The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

security threat CVE-2015-4241

Cisco Adaptive Security Appliance: denial of service via OSPFv2

Synthesis of the vulnerability

An attacker can send a specially crafted OSPFv2 packet to a device running Cisco Adaptive Security Appliance Software, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 08/07/2015.
Identifiers: 39641, CVE-2015-4241, VIGILANCE-VUL-17325.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco Adaptive Security Appliance product implements the routing prototol OSPF version 2.

However, the server process does not handle some kinds of error in the packet format. When a packet matching one of these special cases is received, a fatal error occurs. This leads to device halt then device restart.

This vulverabiliry looks very like the one described in VIGILANCE-VUL-17301. (The two Cisco announces are almost word as word identical.)

An attacker can therefore send a specially crafted OSPFv2 packet to a device running Cisco Adaptive Security Appliance Software, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2015-4240

Cisco IP Communicator: denial of service against the Web interface

Synthesis of the vulnerability

An attacker can request a special URL to the Web interface of Cisco IP Communicator, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 08/07/2015.
Identifiers: 39623, CVE-2015-4240, VIGILANCE-VUL-17324.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco IP Communicator product offers a web service.

However, there is a class of URL which make the server crash when it attempts to serve them. One GET request is sufficient to kill the Web service.

An attacker can therefore request a special URL to the Web interface of Cisco IP Communicator, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2015-4243

Cisco IOS XE: denial of service via PPPoE

Synthesis of the vulnerability

An attacker can send a malicious PPPoE packet to a router running Cisco IOS XE, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 08/07/2015.
Identifiers: 39675, CVE-2015-4243, VIGILANCE-VUL-17323.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco IOS XE product may use PPP over Ethernet.

While establishing the PPP connection, and before client authentication, a packet of type Active Discovery Request may be sent. However, IOS XE does not handle some format errors in these packets. A packet matching these conditions make the router crash then restart.

An attacker can therefore send a malicious PPPoE packet to a router running Cisco IOS XE, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2015-5119

Adobe Flash Player: use after free in the ByteArray class

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in the class ByteArray of ActionScript for Adobe Flash Player, in order to trigger a denial of service, and possibly to execute code.
Severity: 4/4.
Creation date: 08/07/2015.
Revisions dates: 08/07/2015, 08/07/2015.
Identifiers: APSA15-03, CERTFR-2015-ALE-005, CVE-2015-5119, openSUSE-SU-2015:1207-1, openSUSE-SU-2015:1210-1, RHSA-2015:1214-01, SUSE-SU-2015:1211-1, SUSE-SU-2015:1214-1, VIGILANCE-VUL-17322, VU#561288.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Adobe Flash Player product includes a library for the applications that it runs.

An attacker can force the usage of a freed memory area in the class ByteArray of ActionScript for Adobe Flash Player, in order to trigger a denial of service, and possibly to execute code.

The vulnerability is reported to be already exploited, see VIGILANCE-ACTU-4837.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2015-5146

NTP.org: denial of service via a nul byte in the configuration

Synthesis of the vulnerability

An attacker can send a configuration packet including nul bytes to the server from NTP.org, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 08/07/2015.
Identifiers: bulletinjan2016, CVE-2015-5146, DSA-3388-1, FEDORA-2015-14212, FEDORA-2015-77bfbc1bcd, SOL17114, SSA:2015-188-03, USN-2783-1, VIGILANCE-VUL-17321.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The NTP server from NTP.org may receive its configuration via the network.

When this function is enabled and the configuration packet is authenticated with a password, the server attempts to update its configuration. However, the parser does not handle all syntax errors: a zero byte in a directive triggers a fatal exception.

An attacker can therefore send a configuration packet including nul bytes to the server from NTP.org, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2015-4620

ISC Bind: denial of service via DNSCEC validation

Synthesis of the vulnerability

An attacker can force an assertion error in the DNSSEC validation of ISC Bind, in order to trigger a denial of service.
Severity: 4/4.
Creation date: 08/07/2015.
Identifiers: BSA-2015-009, c04745746, CVE-2015-4620, DSA-3304-1, FEDORA-2015-11483, FEDORA-2015-11484, FreeBSD-SA-15:11.bind, HPSBUX03379, openSUSE-SU-2015:1250-1, openSUSE-SU-2015:1250-2, openSUSE-SU-2015:1326-1, RHSA-2015:1443-01, RHSA-2015:1471-01, SOL16912, SSA:2015-188-04, SSRT101976, SUSE-SU-2015:1205-1, USN-2669-1, VIGILANCE-VUL-17320.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ISC Bind server can validate DNSSEC signed responses.

