The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Brocade Fabric OS

vulnerability alert CVE-2018-10882

Linux kernel: denial of service via ext4_valid_inum

Synthesis of the vulnerability

An attacker can generate a fatal error via ext4_valid_inum() of the Linux kernel, in order to trigger a denial of service.
Impacted products: FabricOS, Debian, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: document.
Creation date: 12/07/2018.
Identifiers: BSA-2019-753, CERTFR-2018-AVI-408, CERTFR-2018-AVI-419, CERTFR-2018-AVI-456, CERTFR-2018-AVI-460, CERTFR-2018-AVI-480, CERTFR-2019-AVI-035, CERTFR-2019-AVI-041, CERTFR-2019-AVI-188, CVE-2018-10882, DLA-1423-1, DLA-1424-1, DLA-1434-1, DLA-1529-1, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, RHSA-2018:2948-01, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2596-1, SUSE-SU-2018:2858-1, SUSE-SU-2018:2908-1, SUSE-SU-2018:2908-2, SUSE-SU-2018:3083-1, SUSE-SU-2018:3084-1, USN-3753-1, USN-3753-2, USN-3871-1, USN-3871-2, USN-3871-3, USN-3871-4, USN-3871-5, VIGILANCE-VUL-26721.

Description of the vulnerability

An attacker can generate a fatal error via ext4_valid_inum() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-6227

Brocade FabricOS: denial of service via IPv6 router advertisement

Synthesis of the vulnerability

An attacker can send malicious ICMP v6 packets to Brocade FabricOS, in order to trigger a denial of service.
Impacted products: FabricOS.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 09/02/2018.
Identifiers: BSA-2018-526, CVE-2017-6227, VIGILANCE-VUL-25266.

Description of the vulnerability

The Brocade FabricOS product include IPv6 routing.

However, malicious ICMP packets of type router advertisement may trigger CPU overload and device unresponsiveness.

An attacker can therefore send malicious ICMP v6 packets to Brocade FabricOS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-8202

Brocade Fabric OS: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of the command line interface of Brocade Fabric OS, in order to get the privileges of the "root" account on the underlying system.
Impacted products: FabricOS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 03/05/2017.
Identifiers: BSA-2017-208, CVE-2016-8202, VIGILANCE-VUL-22630.

Description of the vulnerability

An attacker can bypass restrictions of the command line interface of Brocade Fabric OS, in order to get the privileges of the "root" account on the underlying system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-6563 CVE-2015-6564 CVE-2015-6565

OpenSSH: three vulnerabilities

Synthesis of the vulnerability

An authenticated attacker can use several vulnerabilities of OpenSSH.
Impacted products: Blue Coat CAS, DCFM Enterprise, FabricOS, Brocade Network Advisor, Brocade vTM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, SRX-Series, McAfee Email Gateway, OpenBSD, OpenSSH, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data creation/edition.
Provenance: user account.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/08/2015.
Revisions dates: 03/09/2015, 27/01/2017.
Identifiers: BFS-SA-2015-002, BSA-2015-009, BSA-2019-764, BSA-2019-766, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CERTFR-2019-AVI-325, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565, DLA-1500-1, DLA-1500-2, FEDORA-2015-13520, FreeBSD-SA-15:22.openssh, JSA10774, JSA10840, JSA10940, K17263, RHSA-2015:2088-06, RHSA-2016:0741-01, SA104, SB10177, SB10178, SOL17263, SUSE-SU-2015:1581-1, SYMSA1337, VIGILANCE-VUL-17643.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSH.

A local attacker can write a message (or ANSI sequences) on the tty of other users, because the tty is world-writable. It is also possible to use the TIOCSTI ioctl, in order to inject shell commands. [severity:2/4; CVE-2015-6565]

On OpenSSH Portable, a local attacker can use PAM and compromise the pre-authentication process, in order to impersonate other users. [severity:2/4; BFS-SA-2015-002, CVE-2015-6563]

On OpenSSH Portable, an attacker can compromise the pre-authentication process and force the usage of a freed memory area in PAM support, in order to trigger a denial of service, and possibly to run code. [severity:2/4; BFS-SA-2015-002, CVE-2015-6564]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-0636

Oracle Java: code execution via Hotspot

Synthesis of the vulnerability

An attacker can use a vulnerability in Hotspot of Oracle Java, in order to run code in the web browser of the victim who loads a malicious Java applet.
Impacted products: FabricOS, Brocade Network Advisor, Brocade vTM, Debian, Fedora, Domino, Notes, QRadar SIEM, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 24/03/2016.
Identifiers: 1984678, 1985875, 1987778, BSA-2016-006, CERTFR-2016-AVI-108, CVE-2016-0636, DLA-451-1, DSA-3558-1, FEDORA-2016-90ee071b21, FEDORA-2016-d5dd39a1d5, openSUSE-SU-2016:0971-1, openSUSE-SU-2016:0983-1, openSUSE-SU-2016:1004-1, openSUSE-SU-2016:1005-1, openSUSE-SU-2016:1042-1, RHSA-2016:0511-01, RHSA-2016:0512-01, RHSA-2016:0513-01, RHSA-2016:0514-01, RHSA-2016:0515-01, RHSA-2016:0516-01, SE-2012-01, SUSE-SU-2016:0956-1, SUSE-SU-2016:0957-1, SUSE-SU-2016:0959-1, USN-2942-1, VIGILANCE-VUL-19232.

