The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of CheckPoint GAiA

vulnerability announce 21652

Check Point Security Gateway: vulnerability

Synthesis of the vulnerability

Impacted products: GAiA, CheckPoint IP Appliance, CheckPoint Security Appliance, CheckPoint Security Gateway.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 23/01/2017.
Identifiers: sk115596, VIGILANCE-VUL-21652.

Description of the vulnerability

A vulnerability of Check Point Security Gateway was announced.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 21229

Check Point Threat Emulation/Extraction: bypassing MTA filtering

Synthesis of the vulnerability

An attacker can send a malicious email to Check Point Threat Emulation/Extraction, which is not filtered.
Impacted products: GAiA, SecurePlatform.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 29/11/2016.
Identifiers: sk114664, VIGILANCE-VUL-21229.

Description of the vulnerability

The Check Point Threat Emulation/Extraction product offers a service to filter emails.

However, an email can bypass this protection.

An attacker can therefore send a malicious email to Check Point Threat Emulation/Extraction, which is not filtered.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-4487 CVE-2016-4488 CVE-2016-4489

binutils/libiberty: seven vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in binutils/libiberty.
Impacted products: GAiA, CheckPoint IP Appliance, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Debian, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/07/2016.
Identifiers: CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, DLA-552-1, sk116495, USN-3337-1, USN-3367-1, USN-3368-1, VIGILANCE-VUL-20140.

Description of the vulnerability

Several vulnerabilities were announced in binutils/libiberty.

An attacker can force the usage of a freed memory area via btypevec, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4487]

An attacker can force the usage of a freed memory area via ktypevec, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4488]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4489]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4490]

An attacker can generate an infinite loop via d_print_comp(), in order to trigger a denial of service. [severity:1/4; CVE-2016-4491]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4492]

An attacker can force a read at an invalid address, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-4493]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-2226

binutils: buffer overflow

Synthesis of the vulnerability

Impacted products: GAiA, CheckPoint IP Appliance, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Debian, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/07/2016.
Identifiers: CVE-2016-2226, DLA-552-1, sk116495, USN-3337-1, USN-3367-1, USN-3368-1, VIGILANCE-VUL-20139.

Description of the vulnerability

An attacker can generate a buffer overflow of binutils, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 19746

Check Point Anti-Bot/Virus: malicious urls not blocked

Synthesis of the vulnerability

An attacker can send documents containing malicious urls, which are not detected by Check Point Anti-Bot/Virus.
Impacted products: GAiA, CheckPoint Security Appliance.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 01/06/2016.
Identifiers: sk111740, VIGILANCE-VUL-19746.

Description of the vulnerability

The Check Point Anti-Bot / Anti-Virus product offers a service to detect malicious urls.

However, after installing Take 143 of R77.30 Jumbo Hotfix Accumulator, this service stops.

An attacker can therefore send documents containing malicious urls, which are not detected by Check Point Anti-Bot/Virus.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-9293 CVE-2014-9294 CVE-2014-9295

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, CheckPoint Power-1 Appliance, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco CUCM, Cisco Unified CCX, Clearswift Email Gateway, Debian, Black Diamond, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, HP-UX, AIX, Juniper J-Series, Junos OS, Junos Space, NSMXpress, MBS, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, Oracle Communications, Solaris, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 19/12/2014.
Revision date: 17/02/2016.
Identifiers: c04554677, c04574882, c04916783, CERTFR-2014-AVI-537, CERTFR-2014-AVI-538, CERTFR-2016-AVI-148, cisco-sa-20141222-ntpd, cpuoct2016, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, DSA-3108-1, FEDORA-2014-17361, FEDORA-2014-17367, FEDORA-2014-17395, FreeBSD-SA-14:31.ntp, HPSBHF03432, HPSBPV03266, HPSBUX03240, JSA10663, MBGSA-1405, MDVSA-2015:003, MDVSA-2015:140, NetBSD-SA2015-003, openSUSE-SU-2014:1670-1, openSUSE-SU-2014:1680-1, RHSA-2014:2024-01, RHSA-2014:2025-01, RHSA-2015:0104-01, sk103825, SOL15933, SOL15934, SOL15935, SOL15936, SSA:2014-356-01, SSA-671683, SSRT101872, SUSE-SU-2014:1686-1, SUSE-SU-2014:1686-2, SUSE-SU-2014:1686-3, SUSE-SU-2014:1690-1, SUSE-SU-2015:0259-1, SUSE-SU-2015:0259-2, SUSE-SU-2015:0259-3, SUSE-SU-2015:0274-1, SUSE-SU-2015:0322-1, USN-2449-1, VIGILANCE-VUL-15867, VN-2014-005, VU#852879.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can predict the default key generated by config_auth(), in order to bypass the authentication. [severity:2/4; CVE-2014-9293]

An attacker can predict the key generated by ntp-keygen, in order to decrypt sessions. [severity:2/4; CVE-2014-9294]

