The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLES

computer vulnerability alert CVE-2013-6420

PHP: memory corruption via openssl_x509_parse

Synthesis of the vulnerability

An attacker can generate a memory corruption in the openssl_x509_parse() function of PHP, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, MBS, MES, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 11/12/2013.
Identifiers: 1036830, BID-64225, CERTFR-2014-AVI-244, CVE-2013-6420, DSA-2816-1, FEDORA-2013-23164, FEDORA-2013-23208, FEDORA-2013-23215, MDVSA-2013:298, MDVSA-2014:014, openSUSE-SU-2013:1963-1, openSUSE-SU-2013:1964-1, RHSA-2013:1813-01, RHSA-2013:1814-01, RHSA-2013:1815-01, RHSA-2013:1824-01, RHSA-2013:1825-01, RHSA-2013:1826-01, SSA:2014-013-03, SUSE-SU-2014:0873-1, SUSE-SU-2014:0873-2, VIGILANCE-VUL-13936.

Description of the vulnerability

The openssl extension of PHP processes X.509 certificates, which are for example sent by the client.

The openssl_x509_parse() function of the ext/openssl/openssl.c file extracts the timestamp from the certificate. However, this function does not check if types and sizes of the field are coherent.

An attacker can therefore generate a memory corruption in the openssl_x509_parse() function of PHP, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability CVE-2013-5609 CVE-2013-5610 CVE-2013-5611

Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox, Thunderbird and SeaMonkey.
Impacted products: Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Creation date: 10/12/2013.
Identifiers: BID-64203, BID-64204, BID-64205, BID-64206, BID-64207, BID-64209, BID-64210, BID-64211, BID-64212, BID-64213, BID-64214, BID-64215, BID-64216, CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673, FEDORA-2013-23122, FEDORA-2013-23127, FEDORA-2013-23291, FEDORA-2013-23295, FEDORA-2013-23519, FEDORA-2013-23591, FEDORA-2013-23601, FEDORA-2013-23654, MFSA 2013-104, MFSA 2013-105, MFSA 2013-106, MFSA 2013-107, MFSA 2013-108, MFSA 2013-109, MFSA 2013-110, MFSA 2013-111, MFSA 2013-112, MFSA 2013-113, MFSA 2013-114, MFSA 2013-115, MFSA 2013-116, MFSA 2013-117, openSUSE-SU-2013:1871-1, openSUSE-SU-2013:1916-1, openSUSE-SU-2013:1917-1, openSUSE-SU-2013:1918-1, openSUSE-SU-2013:1957-1, openSUSE-SU-2013:1958-1, openSUSE-SU-2013:1959-1, openSUSE-SU-2014:0008-1, openSUSE-SU-2014:1100-1, RHSA-2013:1812-01, RHSA-2013:1823-01, RHSA-2014:0982-01, SSA:2013-350-04, SSA:2013-350-05, SSA:2013-350-07, SUSE-SU-2013:1919-1, VIGILANCE-VUL-13925.

Description of the vulnerability

Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64204, BID-64206, CVE-2013-5609, CVE-2013-5610, MFSA 2013-104]

An attacker can use doorhanger, in order to execute code. [severity:2/4; BID-64214, CVE-2013-5611, MFSA 2013-105]

An attacker can trigger a Cross Site Scripting via a Character Encoding, in order to execute JavaScript code in the context of the web site. [severity:1/4; BID-64205, CVE-2013-5612, MFSA 2013-106]

An attacker can use a vulnerability of the Sandbox, in order to escalate his privileges. [severity:1/4; BID-64207, CVE-2013-5614, MFSA 2013-107]

An attacker can use a freed memory area in an Event Listener, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64209, CVE-2013-5616, MFSA 2013-108]

An attacker can use a freed memory area in during Table Editing, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64211, CVE-2013-5618, MFSA 2013-109]

An attacker can generate a buffer overflow in JavaScript, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-64215, CVE-2013-5619, MFSA 2013-110]

