The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Arkoon Firewall FAST360

cybersecurity announce CVE-2016-6302 CVE-2016-6303 CVE-2016-6304

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 22/09/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2000209, 2000544, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2017, bulletinjul2016, bulletinoct2016, CERTFR-2016-AVI-320, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, HT207423, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2016:2802-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA132, SA40312, SB10171, SB10215, SOL54211024, SOL90492697, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, STORM-2016-005, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20678.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can create a memory over consumption via an OCSP request, in order to trigger a denial of service. [severity:3/4; CVE-2016-6304]

An attacker can make a process block itself via SSL_peek, in order to trigger a denial of service. [severity:2/4; CVE-2016-6305]

An attacker can generate a buffer overflow via MDC2_Update, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-6303]

An attacker can generate a read only buffer overflow, in order to trigger a denial of service. [severity:1/4; CVE-2016-6302]

An attacker can generate a read only buffer overflow via the parsing of an X.509 certificate, in order to trigger a denial of service. [severity:1/4; CVE-2016-6306]

An attacker can make the server allocates a large amount of memory to process TLS packets. [severity:1/4; CVE-2016-6307]

An attacker can make the server allocates a large amount of memory to process DTLS packets. [severity:1/4; CVE-2016-6308]
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2015-3294

Dnsmasq: information disclosure via tcp_request

Synthesis of the vulnerability

A local attacker can read a memory fragment of Dnsmasq, in order to obtain sensitive information; and maybe make the server halt.
Severity: 2/4.
Creation date: 17/04/2015.
Identifiers: bulletinjul2015, CVE-2015-3294, DSA-3251-1, DSA-3251-2, openSUSE-SU-2015:0857-1, OSI-1502, STORM-2015-09-EN, STORM-2015-10-EN, STORM-2015-11-EN.2, STORM-2015-12-EN, SUSE-SU-2017:2616-1, SUSE-SU-2017:2617-1, SUSE-SU-2017:2619-1, USN-2593-1, VIGILANCE-VUL-16649.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Dnsmasq includes a DNS cache.

The routine tcp_request() builds the response packet. However, the function "setup_reply" does not take into account some possible errors while evaluating the response size. Such an error would make the server return uninitialized data from the process heap and maybe reference an invalid address, and then make the server process be killed.

A local attacker can therefore read a memory fragment of Dnsmasq, in order to obtain sensitive information; and maybe make the server halt.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2015-5621

Net-SNMP: memory leak via snmp_pdu_parse

Synthesis of the vulnerability

An attacker can create a memory leak in snmp_pdu_parse() of Net-SNMP, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 13/04/2015.
Identifiers: bulletinoct2016, CERTFR-2016-AVI-133, CTX209443, CVE-2015-5621, DSA-4154-1, MDVSA-2015:229, openSUSE-SU-2015:1502-1, RHSA-2015:1636-01, SOL17378, STORM-2015-09-EN, STORM-2015-10-EN, STORM-2015-11-EN.2, STORM-2015-12-EN, USN-2711-1, VIGILANCE-VUL-16576.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Net-SNMP product uses the snmp_pdu_parse() function to analyze data of SNMP packets.

However, after an error, the memory allocated to process an option in snmp_parse_var_op() is never freed.

An attacker can therefore create a memory leak in snmp_pdu_parse() of Net-SNMP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2015-0286 CVE-2015-0287 CVE-2015-0289

OpenSSL 0.9/1.0.0/1.0.1: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 0.9/1.0.0/1.0.1.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 19/03/2015.
Identifiers: 1701334, 1902519, 1960491, 1964410, 1975397, 55767, 7043086, 9010031, ARUBA-PSA-2015-007, bulletinapr2015, c04679334, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-169, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, CERTFR-2016-AVI-303, cisco-sa-20150320-openssl, cisco-sa-20150408-ntpd, cpuapr2017, cpuoct2016, cpuoct2017, CTX216642, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, DSA-3197-1, DSA-3197-2, FEDORA-2015-4300, FEDORA-2015-4303, FG-IR-15-008, FreeBSD-SA-15:06.openssl, HPSBUX03334, JSA10680, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2015:0554-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, RHSA-2015:0715-01, RHSA-2015:0716-01, RHSA-2015:0752-01, RHSA-2015:0800-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, SA40001, SA92, SB10110, SOL16301, SOL16302, SOL16317, SOL16319, SOL16320, SOL16321, SOL16323, SPL-98351, SPL-98531, SSA:2015-111-09, SSRT102000, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, SUSE-SU-2016:0678-1, TNS-2015-04, USN-2537-1, VIGILANCE-VUL-16429.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 0.9/1.0.0/1.0.1.

An attacker can force a read at an invalid address in ASN1_TYPE_cmp, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can generate a memory corruption in ASN.1, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0287]

An attacker can force a NULL pointer to be dereferenced in PKCS#7, in order to trigger a denial of service. [severity:2/4; CVE-2015-0289]

An attacker can generate a memory corruption with base64 data, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0292]

An attacker can generate an OPENSSL_assert, in order to trigger a denial of service. [severity:2/4; CVE-2015-0293]
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2015-2305

Henry Spencer regex, PHP, MySQL: buffer overflow of regcomp

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the regcomp() function of Henry Spencer regex, in order to trigger a denial of service, and possibly to execute code.
Severity: 2/4.
Creation date: 18/03/2015.
Identifiers: c04686230, CERTFR-2015-AVI-187, CVE-2015-2305, DSA-3195-1, FEDORA-2015-4216, FEDORA-2015-4236, HPSBUX03337, openSUSE-SU-2015:0644-1, RHSA-2015:1053-01, RHSA-2015:1066-01, SSA:2015-111-10, SSRT102066, STORM-2015-09-EN, STORM-2015-10-EN, STORM-2015-11-EN.2, STORM-2015-12-EN, SUSE-SU-2015:0868-1, SUSE-SU-2016:1638-1, USN-2572-1, VIGILANCE-VUL-16412.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Henry Spencer regex library implements the support of regular expressions. It is used by PHP and MySQL.

