FEDORA-2013-23208, FEDORA-2013-23215, MDVSA-2013:298, MDVSA-2014:014, openSUSE-SU-2013:1963-1, openSUSE-SU-2013:1964-1, RHSA-2013:1813-01, RHSA-2013:1814-01, RHSA-2013:1815-01, RHSA-2013:1824-01, RHSA-2013:1825-01, RHSA-2013:1826-01, SSA:2014-013-03, SUSE-SU-2014:0873-1, SUSE-SU-2014:0873-2, VIGILANCE-VUL-13936.

Description of the vulnerability

The openssl extension of PHP processes X.509 certificates, which are for example sent by the client.

The openssl_x509_parse() function of the ext/openssl/openssl.c file extracts the timestamp from the certificate. However, this function does not check if types and sizes of the field are coherent.

An attacker can therefore generate a memory corruption in the openssl_x509_parse() function of PHP, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability CVE-2013-5609 CVE-2013-5610 CVE-2013-5611

Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox, Thunderbird and SeaMonkey.
Impacted products: Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Creation date: 10/12/2013.
Identifiers: BID-64203, BID-64204, BID-64205, BID-64206, BID-64207, BID-64209, BID-64210, BID-64211, BID-64212, BID-64213, BID-64214, BID-64215, BID-64216, CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673, FEDORA-2013-23122, FEDORA-2013-23127, FEDORA-2013-23291, FEDORA-2013-23295, FEDORA-2013-23519, FEDORA-2013-23591, FEDORA-2013-23601, FEDORA-2013-23654, MFSA 2013-104, MFSA 2013-105, MFSA 2013-106, MFSA 2013-107, MFSA 2013-108, MFSA 2013-109, MFSA 2013-110, MFSA 2013-111, MFSA 2013-112, MFSA 2013-113, MFSA 2013-114, MFSA 2013-115, MFSA 2013-116, MFSA 2013-117, openSUSE-SU-2013:1871-1, openSUSE-SU-2013:1916-1, openSUSE-SU-2013:1917-1, openSUSE-SU-2013:1918-1, openSUSE-SU-2013:1957-1, openSUSE-SU-2013:1958-1, openSUSE-SU-2013:1959-1, openSUSE-SU-2014:0008-1, openSUSE-SU-2014:1100-1, RHSA-2013:1812-01, RHSA-2013:1823-01, RHSA-2014:0982-01, SSA:2013-350-04, SSA:2013-350-05, SSA:2013-350-07, SUSE-SU-2013:1919-1, VIGILANCE-VUL-13925.

Description of the vulnerability

Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64204, BID-64206, CVE-2013-5609, CVE-2013-5610, MFSA 2013-104]

An attacker can use doorhanger, in order to execute code. [severity:2/4; BID-64214, CVE-2013-5611, MFSA 2013-105]

An attacker can trigger a Cross Site Scripting via a Character Encoding, in order to execute JavaScript code in the context of the web site. [severity:1/4; BID-64205, CVE-2013-5612, MFSA 2013-106]

An attacker can use a vulnerability of the Sandbox, in order to escalate his privileges. [severity:1/4; BID-64207, CVE-2013-5614, MFSA 2013-107]

An attacker can use a freed memory area in an Event Listener, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64209, CVE-2013-5616, MFSA 2013-108]

An attacker can use a freed memory area in during Table Editing, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64211, CVE-2013-5618, MFSA 2013-109]

An attacker can generate a buffer overflow in JavaScript, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-64215, CVE-2013-5619, MFSA 2013-110]

An attacker can generate a memory corruption during the ordering of a list, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64212, CVE-2013-6671, MFSA 2013-111]

An attacker can use the Linux Clipboard, in order to obtain sensitive information. [severity:1/4; BID-64210, CVE-2013-6672, MFSA 2013-112]

An attacker can use an EV certificate, which is not correctly validated. [severity:2/4; BID-64213, CVE-2013-6673, MFSA 2013-113]

An attacker can use a freed memory area in Synthetic Mouse Movement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64203, CVE-2013-5613, MFSA 2013-114]

An unknown vulnerability was announced in GetElementIC. [severity:3/4; BID-64216, CVE-2013-5615, MFSA 2013-115]

An attacker can use JPEG, in order to obtain sensitive information. [severity:3/4; CVE-2013-6629, CVE-2013-6630, MFSA 2013-116]

The IGC/A (AC DGTPE Signature Authentification) intermediary certification authority (AC DG Trésor SSL) emitted certificates to spoof several Google domains (VIGILANCE-VUL-13894). [severity:2/4; MFSA 2013-117]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability announce CVE-2013-6400

Xen: privilege escalation via IOMMU TLB Flushing

Synthesis of the vulnerability

An attacker located in a guest system can use a PCI device, to access to the Xen host TLB memory, in order to trigger a denial of service or to escalate his privileges.
Impacted products: Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 2/4.
Creation date: 10/12/2013.
Identifiers: BID-64195, CERTA-2013-AVI-673, CVE-2013-6400, FEDORA-2013-23251, FEDORA-2013-23457, FEDORA-2013-23466, openSUSE-SU-2014:0482-1, openSUSE-SU-2014:0483-1, SUSE-SU-2014:0372-1, SUSE-SU-2014:0373-1, VIGILANCE-VUL-13897, XSA-80.