An attacker can generate a memory corruption during the ordering of a list, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64212, CVE-2013-6671, MFSA 2013-111]

An attacker can use the Linux Clipboard, in order to obtain sensitive information. [severity:1/4; BID-64210, CVE-2013-6672, MFSA 2013-112]

An attacker can use an EV certificate, which is not correctly validated. [severity:2/4; BID-64213, CVE-2013-6673, MFSA 2013-113]

An attacker can use a freed memory area in Synthetic Mouse Movement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64203, CVE-2013-5613, MFSA 2013-114]

An unknown vulnerability was announced in GetElementIC. [severity:3/4; BID-64216, CVE-2013-5615, MFSA 2013-115]

An attacker can use JPEG, in order to obtain sensitive information. [severity:3/4; CVE-2013-6629, CVE-2013-6630, MFSA 2013-116]

The IGC/A (AC DGTPE Signature Authentification) intermediary certification authority (AC DG Trésor SSL) emitted certificates to spoof several Google domains (VIGILANCE-VUL-13894). [severity:2/4; MFSA 2013-117]
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability announce CVE-2013-6400

Xen: privilege escalation via IOMMU TLB Flushing

Synthesis of the vulnerability

An attacker located in a guest system can use a PCI device, to access to the Xen host TLB memory, in order to trigger a denial of service or to escalate his privileges.
Impacted products: Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 2/4.
Creation date: 10/12/2013.
Identifiers: BID-64195, CERTA-2013-AVI-673, CVE-2013-6400, FEDORA-2013-23251, FEDORA-2013-23457, FEDORA-2013-23466, openSUSE-SU-2014:0482-1, openSUSE-SU-2014:0483-1, SUSE-SU-2014:0372-1, SUSE-SU-2014:0373-1, VIGILANCE-VUL-13897, XSA-80.

Description of the vulnerability

The IOMMU (input/output memory management unit) uses memory areas of type TLB (translation look-aside buffer).

These TLB have to be flushed (updated). However, with an Intel VT-d processor, some TLB are not always flushed.

An attacker located in a guest system can therefore use a PCI device, to access to the Xen host TLB memory, in order to trigger a denial of service or to escalate his privileges.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note 13894

SSL: revocation of IGC/A AC DG Trésor SSL

Synthesis of the vulnerability

The IGC/A (AC DGTPE Signature Authentification) intermediary certification authority (AC DG Trésor SSL) emitted certificates to spoof several Google domains.
Impacted products: Fedora, MBS, MES, Windows 2003, Windows 2008 R0, Windows 2008 R2, Microsoft Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP, Firefox, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 10/12/2013.
Identifiers: 2916652, FEDORA-2013-23532, FEDORA-2013-23567, FEDORA-2013-23575, FEDORA-2013-23683, FEDORA-2013-23900, FEDORA-2013-23922, MDVSA-2013:301, openSUSE-SU-2013:1868-1, openSUSE-SU-2013:1870-1, openSUSE-SU-2013:1891-1, RHSA-2013:1861-01, RHSA-2013:1866-01, SUSE-SU-2013:1920-1, SUSE-SU-2014:0025-1, VIGILANCE-VUL-13894.

Description of the vulnerability

The IGC/A (AC DGTPE Signature Authentification) intermediary certification authority (AC DG Trésor SSL) emitted certificates to spoof several Google domains (VIGILANCE-ACTU-4179).

It is thus recommended to delete this certification authority.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability announce CVE-2013-4408

Samba: buffer overflow of DCE-RPC Fragment

Synthesis of the vulnerability

An attacker can act as a Man-in-the-middle, to generate a buffer overflow in Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Impacted products: Debian, Fedora, HP-UX, MBS, openSUSE, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 09/12/2013.
Identifiers: BID-64191, c04396638, CERTA-2013-AVI-658, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2013-4408, DSA-2812-1, FEDORA-2013-23085, FEDORA-2013-23177, HPSBUX03087, MDVSA-2013:299, openSUSE-SU-2013:1742-1, openSUSE-SU-2013:1921-1, openSUSE-SU-2014:0405-1, RHSA-2013:1805-01, RHSA-2013:1806-01, RHSA-2014:0009-01, SSA:2014-013-04, SSRT101413, SUSE-SU-2014:0024-1, VIGILANCE-VUL-13887.