The regcomp() function generates a data structure representing a regular expression.

However, if the size of data is greater than the size of the storage array, an overflow occurs in regcomp().

An attacker can therefore generate a buffer overflow in the regcomp() function of Henry Spencer regex, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2015-0288

OpenSSL: NULL pointer dereference via X509_to_X509_REQ

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in X509_to_X509_REQ() of OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 09/03/2015.
Identifiers: 1701334, 1964410, 55767, 9010031, c04679334, CERTFR-2015-AVI-089, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, CERTFR-2016-AVI-303, cisco-sa-20150320-openssl, cisco-sa-20150408-ntpd, cpuoct2017, CTX216642, CVE-2015-0288, DSA-3197-1, DSA-3197-2, FEDORA-2015-4300, FEDORA-2015-4303, FEDORA-2015-6855, FreeBSD-SA-15:06.openssl, HPSBUX03334, JSA10680, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2015:0554-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0640-1, RHSA-2015:0715-01, RHSA-2015:0716-01, RHSA-2015:0752-01, RHSA-2015:0800-01, SA40001, SB10110, SOL16301, SOL16302, SOL16317, SOL16319, SOL16320, SOL16321, SOL16323, SPL-98351, SPL-98531, SSA:2015-111-09, SSRT102000, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, TNS-2015-04, USN-2537-1, VIGILANCE-VUL-16342.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL product processes X.509 certificates.

However, the X509_to_X509_REQ() function does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in X509_to_X509_REQ() of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2015-0138 CVE-2015-0204

OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/03/2015.
Revision date: 09/03/2015.
Identifiers: 122007, 1450666, 1610582, 1647054, 1698613, 1699051, 1699810, 1700225, 1700997, 1701485, 1902260, 1903541, 1963275, 1968485, 1973383, 55767, 7014463, 7022958, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, c04773241, CERTFR-2015-AVI-108, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2017, CTX216642, CVE-2015-0138, CVE-2015-0204, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FG-IR-15-007, FREAK, FreeBSD-SA-15:01.openssl, HPSBMU03345, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SA40015, SA88, SA91, SB10108, SB10110, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, T1022075, USN-2459-1, VIGILANCE-VUL-16301, VN-2015-003_FREAK, VU#243585.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

Several cryptographic algorithms can be negotiated, such as algorithms allowed for USA export (less than 512 bits).

An attacker, located as a Man-in-the-Middle, can inject during the session initialization a message choosing an export algorithm. This message should generate an error, however some TLS clients accept it.

Note: the variant related to Windows is described in VIGILANCE-VUL-16332.

An attacker, located as a Man-in-the-Middle, can therefore force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2015-8984

glibc: unreachable memory reading via fnmatch

Synthesis of the vulnerability

An attacker can force a read at an invalid address in fnmatch() of the glibc, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 26/02/2015.
Identifiers: 18032, CVE-2015-8984, K29241247, STORM-2015-09-EN, STORM-2015-10-EN, STORM-2015-11-EN.2, STORM-2015-12-EN, USN-3239-1, USN-3239-2, USN-3239-3, VIGILANCE-VUL-16275.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The fnmatch() function of the glibc checks if a string matches a pattern:
  fnmatch(pattern, string, flags);
For example:
  if (fnmatch("*.txt", "file.txt", 0)) ...

However, if the pattern contains an unclosed '[', the internal_fnmatch() function tries to read a memory area which is not reachable, which triggers a fatal error.

An attacker can therefore force a read at an invalid address in fnmatch() of the glibc, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2011-5320

glibc: buffer overflow of scanf

Synthesis of the vulnerability

An attacker can generate a buffer overflow in scanf() functions of the glibc, in order to trigger a denial of service, and possibly to execute code.
Severity: 2/4.
Creation date: 26/02/2015.
Identifiers: 13138, CVE-2011-5320, STORM-2015-09-EN, STORM-2015-10-EN, STORM-2015-11-EN.2, STORM-2015-12-EN, VIGILANCE-VUL-16271.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Functions in the scanf() family analyze a string to store it in variables. For example, to decode an integer:
  scanf("%i", &integer);

However, if the size of data is greater than the size of the storage array, an overflow occurs in the _IO_vfscanf_internal() function.

An attacker can therefore generate a buffer overflow in scanf() functions of the glibc, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2015-1473

glibc: denial of service via swscanf

Synthesis of the vulnerability

An attacker can consume too many memory in the swscanf() function of the glibc, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 04/02/2015.
Identifiers: 16618, CVE-2015-1473, DSA-3169-1, MDVSA-2015:168, RHSA-2015:2199-07, RHSA-2015:2589-01, STORM-2015-09-EN, STORM-2015-10-EN, STORM-2015-11-EN.2, STORM-2015-12-EN, USN-2519-1, VIGILANCE-VUL-16106.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The swscanf() function of the glibc searches for a pattern in a wide-character string.

Before reserving a stack memory area via alloca(), the swscanf() function calls __libc_use_alloca() which checks if the requested size is inferior to the limit __MAX_ALLOCA_CUTOFF. However, a number of characters is compared instead of a number of bytes. The alloca() function can thus be used up to 4 times the expected limit, which may stop the application.

An attacker can therefore consume too many memory in the swscanf() function of the glibc, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.