Description of the vulnerability

The IOMMU (input/output memory management unit) uses memory areas of type TLB (translation look-aside buffer).

These TLB have to be flushed (updated). However, with an Intel VT-d processor, some TLB are not always flushed.

An attacker located in a guest system can therefore use a PCI device, to access to the Xen host TLB memory, in order to trigger a denial of service or to escalate his privileges.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note 13894

SSL: revocation of IGC/A AC DG Trésor SSL

Synthesis of the vulnerability

The IGC/A (AC DGTPE Signature Authentification) intermediary certification authority (AC DG Trésor SSL) emitted certificates to spoof several Google domains.
Impacted products: Fedora, MBS, MES, Windows 2003, Windows 2008 R0, Windows 2008 R2, Microsoft Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP, Firefox, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 10/12/2013.
Identifiers: 2916652, FEDORA-2013-23532, FEDORA-2013-23567, FEDORA-2013-23575, FEDORA-2013-23683, FEDORA-2013-23900, FEDORA-2013-23922, MDVSA-2013:301, openSUSE-SU-2013:1868-1, openSUSE-SU-2013:1870-1, openSUSE-SU-2013:1891-1, RHSA-2013:1861-01, RHSA-2013:1866-01, SUSE-SU-2013:1920-1, SUSE-SU-2014:0025-1, VIGILANCE-VUL-13894.

Description of the vulnerability

The IGC/A (AC DGTPE Signature Authentification) intermediary certification authority (AC DG Trésor SSL) emitted certificates to spoof several Google domains (VIGILANCE-ACTU-4179).

It is thus recommended to delete this certification authority.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability announce CVE-2013-4408

Samba: buffer overflow of DCE-RPC Fragment

Synthesis of the vulnerability

An attacker can act as a Man-in-the-middle, to generate a buffer overflow in Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Impacted products: Debian, Fedora, HP-UX, MBS, openSUSE, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 09/12/2013.
Identifiers: BID-64191, c04396638, CERTA-2013-AVI-658, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2013-4408, DSA-2812-1, FEDORA-2013-23085, FEDORA-2013-23177, HPSBUX03087, MDVSA-2013:299, openSUSE-SU-2013:1742-1, openSUSE-SU-2013:1921-1, openSUSE-SU-2014:0405-1, RHSA-2013:1805-01, RHSA-2013:1806-01, RHSA-2014:0009-01, SSA:2014-013-04, SSRT101413, SUSE-SU-2014:0024-1, VIGILANCE-VUL-13887.

Description of the vulnerability

When a Samba server is configured to join an Active Directory domain, the winbindd daemon uses the DCE-RPC protocol to exchange with the AD.

However, the Samba DCE-RPC code does not correctly check the size of fragments coming from the AD, which triggers an overflow.

An attacker can therefore act as a Man-in-the-middle, to generate a buffer overflow in Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2012-6150

Samba pam_winbind: privilege escalation via require_membership_of

Synthesis of the vulnerability

When pam_winbind is configured with require_membership_of indicating an invalid group, an attacker who has a domain account can authenticate locally.
Impacted products: Fedora, HP-UX, MBS, openSUSE, Solaris, RHEL, Samba, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 03/12/2013.
Identifiers: BID-64101, c04396638, CERTA-2013-AVI-658, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2012-6150, FEDORA-2013-23085, FEDORA-2013-23177, HPSBUX03087, MDVSA-2013:299, openSUSE-SU-2013:1742-1, openSUSE-SU-2013:1921-1, openSUSE-SU-2014:0405-1, RHSA-2014:0330-01, RHSA-2014:0383-01, SSRT101413, SUSE-SU-2014:0024-1, VIGILANCE-VUL-13858.

Description of the vulnerability

The pam_winbind module is provided by Samba. It is used to authenticate a user on a domain.

The "require_membership_of" configuration directive requires users to be member of a group to allow the access. However, if the indicated group name does not exist, the access is allowed.

When pam_winbind is configured with require_membership_of indicating an invalid group, an attacker who has a domain account can therefore authenticate locally.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLES: