| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Check Point SecurePlatform
Linux kernel: denial of service via FragmentSmack
Synthesis of the vulnerability
An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Impacted products: GAiA, SecurePlatform, CheckPoint Security Gateway, Cisco Aironet, IOS XE Cisco, Nexus by Cisco, Prime Collaboration Assurance, Prime Infrastructure, Cisco Router, Secure ACS, Cisco CUCM, Cisco UCS, Cisco Unified CCX, Cisco IP Phone, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Junos Space, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, Synology DSM, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 16/08/2018.
Identifiers: ADV180022, CERTFR-2018-AVI-390, CERTFR-2018-AVI-392, CERTFR-2018-AVI-419, CERTFR-2018-AVI-457, CERTFR-2018-AVI-478, CERTFR-2018-AVI-533, cisco-sa-20180824-linux-ip-fragment, CVE-2018-5391, DLA-1466-1, DLA-1529-1, DSA-4272-1, FragmentSmack, JSA10917, K74374841, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2019:0274-1, PAN-SA-2018-0012, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, RHSA-2018:3459-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, sk134253, SUSE-SU-2018:2344-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2596-1, SUSE-SU-2019:0541-1, SYMSA1467, Synology-SA-18:44, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, VIGILANCE-VUL-27009, VU#641765.
Description of the vulnerability
An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
FreeBSD: denial of service via SegmentSmack
Synthesis of the vulnerability
An attacker can generate a fatal error via TCP Reassembly of FreeBSD, in order to trigger a denial of service.
Impacted products: GAiA, SecurePlatform, CheckPoint Security Gateway, AsyncOS, Cisco Content SMA, Cisco ESA, Cisco WSA, FreeBSD, AIX, Junos OS, SRX-Series, Oracle Communications, pfSense.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 07/08/2018.
Identifiers: 6387, cisco-sa-20180824-linux-tcp, cpujan2019, CVE-2018-6922, FreeBSD-SA-18:08.tcp, ibm10737709, JSA10876, SegmentSmack, sk134253, VIGILANCE-VUL-26922.
Description of the vulnerability
An attacker can generate a fatal error via TCP Reassembly of FreeBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via SegmentSmack
Synthesis of the vulnerability
An attacker can generate a fatal error via tcp_prune_ofo_queue() of the Linux kernel, in order to trigger a denial of service.
Impacted products: GAiA, SecurePlatform, CheckPoint Security Gateway, AsyncOS, Cisco Content SMA, Cisco ESA, Cisco WSA, Debian, BIG-IP Hardware, TMOS, QRadar SIEM, Junos OS, Junos Space, SRX-Series, Linux, McAfee Email Gateway, McAfee NSM, McAfee NSP, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, Ubuntu.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 07/08/2018.
Identifiers: CERTFR-2018-AVI-374, CERTFR-2018-AVI-375, CERTFR-2018-AVI-386, CERTFR-2018-AVI-390, CERTFR-2018-AVI-392, CERTFR-2018-AVI-419, CERTFR-2018-AVI-420, CERTFR-2018-AVI-428, CERTFR-2018-AVI-457, CERTFR-2018-AVI-584, cisco-sa-20180824-linux-tcp, cpujan2019, CVE-2018-5390, DLA-1466-1, DSA-4266-1, ibm10742755, JSA10876, JSA10917, K95343321, openSUSE-SU-2018:2242-1, openSUSE-SU-2018:2404-1, RHSA-2018:2384-01, RHSA-2018:2395-01, RHSA-2018:2645-01, RHSA-2018:2776-01, RHSA-2018:2785-01, RHSA-2018:2789-01, RHSA-2018:2790-01, RHSA-2018:2791-01, RHSA-2018:2924-01, RHSA-2018:2933-01, RHSA-2018:2948-01, SB10249, SegmentSmack, sk134253, SUSE-SU-2018:2223-1, SUSE-SU-2018:2328-1, SUSE-SU-2018:2344-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2596-1, SYMSA1467, USN-3732-1, USN-3732-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, USN-3763-1, VIGILANCE-VUL-26913, VU#962459.
Description of the vulnerability
An attacker can generate a fatal error via tcp_prune_ofo_queue() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Check Point Threat Emulation/Extraction: bypassing MTA filtering
Synthesis of the vulnerability
An attacker can send a malicious email to Check Point Threat Emulation/Extraction, which is not filtered.
Impacted products: GAiA, SecurePlatform.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Creation date: 29/11/2016.
Identifiers: sk114664, VIGILANCE-VUL-21229.
Description of the vulnerability
The Check Point Threat Emulation/Extraction product offers a service to filter emails.
However, an email can bypass this protection.
An attacker can therefore send a malicious email to Check Point Threat Emulation/Extraction, which is not filtered.
Full Vigil@nce bulletin... (Free trial) |
binutils/libiberty: seven vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities were announced in binutils/libiberty.
Impacted products: GAiA, CheckPoint IP Appliance, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Debian, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 7.
Creation date: 18/07/2016.
Identifiers: CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, DLA-552-1, sk116495, USN-3337-1, USN-3367-1, USN-3368-1, VIGILANCE-VUL-20140.
Description of the vulnerability
Several vulnerabilities were announced in binutils/libiberty.
An attacker can force the usage of a freed memory area via btypevec, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4487]
An attacker can force the usage of a freed memory area via ktypevec, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4488]
An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4489]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4490]
An attacker can generate an infinite loop via d_print_comp(), in order to trigger a denial of service. [severity:1/4; CVE-2016-4491]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4492]
An attacker can force a read at an invalid address, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-4493]
Full Vigil@nce bulletin... (Free trial) |
binutils: buffer overflow
Synthesis of the vulnerability
An attacker can generate a buffer overflow of binutils, in order to trigger a denial of service, and possibly to run code.