However, when a named server is configured to validate DNSSEC signatures with recursive name resolution, an assertion error occurs in the source file "name.c" for a combination of rare but likely valid record data, because developers did not expect this case. This exception stops the server process.

An attacker can therefore force an assertion error in the DNSSEC validation of ISC Bind, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2015-3259

Xen: buffer overflow of xl

Synthesis of the vulnerability

An attacker can make xl of Xen use an invalid pointer, in order to trigger a denial of service, and possibly to execute code in the host server.
Severity: 1/4.
Creation date: 07/07/2015.
Identifiers: CVE-2015-3259, DSA-3414-1, FEDORA-2015-11247, FEDORA-2015-11308, openSUSE-SU-2015:2003-1, openSUSE-SU-2015:2249-1, SUSE-SU-2015:1299-1, SUSE-SU-2015:1302-1, SUSE-SU-2015:1421-1, SUSE-SU-2015:1479-1, SUSE-SU-2015:1479-2, VIGILANCE-VUL-17319, XSA-137.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The administration tool for Xen "xl" accepts configuration options in its command line.

These options are grouped into a configuration file by concatenation of arguments and end of line characters with the standard function "snprintf". However, the function "main_create" that does that does not check whether the resulting configuration is not longer than the statically allocated target buffer and it computes the result length without taking into account the possible truncation. When the options are too long, the result is that the resulting configuration is indeed truncated and the pointer to this result become invalid.

An attacker can therefore make xl of Xen use an invalid pointer, in order to trigger a denial of service, and possibly to execute code in the host server.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-5400

Squid cache: access control bypass with CONNECT commands

Synthesis of the vulnerability

An attacker can send a CONNECT command to a Squid cache, for instance in order to bypass IP filtering.
Severity: 2/4.
Creation date: 07/07/2015.
Identifiers: CVE-2015-5400, DSA-3327-1, FEDORA-2016-7b40eb9e29, openSUSE-SU-2016:2081-1, SQUID-2015:2, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, VIGILANCE-VUL-17318.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Squid cache product is notably an HTTP cache. It be used cascaded with other proxies.

The HTTP command CONNECT is used to create a direct tunnel between the end client and the end server. In this case, the cache only forward TCP data without examining them. This is most often used to start TLS tunnels. However, Squid does not check whether the CONNECT command is accepted by the end server or the next cache. When it is rejected, Squid continues to relay TCP data and so make the server believe that it communicates with an ordinary client the IP address of which is the one of the Squid host.

An attacker can therefore send a CONNECT command to a Squid cache, for instance in order to bypass IP filtering.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2015-5380

Node.js: buffer overflow of the JavaScript interpreter

Synthesis of the vulnerability

An attacker can generate a read only buffer overflow in the UTF-8 decoder of the JavaScript interpreter of Node.js, in order to trigger a denial of service, and maybe run machine code.
Severity: 2/4.
Creation date: 07/07/2015.
Identifiers: CVE-2015-5380, SOL17238, VIGILANCE-VUL-17317.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Node.js product includes the JavaScipt interpreter "V8".

The normal character encoding in Web context is UTF-8. However, the UTF-8 decoder in the Node.js's variant of V8 wrongly tracks the length of the data to be decoded, which may trigger out of bounds read access and perhaps terminate with a exception because of dereferencing of an invalid memory address.

An attacker can therefore generate a read only buffer overflow in the UTF-8 decoder of the JavaScript interpreter of Node.js, in order to trigger a denial of service, and maybe run machine code.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2015-5468

WordPress e-Commerce Shop Styling: directory traversal of "/includes/download.php"

Synthesis of the vulnerability

An attacker can traverse directories in "/includes/download.php" of WordPress e-Commerce Shop Styling, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 07/07/2015.
Identifiers: CVE-2015-5468, VIGILANCE-VUL-17316.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The e-Commerce Shop Styling plugin can be installed on WordPress.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories in "/includes/download.php" of WordPress e-Commerce Shop Styling, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1624 1625 1626 1627 1628 1629 1630 1631 1632 1634 1636 1637 1638 1639 1640 1641 1642 1643 1644 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2926