Description of the vulnerability

When a Samba server is configured to join an Active Directory domain, the winbindd daemon uses the DCE-RPC protocol to exchange with the AD.

However, the Samba DCE-RPC code does not correctly check the size of fragments coming from the AD, which triggers an overflow.

An attacker can therefore act as a Man-in-the-middle, to generate a buffer overflow in Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability bulletin CVE-2012-6150

Samba pam_winbind: privilege escalation via require_membership_of

Synthesis of the vulnerability

When pam_winbind is configured with require_membership_of indicating an invalid group, an attacker who has a domain account can authenticate locally.
Impacted products: Fedora, HP-UX, MBS, openSUSE, Solaris, RHEL, Samba, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 03/12/2013.
Identifiers: BID-64101, c04396638, CERTA-2013-AVI-658, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2012-6150, FEDORA-2013-23085, FEDORA-2013-23177, HPSBUX03087, MDVSA-2013:299, openSUSE-SU-2013:1742-1, openSUSE-SU-2013:1921-1, openSUSE-SU-2014:0405-1, RHSA-2014:0330-01, RHSA-2014:0383-01, SSRT101413, SUSE-SU-2014:0024-1, VIGILANCE-VUL-13858.

Description of the vulnerability

The pam_winbind module is provided by Samba. It is used to authenticate a user on a domain.

The "require_membership_of" configuration directive requires users to be member of a group to allow the access. However, if the indicated group name does not exist, the access is allowed.

When pam_winbind is configured with require_membership_of indicating an invalid group, an attacker who has a domain account can therefore authenticate locally.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2013-6885

Xen: denial of service via AMD Erratum 793

Synthesis of the vulnerability

An attacker in a Xen guest system can generate the AMD Erratum 793 error, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 2/4.
Creation date: 02/12/2013.
Identifiers: CERTA-2013-AVI-653, CERTFR-2014-AVI-039, CERTFR-2015-AVI-026, CTX140038, CVE-2013-6885, DSA-3128-1, FEDORA-2013-22866, FEDORA-2013-22888, openSUSE-SU-2014:0482-1, openSUSE-SU-2014:0483-1, openSUSE-SU-2014:0677-1, openSUSE-SU-2014:0678-1, openSUSE-SU-2014:0766-1, RHSA-2014:0285-01, SUSE-SU-2014:0372-1, SUSE-SU-2014:0373-1, SUSE-SU-2014:0411-1, SUSE-SU-2014:0446-1, SUSE-SU-2014:0459-1, SUSE-SU-2014:0470-1, SUSE-SU-2014:0531-1, SUSE-SU-2014:0537-1, SUSE-SU-2014:0696-1, SUSE-SU-2014:0807-1, VIGILANCE-VUL-13856, XSA-82.

Description of the vulnerability

The Xen product can be installed on an AMD processor.

The error AMD Erratum 793 "Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang" stops the processor. However, an attacker in a Xen guest system can trigger this fatal error on the host.

An attacker in a Xen guest system can therefore generate the AMD Erratum 793 error, in order to trigger a denial of service.

This vulnerability has the same origin than VIGILANCE-VUL-14189.
Complete Vigil@nce bulletin.... (free trial)

vulnerability CVE-2013-7027

Linux kernel: denial of service via radiotap

Synthesis of the vulnerability

An attacker can use the radiotap feature of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, openSUSE, SLES, Ubuntu.
Severity: 2/4.
Creation date: 02/12/2013.
Identifiers: BID-64013, BID-64800, CERTFR-2014-AVI-106, CVE-2013-7027, openSUSE-SU-2014:0204-1, openSUSE-SU-2014:0247-1, SUSE-SU-2014:0807-1, USN-2128-1, USN-2129-1, VIGILANCE-VUL-13850.