Impacted products: GAiA, CheckPoint IP Appliance, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Debian, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 18/07/2016.
Identifiers: CVE-2016-2226, DLA-552-1, sk116495, USN-3337-1, USN-3367-1, USN-3368-1, VIGILANCE-VUL-20139.
Description of the vulnerability
An attacker can generate a buffer overflow of binutils, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Check Point Security Gateway: memory leak via CIFS
Synthesis of the vulnerability
An attacker can create a memory leak in the CIFS protocol analyser of Check Point Security Gateway, in order to trigger a denial of service.
Impacted products: SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 15/06/2015.
Identifiers: sk106334, VIGILANCE-VUL-17127.
Description of the vulnerability
The Check Point Security Gateway product offers an anti-virus service.
It may be configured to inspect the CIFS network traffic. However, the memory allocated in a function range_create() is never freed.
An attacker can therefore create a memory leak in the CIFS protocol analyzer of Check Point Security Gateway, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
glibc: buffer overflow of gethostbyname, GHOST
Synthesis of the vulnerability
An attacker can for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code. Several programs using the gethostbyname() function are vulnerable with a similar attack vector.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, Provider-1, SecurePlatform, CheckPoint Security Gateway, CheckPoint VSX-1, Cisco ASR, Cisco Catalyst, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco CUCM, XenServer, Clearswift Email Gateway, Debian, Unisphere EMC, VNX Operating Environment, VNX Series, Exim, BIG-IP Hardware, TMOS, HPE BSM, HP Operations, Performance Center, Junos Space, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, openSUSE, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, PHP, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, Polycom VBP, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, WordPress Core.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet server.
Creation date: 27/01/2015.
Revision date: 27/01/2015.
Identifiers: 198850, 199399, c04577814, c04589512, CERTFR-2015-AVI-043, cisco-sa-20150128-ghost, cpujul2015, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CTX200437, CVE-2015-0235, DSA-3142-1, ESA-2015-030, ESA-2015-041, GHOST, HPSBGN03270, HPSBGN03285, JSA10671, K16057, KM01391662, MDVSA-2015:039, openSUSE-SU-2015:0162-1, openSUSE-SU-2015:0184-1, PAN-SA-2015-0002, RHSA-2015:0090-01, RHSA-2015:0092-01, RHSA-2015:0099-01, RHSA-2015:0101-01, RHSA-2015:0126-01, SB10100, sk104443, SOL16057, SSA:2015-028-01, SSA-994726, SUSE-SU-2015:0158-1, USN-2485-1, VIGILANCE-VUL-16060, VU#967332.
Description of the vulnerability
The glibc library provides two functions to obtain the IP address of a server from its DNS name:
struct hostent *gethostbyname(const char *name);
struct hostent *gethostbyname2(const char *name, int af);
For example:
he = gethostbyname("www.example.com");
These functions also accept to directly process an IP address:
he = gethostbyname("192.168.1.1");
However, a malformed IPv4 address, which is too long such as 192.168.111111.1 (more than 1024 byte long) triggers an overflow in the __nss_hostname_digits_dots() function.
An attacker can therefore for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code.
Several programs using the gethostbyname() function are vulnerable (exim, php, pppd, procmail) with a similar attack vector. The following programs are apparently not vulnerable: apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, squid, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.
Full Vigil@nce bulletin... (Free trial) |
Check Point, Cisco, IBM, F5, FortiOS: information disclosure via POODLE on TLS
Synthesis of the vulnerability
An attacker, located as a Man-in-the-Middle, can decrypt a Terminating TLS session, in order to obtain sensitive information.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, CheckPoint Power-1 Appliance, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, Cisco ACE, ASA, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiOS, DB2 UDB, Domino, Informix Server, Tivoli Directory Server, openSUSE, Solaris, Palo Alto Firewall PA***, PAN-OS, Ubuntu.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/12/2014.
Revision date: 17/12/2014.
Identifiers: 1450666, 1610582, 1647054, 1692906, 1693052, 1693142, bulletinjul2017, CERTFR-2014-AVI-533, CSCus08101, CSCus09311, CVE-2014-8730, CVE-2015-2774, FEDORA-2015-12923, FEDORA-2015-12970, openSUSE-SU-2016:0523-1, sk103683, SOL15882, USN-3571-1, VIGILANCE-VUL-15756.
Description of the vulnerability
The VIGILANCE-VUL-15485 (POODLE) vulnerability originates from an incorrect management of SSLv3 padding.
The F5 BIG-IP product can be configured to "terminate" SSL/TLS sessions. However, even when TLS is used, this BIG-IP feature uses the SSLv3 function to manage the padding. TLS sessions are thus also vulnerable to POODLE.
The same vulnerability also impacts Check Point, Cisco, IBM and Fortinet products.
An attacker, located as a Man-in-the-Middle, can therefore decrypt a Terminating TLS session, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Check Point Security Gateway: denial of service via UserCheck
Synthesis of the vulnerability
An attacker can generate an error in UserCheck of Check Point Security Gateway, in order to trigger a denial of service.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 17/11/2014.
Identifiers: CVE-2014-8951, sk100505, VIGILANCE-VUL-15656.
Description of the vulnerability
The UserCheck feature can be enabled on the Check Point Security Gateway product.
However, a redirect to the UserCheck page triggers a fatal error in uc_set_redirect_url().
An attacker can therefore generate an error in UserCheck of Check Point Security Gateway, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
|