An attacker can generate a buffer overflow in crypto_recv(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can generate a buffer overflow in ctl_putdata(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can generate a buffer overflow in configure(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can trigger an error in receive(), which is not detected. [severity:1/4; CVE-2014-9296]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-0235

glibc: buffer overflow of gethostbyname, GHOST

Synthesis of the vulnerability

An attacker can for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code. Several programs using the gethostbyname() function are vulnerable with a similar attack vector.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, Provider-1, SecurePlatform, CheckPoint Security Gateway, CheckPoint VSX-1, Cisco ASR, Cisco Catalyst, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco CUCM, XenServer, Clearswift Email Gateway, Debian, Unisphere EMC, VNX Operating Environment, VNX Series, Exim, BIG-IP Hardware, TMOS, HPE BSM, HP Operations, Performance Center, Junos Space, MBS, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, NetIQ Sentinel, openSUSE, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, PHP, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, Polycom VBP, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, WordPress Core.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet server.
Confidence: confirmed by the editor (5/5).
Creation date: 27/01/2015.
Revision date: 27/01/2015.
Identifiers: 198850, 199399, c04577814, c04589512, CERTFR-2015-AVI-043, cisco-sa-20150128-ghost, cpujul2015, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CTX200437, CVE-2015-0235, DSA-3142-1, ESA-2015-030, ESA-2015-041, GHOST, HPSBGN03270, HPSBGN03285, JSA10671, K16057, KM01391662, MDVSA-2015:039, openSUSE-SU-2015:0162-1, openSUSE-SU-2015:0184-1, PAN-SA-2015-0002, RHSA-2015:0090-01, RHSA-2015:0092-01, RHSA-2015:0099-01, RHSA-2015:0101-01, RHSA-2015:0126-01, SB10100, sk104443, SOL16057, SSA:2015-028-01, SSA-994726, SUSE-SU-2015:0158-1, USN-2485-1, VIGILANCE-VUL-16060, VU#967332.

Description of the vulnerability

The glibc library provides two functions to obtain the IP address of a server from its DNS name:
  struct hostent *gethostbyname(const char *name);
  struct hostent *gethostbyname2(const char *name, int af);

For example:
  he = gethostbyname("www.example.com");

These functions also accept to directly process an IP address:
  he = gethostbyname("192.168.1.1");

However, a malformed IPv4 address, which is too long such as 192.168.111111.1 (more than 1024 byte long) triggers an overflow in the __nss_hostname_digits_dots() function.

An attacker can therefore for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code.

Several programs using the gethostbyname() function are vulnerable (exim, php, pppd, procmail) with a similar attack vector. The following programs are apparently not vulnerable: apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, squid, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2014-8730 CVE-2015-2774

Check Point, Cisco, IBM, F5, FortiOS: information disclosure via POODLE on TLS

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can decrypt a Terminating TLS session, in order to obtain sensitive information.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, CheckPoint Power-1 Appliance, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, Cisco ACE, ASA, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiOS, DB2 UDB, Domino, Informix Server, Tivoli Directory Server, openSUSE, Solaris, Palo Alto Firewall PA***, PAN-OS, Ubuntu.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 09/12/2014.
Revision date: 17/12/2014.
Identifiers: 1450666, 1610582, 1647054, 1692906, 1693052, 1693142, bulletinjul2017, CERTFR-2014-AVI-533, CSCus08101, CSCus09311, CVE-2014-8730, CVE-2015-2774, FEDORA-2015-12923, FEDORA-2015-12970, openSUSE-SU-2016:0523-1, sk103683, SOL15882, USN-3571-1, VIGILANCE-VUL-15756.

Description of the vulnerability

The VIGILANCE-VUL-15485 (POODLE) vulnerability originates from an incorrect management of SSLv3 padding.

The F5 BIG-IP product can be configured to "terminate" SSL/TLS sessions. However, even when TLS is used, this BIG-IP feature uses the SSLv3 function to manage the padding. TLS sessions are thus also vulnerable to POODLE.

The same vulnerability also impacts Check Point, Cisco, IBM and Fortinet products.

An attacker, located as a Man-in-the-Middle, can therefore decrypt a Terminating TLS session, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2014-8951

Check Point Security Gateway: denial of service via UserCheck

Synthesis of the vulnerability

An attacker can generate an error in UserCheck of Check Point Security Gateway, in order to trigger a denial of service.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 17/11/2014.
Identifiers: CVE-2014-8951, sk100505, VIGILANCE-VUL-15656.

Description of the vulnerability

The UserCheck feature can be enabled on the Check Point Security Gateway product.

However, a redirect to the UserCheck page triggers a fatal error in uc_set_redirect_url().

An attacker can therefore generate an error in UserCheck of Check Point Security Gateway, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2014-8950

Check Point Security Gateway: denial of service via HTTPS

Synthesis of the vulnerability

An attacker can send a malicious HTTPS packet to Check Point Security Gateway, in order to trigger a denial of service.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 17/11/2014.
Identifiers: CVE-2014-8950, sk98935, VIGILANCE-VUL-15655.

Description of the vulnerability

The URL Filtering or Identity Awareness feature can be enabled on the Check Point Security Gateway product.

However, when a malicious HTTPS packet is received, a fatal error occurs.

An attacker can therefore send a malicious HTTPS packet to Check Point Security Gateway, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.