Description of the vulnerability

The radiotap feature is used to inject and read IEEE 802.11 frames.

The ieee80211_radiotap_iterator_init() function does not check if the data size is too large. It then tries to write 4 bytes at a read-only memory address.

An attacker can therefore use the radiotap feature of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free trial)

computer vulnerability alert CVE-2013-2929

Linux kernel: privilege escalation via get_dumpable

Synthesis of the vulnerability

When the sysctl fs/suid_dumpable is set to 2 (SUID_DUMP_ROOT), a local attacker can dump a suid program, in order to retrieve information to escalate his privileges.
Impacted products: Debian, Linux, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 02/12/2013.
Identifiers: BID-64111, CERTA-2013-AVI-655, CERTFR-2014-AVI-106, CVE-2013-2929, DSA-2906-1, MDVSA-2013:291, openSUSE-SU-2015:0566-1, RHSA-2014:0100-01, RHSA-2014:0159-01, RHSA-2014:0285-01, RHSA-2014:1971-01, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, SUSE-SU-2015:0481-1, USN-2128-1, USN-2129-1, VIGILANCE-VUL-13846.

Description of the vulnerability

The get_dumpable() function indicates if a user is allowed to dump a running program.

However, it is incorrectly used in two places.

When the sysctl fs/suid_dumpable is set to 2 (SUID_DUMP_ROOT), a local attacker can therefore dump a suid program, in order to retrieve information to escalate his privileges.
Complete Vigil@nce bulletin.... (free trial)

vulnerability note CVE-2013-7263 CVE-2013-7264 CVE-2013-7265

Linux kernel: memory reading via recv

Synthesis of the vulnerability

A local attacker can call functions of the recv family on the Linux kernel, in order to read fragments of the kernel memory.
Impacted products: Debian, BIG-IP Appliance, Fedora, Linux, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 29/11/2013.
Identifiers: BID-63999, BID-64034, BID-64677, BID-64685, BID-64686, CERTA-2014-AVI-010, CERTFR-2014-AVI-107, CERTFR-2015-AVI-165, CVE-2013-6405-REJECT, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281, DSA-2906-1, FEDORA-2013-22669, FEDORA-2013-22695, FEDORA-2013-23445, FEDORA-2013-23653, MDVSA-2014:001, openSUSE-SU-2014:0678-1, openSUSE-SU-2014:0766-1, openSUSE-SU-2015:0566-1, RHSA-2014:0159-01, RHSA-2014:0285-01, RHSA-2014:0439-01, SOL15983, SOL15984, SUSE-SU-2014:0459-1, SUSE-SU-2014:0531-1, SUSE-SU-2014:0537-1, SUSE-SU-2014:0696-1, SUSE-SU-2014:0807-1, SUSE-SU-2014:1693-1, SUSE-SU-2014:1693-2, SUSE-SU-2014:1695-1, SUSE-SU-2014:1695-2, SUSE-SU-2014:1698-1, SUSE-SU-2015:0068-1, SUSE-SU-2015:0481-1, SUSE-SU-2015:0581-1, SUSE-SU-2015:0652-1, SUSE-SU-2015:0736-1, USN-2135-1, USN-2136-1, USN-2138-1, USN-2139-1, USN-2141-1, VIGILANCE-VUL-13844.

Description of the vulnerability

The recvmsg(), recvfrom() and recvmmsg() functions are used to receive data from a network socket.

However, these functions do not correctly check the size of sockaddr_in and sockaddr_in6 data strutures. Some bytes are thus not initialized before being returned to the user.

A local attacker can therefore call functions of the recv family on the Linux kernel, in order to read fragments of the kernel memory.
Complete Vigil@nce bulletin.... (free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLES: