The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability CVE-2014-1568

NSS, CyaSSL, GnuTLS: bypassing the certification chain via ASN.1

Synthesis of the vulnerability

An attacker can create a malicious X.509 certificate, which is accepted as valid, in order to deceive services using the RSA signature (such as SSL/TLS sessions).
Impacted products: Debian, Fedora, Junos Space, Firefox, NSS, SeaMonkey, Thunderbird, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Creation date: 25/09/2014.
Identifiers: BERserk, CERTFR-2014-AVI-401, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, CVE-2014-1568, DSA-3033-1, DSA-3034-1, DSA-3037-1, FEDORA-2014-11518, FEDORA-2014-11565, FEDORA-2014-11744, FEDORA-2014-11745, JSA10698, MDVSA-2014:189, MDVSA-2015:059, MFSA 2014-73, openSUSE-SU-2014:1224-1, openSUSE-SU-2014:1232-1, RHSA-2014:1307-01, RHSA-2014:1354-01, RHSA-2014:1371-01, SSA:2014-267-02, SSA:2014-271-01, SSA:2014-271-02, SSA:2014-271-03, SUSE-SU-2014:1220-1, SUSE-SU-2014:1220-2, SUSE-SU-2014:1220-3, SUSE-SU-2014:1220-4, USN-2360-1, USN-2360-2, USN-2361-1, VIGILANCE-VUL-15400, VU#772676.

Description of the vulnerability

The NSS, CyaSSL and GnuTLS libraries implement cryptographic feature, such as the RSA signature check.

The ASN.1 DigestInfo type is used to represent the hash algorithm and the hash value. The BER ASN.1 encoding allows to encode sizes in several ways. So, the ASN.1 parser reformats data for DigestInfo, without indicating an error. An invalid RSA signature can then be accepted as valid.

An attacker can therefore create a malicious X.509 certificate, which is accepted as valid, in order to deceive services using the RSA signature (such as SSL/TLS sessions).
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-6271

bash: code execution via Environment Variable, ShellShock

Synthesis of the vulnerability

An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, Cisco ASR, Cisco ACE, ASA, IOS XE Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Secure ACS, Cisco CUCM, Cisco Unified CCX, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiManager, FortiManager Virtual Appliance, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, Solaris, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, RHEL, RSA Authentication Manager, ROX, RuggedSwitch, Slackware, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 24/09/2014.
Identifiers: 1141597, 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-ALE-006, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, cisco-sa-20140926-bash, CTX200217, CTX200223, CVE-2014-6271, DSA-3032-1, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, FEDORA-2014-11360, FEDORA-2014-11503, FG-IR-14-030, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2014:186, MDVSA-2015:164, openSUSE-SU-2014:1226-1, openSUSE-SU-2014:1238-1, openSUSE-SU-2014:1308-1, openSUSE-SU-2014:1310-1, pfSense-SA-14_18.packages, RHSA-2014:1293-01, RHSA-2014:1294-01, RHSA-2014:1295-01, RHSA-2014:1354-01, SB10085, ShellShock, sk102673, SOL15629, SSA:2014-267-01, SSA-860967, SUSE-SU-2014:1212-1, SUSE-SU-2014:1213-1, SUSE-SU-2014:1214-1, SUSE-SU-2014:1223-1, T1021272, USN-2362-1, VIGILANCE-VUL-15399, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9, VN-2014-002, VU#252743.

Description of the vulnerability

When bash interpreter is started, environment variables of the parent process are transfered to the current process. For example:
  export A=test
  bash
  echo $A

Functions can also be transfered through environment variables. For example:
  export F='() { echo bonjour; }'
  bash
  F

However, bash loads functions by interpreting the full environment variable. If an environment variable starts with "() {" and ends with "; command", then the command is run when the shell is started.

The main attack vectors are:
 - CGI scripts (Apache mod_cgi, mod_cgid) on a web server (variables: HTTP_header, REMOTE_HOST, SERVER_PROTOCOL)
 - OpenSSH via AcceptEnv (variables : TERM, ForceCommand avec SSH_ORIGINAL_COMMAND)

An attacker can therefore define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 15398

Joomla Face Gallery: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Face Gallery, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 24/09/2014.
Identifiers: VIGILANCE-VUL-15398.

Description of the vulnerability

The Joomla Face Gallery product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Face Gallery, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-6632

Joomla Core: unauthorised authentication via LDAP

Synthesis of the vulnerability

An attacker can use a LDAP authentication on Joomla Core, in order to access to the service.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 24/09/2014.
Identifiers: CVE-2014-6632, VIGILANCE-VUL-15397.