Description of the vulnerability

The Oracle Java product uses the Hotspot compiler.

However, a vulnerability in Hotspot leads to code execution. Technical details are unknown, but it may be related to an incomplete fix for CVE-2013-5838.

An attacker can therefore use a vulnerability in Hotspot of Oracle Java, in order to run code in the web browser of the victim who loads a malicious Java applet.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0701

OpenSSL: obtaining private exponent via DH Small Subgroups

Synthesis of the vulnerability

In some special configurations, an attacker can find the private DH exponent of the OpenSSL peer, in order to decrypt other sessions.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, ASA, AsyncOS, Cisco ESA, Cisco IPS, Nexus by Cisco, NX-OS, Cisco CUCM, Cisco Manager Attendant Console, Cisco IP Phone, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, HP Switch, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, Data ONTAP 7-Mode, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, Oracle Communications, Oracle DB, Oracle Fusion Middleware, Oracle Identity Management, Solaris, WebLogic, Puppet, stunnel, Ubuntu, VxWorks.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 28/01/2016.
Identifiers: 1979602, 2003480, 2003620, 2003673, 9010060, BSA-2016-005, bulletinjan2018, c05390893, CERTFR-2016-AVI-041, cisco-sa-20160129-openssl, cpujul2019, cpuoct2017, CVE-2016-0701, FEDORA-2016-527018d2ff, HPESBHF03703, JSA10759, NTAP-20160201-0001, openSUSE-SU-2016:0637-1, SA111, SOL33209124, SOL64009378, USN-2883-1, VIGILANCE-VUL-18836, VN-2016-002, VU#257823.

Description of the vulnerability

Since version 1.0.2, the OpenSSL library can generate DH unsafe parameters of style X9.42 (subgroup size "q"), to support the RFC 5114.

In this case, an attacker can find the private DH exponent of the peer, if the DH key is reused. The DH key is reused in the following cases:
 - SSL_CTX_set_tmp_dh() or SSL_set_tmp_dh() is used without the option SSL_OP_SINGLE_DH_USE set, which is rare.
 - SSL_CTX_set_tmp_dh_callback() or SSL_set_tmp_dh_callback() is used in an undocumented mode.
 - Static DH ciphersuites are used.

In some special configurations, an attacker can therefore find the private DH exponent of the OpenSSL peer, in order to decrypt other sessions.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-7973 CVE-2015-7974 CVE-2015-7975

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: SNS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 11.
Creation date: 21/01/2016.
Identifiers: BSA-2016-005, BSA-2016-006, CERTFR-2016-AVI-045, cisco-sa-20160127-ntpd, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, DLA-559-1, DSA-3629-1, FEDORA-2016-34bc10a2c8, FEDORA-2016-89e0874533, FEDORA-2016-8bb1932088, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:09.ntp, HPESBHF03750, JSA10776, JSA10796, K00329831, K01324833, K06288381, openSUSE-SU-2016:1292-1, openSUSE-SU-2016:1329-1, openSUSE-SU-2016:1423-1, PAN-SA-2016-0019, RHSA-2016:0063-01, RHSA-2016:0780-01, RHSA-2016:1552-01, RHSA-2016:2583-02, SA113, SOL00329831, SOL01324833, SOL05046514, SOL06288381, SOL13304944, SOL21230183, SOL32790144, SOL71245322, SOL74363721, SSA:2016-054-04, STORM-2016-003, STORM-2016-004, SUSE-SU-2016:1175-1, SUSE-SU-2016:1177-1, SUSE-SU-2016:1247-1, SUSE-SU-2016:1278-1, SUSE-SU-2016:1291-1, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-18787.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can generate an infinite loop in ntpq, in order to trigger a denial of service. [severity:2/4; CVE-2015-8158]

The Zero Origin Timestamp value is not correctly checked. [severity:2/4; CVE-2015-8138]

An attacker can trigger a fatal error in Authenticated Broadcast Mode, in order to trigger a denial of service. [severity:2/4; CVE-2015-7979]

