The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Blue Coat RA

computer vulnerability announce CVE-2016-1834 CVE-2016-1835 CVE-2016-1836

libxml2: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, NSM Central Manager, NSMXpress, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, SLES, Nessus, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 03/06/2016.
Identifiers: CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1840, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, HT206902, HT206903, JSA10770, JSA10774, K14614344, K16712298, K48220300, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19787.

Description of the vulnerability

Several vulnerabilities were announced in libxml2.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1834]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1835]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1836]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1837]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1840]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1762

libxml2: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/06/2016.
Identifiers: CERTFR-2017-AVI-012, CVE-2016-1762, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, JSA10770, K14338030, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, USN-2994-1, VIGILANCE-VUL-19786.

Description of the vulnerability

An attacker can generate a memory corruption of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-4447 CVE-2016-4448 CVE-2016-4449

libxml2: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Junos OS, Junos Space, libxml, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, Slackware, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/05/2016.
Identifiers: 1989337, 1991909, 1991910, 1991911, 1991913, 1991997, CERTFR-2017-AVI-012, cpujan2018, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206902, HT206903, JSA10770, JSA10916, K24322529, K41103561, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SOL41103561, SPL-119440, SPL-121159, SPL-123095, SSA:2016-148-01, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, USN-3235-1, VIGILANCE-VUL-19694.

Description of the vulnerability

Several vulnerabilities were announced in libxml2.

An attacker can force a read at an invalid address via xmlParseName, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-4447]

An attacker can use a format string attack, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4448]

An attacker can generate a memory corruption via Entities Content, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4449]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-4483

libxml2: out-of-bounds memory reading via xmlBufAttrSerializeTxtContent

Synthesis of the vulnerability

An attacker can force a read at an invalid address in xmlBufAttrSerializeTxtContent() of libxml2, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, libxml, openSUSE, openSUSE Leap, Solaris, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 04/05/2016.
Identifiers: 1989337, 1991909, 1991910, 1991911, 1991913, 1991997, bulletinjul2016, CVE-2016-4483, DLA-503-1, DSA-3593-1, HT206902, HT206903, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, SA129, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19514.

Description of the vulnerability

The xmllint tool of libxml2 has the option "--recover" to try to decode a malformed XML document.

However, the xmlBufAttrSerializeTxtContent() function of the xmlsave.c file tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address in xmlBufAttrSerializeTxtContent() of libxml2, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-3705

libxml2: infinite loop of xmlParserEntityCheck

Synthesis of the vulnerability

An attacker can generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Junos OS, Junos Space, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/05/2016.
Identifiers: 765207, CERTFR-2017-AVI-012, CVE-2016-3705, DLA-503-1, DSA-3593-1, JSA10770, JSA10916, openSUSE-SU-2016:1446-1, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SOL54225343, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19513.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, a malformed document triggers an infinite recursion in the xmlParserEntityCheck(), xmlParseEntityValue() and xmlParseAttValueComplex() functions, which depletes the stack.

An attacker can therefore generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-3627

libxml2: infinite loop of xmlStringGetNodeList

Synthesis of the vulnerability

An attacker can generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Junos OS, Junos Space, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, Solaris, RHEL, Splunk Enterprise, Nessus, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 21/03/2016.
Revision date: 03/05/2016.
Identifiers: 1989337, 1991909, 1991910, 1991911, 1991913, 1991997, 762100, bulletinjul2016, CERTFR-2017-AVI-012, CVE-2016-3627, DLA-503-1, DSA-3593-1, JSA10770, JSA10916, openSUSE-SU-2016:1298-1, openSUSE-SU-2016:1446-1, openSUSE-SU-2016:1594-1, RHSA-2016:1292-01, SA129, SB10170, SOL54225343, SPL-119440, SPL-121159, SPL-123095, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19201.

Description of the vulnerability

The xmllint tool of libxml2 has the option "--recover" to try to decode a malformed XML document.

However, a malformed document triggers an infinite recursion in the xmlStringGetNodeList() function, which depletes the stack.