Description of the vulnerability

The Joomla product can use LDAP to authenticate users.

However, an unauthorised user can log in via LDAP.

An attacker can therefore use a LDAP authentication on Joomla Core, in order to access to the service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-6631 CVE-2014-7982

Joomla Core: Cross Site Scripting of com_media

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in com_media of Joomla Core, in order to execute JavaScript code in the context of the web site.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 24/09/2014.
Identifiers: CVE-2014-6631, CVE-2014-7982, VIGILANCE-VUL-15396.

Description of the vulnerability

The Core extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in com_media of Joomla Core, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-7185

Python: integer overflow of buffer

Synthesis of the vulnerability

An attacker can generate an integer overflow in the buffer() function of Python, in order to obtain sensitive information processed by the program.
Impacted products: BIG-IP Hardware, TMOS, Fedora, openSUSE, Solaris, Python, RHEL, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 24/09/2014.
Identifiers: CVE-2014-7185, FEDORA-2014-11522, FEDORA-2014-11559, K78825687, MDVSA-2014:197, MDVSA-2015:075, openSUSE-SU-2014:1292-1, openSUSE-SU-2014:1734-1, RHSA-2015:1064-01, RHSA-2015:1330-01, RHSA-2015:2101-01, USN-2653-1, VIGILANCE-VUL-15395.

Description of the vulnerability

The Python language offers the buffer() function to create an array.

However, if the requested size is too large, a multiplication overflows, and when this array is read another memory fragment is returned.

An attacker can therefore generate an integer overflow in the buffer() function of Python, in order to obtain sensitive information processed by the program.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-6273

apt: buffer overflow of HTTP

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the HTTP client of apt, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, denial of service on client.
Provenance: internet server.
Creation date: 24/09/2014.
Identifiers: CVE-2014-6273, DSA-3031-1, USN-2353-1, VIGILANCE-VUL-15394.

Description of the vulnerability

The apt product downloads packages by connecting to a web server.

However, if an attacker can be located as a Man-in-the-middle, he can return to apt data with a size greater than the size of the storage array, so an overflow occurs.

An attacker can therefore generate a buffer overflow in the HTTP client of apt, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-3558

Hibernate Validator: privilege escalation via ReflectionHelper

Synthesis of the vulnerability

An attacker can use ReflectionHelper of Hibernate Validator, in order to escalate his privileges.
Impacted products: RHEL, JBoss EAP by Red Hat, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 24/09/2014.
Identifiers: CVE-2014-3558, RHSA-2014:1285-01, RHSA-2014:1286-01, RHSA-2014:1287-01, RHSA-2014:1288-01, RHSA-2015:0125-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0720-01, VIGILANCE-VUL-15393.

Description of the vulnerability

The Hibernate Validator product is used to define constraints on an application.

However, a deployed application can use Org.hibernate.validator.util.ReflectionHelper to access to other applications in the container.

An attacker can therefore use ReflectionHelper of Hibernate Validator, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-7156

Xen: denial of service via x86 Software Interrupts

Synthesis of the vulnerability

An attacker in a HVM guest system can generate software interrupts on Xen, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 23/09/2014.
Identifiers: CERTFR-2014-AVI-402, CTX200218, CVE-2014-7156, DSA-3041-1, FEDORA-2014-12000, FEDORA-2014-12036, openSUSE-SU-2014:1279-1, openSUSE-SU-2014:1281-1, VIGILANCE-VUL-15392, XSA-106.

Description of the vulnerability

The Xen product emulates x86 software interrupts.

However, the x86_emulate.c file does not check if users in a HVM guest system are allowed to generate these interruptions.

An attacker in a HVM guest system can therefore generate software interrupts on Xen, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-7155

Xen: privilege escalation via x86 HLT LGDT LIDT LMSW

Synthesis of the vulnerability

An attacker in a HVM guest system can load his own IDT table on Xen, in order to escalate his privileges.
Impacted products: XenServer, Debian, Fedora, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 23/09/2014.
Identifiers: CERTFR-2014-AVI-402, CTX200218, CVE-2014-7155, DSA-3041-1, FEDORA-2014-12000, FEDORA-2014-12036, openSUSE-SU-2014:1279-1, openSUSE-SU-2014:1281-1, VIGILANCE-VUL-15391, XSA-105.

Description of the vulnerability

The Xen product emulates the x86 HLT, LGDT, LIDT (Load Interrupt Descriptor Table) and LMSW instructions.

However, the x86_emulate.c file does not check if users in a HVM guest system are allowed to use these instructions.

An attacker in a HVM guest system can therefore load his own IDT table on Xen, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2900