An attacker can trigger a fatal error in Recursive Traversal, in order to trigger a denial of service. [severity:2/4; CVE-2015-7978]

An attacker can force a NULL pointer to be dereferenced in reslist, in order to trigger a denial of service. [severity:2/4; CVE-2015-7977]

An attacker can use a filename with special characters in the "ntpq saveconfig" command. [severity:2/4; CVE-2015-7976]

An attacker can generate a buffer overflow in nextvar(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-7975]

An attacker can bypass security features in Skeleton Key, in order to escalate his privileges. [severity:2/4; CVE-2015-7974]

An attacker can use a replay attack against Deja Vu. [severity:2/4; CVE-2015-7973]

An attacker can use a replay attack against ntpq. [severity:2/4; CVE-2015-8140]

An attacker can bypass security features in ntpq and ntpdc, in order to obtain sensitive information. [severity:2/4; CVE-2015-8139]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-0777 CVE-2016-0778

OpenSSH: key disclosure via Roaming

Synthesis of the vulnerability

An attacker, who owns a malicious SSH server, can invite a client to connect with OpenSSH, and then call the Roaming feature, in order to obtain sensitive information about keys used by the SSH client.
Impacted products: DCFM Enterprise, FabricOS, Brocade Network Advisor, Brocade vTM, Debian, Black Diamond, ExtremeXOS, Summit, Fedora, FreeBSD, AIX, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, Meinberg NTP Server, Data ONTAP 7-Mode, OpenBSD, OpenSSH, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Symfony, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: data reading, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/01/2016.
Revision date: 14/01/2016.
Identifiers: 046062, 7043086, 9010059, BSA-2016-002, bulletinoct2015, CERTFR-2016-AVI-022, CERTFR-2016-AVI-128, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-0777, CVE-2016-0778, DSA-3446-1, FEDORA-2016-2e89eba0c1, FEDORA-2016-4556904561, FEDORA-2016-67c6ef0d4f, FEDORA-2016-c330264861, FreeBSD-SA-16:07.openssh, JSA10734, JSA10774, NTAP-20160126-0001, openSUSE-SU-2016:0127-1, openSUSE-SU-2016:0128-1, openSUSE-SU-2016:0144-1, openSUSE-SU-2016:0145-1, PAN-SA-2016-0011, RHSA-2016:0043-01, SSA:2016-014-01, SUSE-SU-2016:0117-1, SUSE-SU-2016:0118-1, SUSE-SU-2016:0119-1, SUSE-SU-2016:0120-1, USN-2869-1, VIGILANCE-VUL-18729, VN-2016-001, VU#456088.

Description of the vulnerability

The OpenSSH product implements a SSH client and server.

The SSH client contains an undocumented experimental feature named Roaming, which is implemented in the roaming_client.c file. This feature is enabled by default, and it is used to restart an old session. It is impacted by two vulnerabilities.

The Roaming feature can be used by a SSH server to read the SSH client memory, to obtain its keys. [severity:3/4; CVE-2016-0777]

The Roaming feature can be used by a SSH server to trigger an overflow and a descriptor leak in the SSH client, in order to generate a denial of service. [severity:2/4; CVE-2016-0778]

An attacker, who owns a malicious SSH server, can therefore invite a client to connect with OpenSSH, and then call the Roaming feature, in order to obtain sensitive information about keys used by the SSH client.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3196

OpenSSL: use after free via PSK Identify Hint

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Impacted products: FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, McAfee Email Gateway, Data ONTAP 7-Mode, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1981612, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3196, DSA-3413-1, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, RHSA-2015:2617-01, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18437.

Description of the vulnerability

The OpenSSL library can be used by a multi-threaded client.

However, in this case, the SSL_CTX structure does not contain an updated PSK Identify Hint. OpenSSL can thus free twice the same memory area.

An attacker can therefore force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-3195

OpenSSL: information disclosure via X509_ATTRIBUTE

Synthesis of the vulnerability

An attacker can read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Impacted products: OpenOffice, Tomcat, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, MariaDB ~ precise, McAfee Email Gateway, MySQL Enterprise, Data ONTAP 7-Mode, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1985739, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, CERTFR-2016-AVI-128, cisco-sa-20151204-openssl, cpuapr2017, cpuoct2016, cpuoct2017, CVE-2015-3195, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10733, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2015:2349-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1327-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:2616-01, RHSA-2015:2617-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, SUSE-SU-2016:0678-1, USN-2830-1, VIGILANCE-VUL-18436.

Description of the vulnerability

The OpenSSL library supports the PKCS#7 and CMS formats.

However, if an X509_ATTRIBUTE structure is malformed, OpenSSL does not initialize a memory area before returning it to the user reading PKCS#7 or CMS data.

It can be noted that SSL/TLS is not impacted.

An attacker can therefore read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.