An attacker can therefore generate an infinite recursion in xmlStringGetNodeList() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-1839

libxml2: unreachable memory reading via xmlDictAddString

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlDictAddString() function, in order to trigger a denial of service.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Junos Space, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/02/2016.
Identifiers: CERTFR-2017-AVI-012, CVE-2016-1839, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, JSA10770, K26422113, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, openSUSE-SU-2017:1510-1, RHSA-2016:1292-01, SA129, SB10170, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19007.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, malformed XML data force the xmlDictAddString() function to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlDictAddString() function, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1833

libxml2: unreachable memory reading via xmlNextChar

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlDictAddString() function, in order to trigger a denial of service.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, Junos Space, NSM Central Manager, NSMXpress, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, Solaris, RHEL, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/02/2016.
Identifiers: 758606, bulletinjul2016, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-1833, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, JSA10770, JSA10774, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19006.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, malformed XML data force the xmlNextChar() function to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlNextChar() function, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-1838

libxml2: unreachable memory reading via xmlParseEndTag2

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlParseEndTag2() function, in order to trigger a denial of service.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, libxml, McAfee Web Gateway, openSUSE, openSUSE Leap, RHEL, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/02/2016.
Identifiers: 758588, 758589, CERTFR-2017-AVI-012, CVE-2016-1838, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206567, HT206568, JSA10770, K71926235, openSUSE-SU-2016:1594-1, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, VIGILANCE-VUL-19005.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, an ending tag located after a long name forces the xmlParseEndTag2() function to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore invite the victim to open a malicious XML document, with an application linked with libxml2, to force a read at an invalid address in the xmlParseEndTag2() function, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-4609

TCP: denial of service Sockstress

Synthesis of the vulnerability

An attacker can use a small TCP Window, in order to overload a TCP server.
Impacted products: ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, VPN-1, ASA, Cisco Catalyst, IOS by Cisco, Cisco Router, BIG-IP Hardware, TMOS, Linux, Windows 2000, Windows 2003, Windows 2008 R0, Windows (platform) ~ not comprehensive, Windows Vista, Windows XP, NLD, OES, OpenSolaris, openSUSE, Solaris, Trusted Solaris, TCP protocol, StoneGate Firewall, StoneGate IPS, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 01/10/2008.
Revisions dates: 20/10/2008, 09/09/2009.
Identifiers: 109444, 110132, 267088, 6759500, 967723, BID-31545, c01923093, CERTA-2009-ALE-017-003, cisco-sa-20090908-tcp24, cisco-sr-20081017-tcp, cpujul2012, CVE-2008-4609, FICORA #193744, HPSBMI02473, MS09-048, SA34, SA35, SA36, SA37, SA38, SA40, SA41, sk42723, sk42725, SOL10509, SOL7301, SOL9293, SSRT080138, SUSE-SA:2009:047, VIGILANCE-VUL-8139, VU#723308.

Description of the vulnerability

The "window" field of a TCP packet indicates the size of the accepted window (and thus the range) for sequence numbers of incoming packets.

According to the TCP protocol, when the system cannot receive more packets (for example if its buffers are full), it lowers the value of the "window" field. The remote host then has to send data slowly.

An attacker can therefore connect to a listening TCP service, and artificially extend the session duration, in order to overload the remote host.

The attacker can also use a "reverse syn cookies" and the TCP Timestamp option to not have to keep a state on his computer.

An attacker can therefore only use few resources on his computer, and force the usage of a lot of resources on the target. The impact of this temporary denial of service depends on the target system, and is similar to an attacker opening several real TCP sessions (excepted that his computer only uses a few resources). The attacker cannot spoof his IP address to exploit this attack.

There are several attack variants, related to the window size or to a temporary increase of window size. The VIGILANCE-VUL-8844 vulnerability can be seen as a variant.

When the attacker stops sending packets, the denial of service stops. However, some additional implementations errors (such as the Microsoft CVE-2009-1926 vulnerability of VIGILANCE-VUL-9008, or the Cisco Nexus 5000 vulnerabilities described in the solution for Cisco) cause a permanent denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.