The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Etch

vulnerability bulletin CVE-2017-12197

libpam4j: privilege escalation via pam_acct_mgmt

Synthesis of the vulnerability

An attacker can bypass restrictions via pam_acct_mgmt() of libpam4j, in order to escalate his privileges.
Impacted products: Debian.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 07/11/2017.
Identifiers: CVE-2017-12197, DLA-1165-1, DSA-4025-1, VIGILANCE-VUL-24363.

Description of the vulnerability

An attacker can bypass restrictions via pam_acct_mgmt() of libpam4j, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-16538

Linux kernel: denial of service via drivers/media/usb/dvb-usb-v2/lmedm04.c

Synthesis of the vulnerability

An attacker can generate a fatal error via drivers/media/usb/dvb-usb-v2/lmedm04.c of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2018-AVI-005, CERTFR-2018-AVI-009, CERTFR-2018-AVI-014, CERTFR-2018-AVI-018, CERTFR-2018-AVI-048, CERTFR-2018-AVI-198, CERTFR-2018-AVI-408, CVE-2017-16538, DSA-4073-1, DSA-4082-1, FEDORA-2017-08a350c878, FEDORA-2017-31d7720d7e, FEDORA-2018-884a105c04, SUSE-SU-2018:0011-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0115-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, USN-3631-1, USN-3631-2, USN-3754-1, VIGILANCE-VUL-24342.

Description of the vulnerability

An attacker can generate a fatal error via drivers/media/usb/dvb-usb-v2/lmedm04.c of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-16537

Linux kernel: NULL pointer dereference via imon_probe

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imon_probe() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-458, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-408, CVE-2017-16537, DLA-1200-1, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3754-1, VIGILANCE-VUL-24341.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imon_probe() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-16536

Linux kernel: NULL pointer dereference via cx231xx_usb_probe

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via cx231xx_usb_probe() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-458, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CERTFR-2018-AVI-170, CERTFR-2018-AVI-408, CVE-2017-16536, DLA-1200-1, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, USN-3619-1, USN-3619-2, USN-3754-1, VIGILANCE-VUL-24340.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via cx231xx_usb_probe() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-16535

Linux kernel: out-of-bounds memory reading via usb_get_bos_descriptor

Synthesis of the vulnerability

An attacker can force a read at an invalid address via usb_get_bos_descriptor() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, McAfee Web Gateway, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-424, CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CERTFR-2018-AVI-408, CVE-2017-16535, DLA-1200-1, SB10211, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3265-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, USN-3485-1, USN-3485-2, USN-3485-3, USN-3507-1, USN-3507-2, USN-3754-1, VIGILANCE-VUL-24339.

Description of the vulnerability

An attacker can force a read at an invalid address via usb_get_bos_descriptor() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-16533

Linux kernel: out-of-bounds memory reading via usbhid_parse

Synthesis of the vulnerability

An attacker can force a read at an invalid address via usbhid_parse() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, McAfee Web Gateway, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-424, CERTFR-2017-AVI-426, CERTFR-2018-AVI-408, CERTFR-2018-AVI-579, CERTFR-2019-AVI-038, CVE-2017-16533, DLA-1200-1, openSUSE-SU-2018:3658-1, SB10211, SUSE-SU-2018:3589-1, SUSE-SU-2018:3746-1, SUSE-SU-2018:3934-1, SUSE-SU-2018:4069-1, SUSE-SU-2019:13937-1, USN-3485-1, USN-3485-2, USN-3485-3, USN-3487-1, USN-3754-1, VIGILANCE-VUL-24337.

Description of the vulnerability

An attacker can force a read at an invalid address via usbhid_parse() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-16532

Linux kernel: NULL pointer dereference via get_endpoints

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via get_endpoints() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-408, CVE-2017-16532, DLA-1200-1, FEDORA-2017-08a350c878, FEDORA-2017-31d7720d7e, FEDORA-2018-884a105c04, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3754-1, VIGILANCE-VUL-24336.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via get_endpoints() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-16531

Linux kernel: out-of-bounds memory reading via drivers/usb/core/config.c

Synthesis of the vulnerability

An attacker can force a read at an invalid address via drivers/usb/core/config.c of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, McAfee Web Gateway, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-424, CERTFR-2017-AVI-426, CERTFR-2017-AVI-448, CERTFR-2017-AVI-458, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CERTFR-2018-AVI-408, CVE-2017-16531, DLA-1200-1, SB10211, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3265-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, USN-3485-1, USN-3485-2, USN-3485-3, USN-3487-1, USN-3754-1, VIGILANCE-VUL-24335.

Description of the vulnerability

An attacker can force a read at an invalid address via drivers/usb/core/config.c of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-16529

Linux kernel: out-of-bounds memory reading via snd_usb_create_streams

Synthesis of the vulnerability

An attacker can force a read at an invalid address via snd_usb_create_streams() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Android OS, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-424, CERTFR-2017-AVI-426, CERTFR-2017-AVI-448, CERTFR-2017-AVI-458, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CERTFR-2018-AVI-408, CVE-2017-16529, DLA-1200-1, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3265-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, USN-3485-1, USN-3485-2, USN-3485-3, USN-3487-1, USN-3754-1, VIGILANCE-VUL-24333.

Description of the vulnerability

An attacker can force a read at an invalid address via snd_usb_create_streams() of the Linux kernel, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-16527

Linux kernel: use after free via snd_usb_mixer_interrupt

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via snd_usb_mixer_interrupt() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 06/11/2017.
Identifiers: CERTFR-2017-AVI-424, CERTFR-2017-AVI-426, CERTFR-2017-AVI-448, CERTFR-2017-AVI-458, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, CERTFR-2018-AVI-408, CVE-2017-16527, DLA-1200-1, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3265-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, USN-3485-1, USN-3485-2, USN-3485-3, USN-3487-1, USN-3754-1, VIGILANCE-VUL-24331.

Description of the vulnerability

An attacker can force the usage of a freed memory area via snd_usb_mixer_interrupt() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Etch: