The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Jessie

vulnerability bulletin CVE-2015-4497 CVE-2015-4498

Mozilla Firefox: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 28/08/2015.
Identifiers: 1042699, 1164766, 1175278, CERTFR-2015-AVI-365, CVE-2015-4497, CVE-2015-4498, DSA-3345-1, FEDORA-2015-012399857d, FEDORA-2015-29dfba02ca, MFSA-2015-94, MFSA-2015-95, openSUSE-SU-2015:1492-1, RHSA-2015:1693-01, SSA:2015-241-01, SUSE-SU-2015:1476-1, SUSE-SU-2015:1504-1, SUSE-SU-2015:2081-1, USN-2723-1, VIGILANCE-VUL-17763, ZDI-15-406.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla Firefox.

An attacker can force the usage of a freed memory area when a CANVAS element is resized, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 1164766, 1175278, CVE-2015-4497, MFSA-2015-94, ZDI-15-406]

An attacker can force the installation of a module from a malicious source, in order to run code in Firefox context. [severity:3/4; 1042699, CVE-2015-4498, MFSA-2015-95]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-5219

NTP.org: infinite loop of sntp

Synthesis of the vulnerability

An attacker, spoofing replies of a NTP server, can generate an infinite loop in sntp of NTP.org, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, AIX, Meinberg NTP Server, NTP.org, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 25/08/2015.
Identifiers: CVE-2015-5219, DSA-3388-1, FEDORA-2015-14212, FEDORA-2015-77bfbc1bcd, ntp_advisory4, openSUSE-SU-2016:3280-1, RHSA-2016:0780-01, RHSA-2016:2583-02, SOL60352002, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, USN-2783-1, VIGILANCE-VUL-17748.

Description of the vulnerability

The NTP.org product implements a sntp client.

However, if the NTP server returns a malicious packet, an infinite loop occurs in sntp.

An attacker, spoofing replies of a NTP server, can therefore generate an infinite loop in sntp of NTP.org, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-7703

NTP.org: file creation via pidfile/driftfile

Synthesis of the vulnerability

An authenticated attacker can force NTP.org, to corrupt a file with its privileges.
Impacted products: Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco Unity ~ precise, Debian, Fedora, FreeBSD, Juniper J-Series, JUNOS, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, openSUSE Leap, pfSense, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 25/08/2015.
Identifiers: cisco-sa-20151021-ntp, CVE-2015-5196-REJECT, CVE-2015-7703, DSA-3388-1, FEDORA-2015-14212, FEDORA-2015-77bfbc1bcd, FreeBSD-SA-15:25.ntp, JSA10711, NetBSD-SA2016-001, openSUSE-SU-2015:2016-1, openSUSE-SU-2016:1423-1, RHSA-2016:0780-01, RHSA-2016:2583-02, SSA:2015-302-03, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-2783-1, VIGILANCE-VUL-17747.

Description of the vulnerability

The ntpd command can send configuration directives to the NTP.org server (after authentication). For example:
  ntpq -c ":config pidfile /tmp/ntp.pid"
  ntpq -c ":config driftfile /tmp/ntp.drift"

However, when the server receives this command, it overwrites the requested file

An authenticated attacker can therefore force NTP.org, to corrupt a file with its privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-5195

NTP.org: unreachable memory reading via statistics/filegen

Synthesis of the vulnerability

An authenticated attacker can force a read at an invalid address in NTP.org, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Meinberg NTP Server, NTP.org, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 25/08/2015.
Identifiers: CVE-2015-5195, DSA-3388-1, FEDORA-2015-14212, FEDORA-2015-77bfbc1bcd, RHSA-2016:0780-01, RHSA-2016:2583-02, sol02360853, USN-2783-1, VIGILANCE-VUL-17746.

Description of the vulnerability

The ntpd command can send configuration directives to the NTP.org server (after authentication). For example:
  ntpq -c ":config statistics timingstats"
  ntpq -c ":config filegen timingstats"

However, when the server receives this command, it tries to read an unreachable memory area, which triggers a fatal error.

An authenticated attacker can therefore force a read at an invalid address in NTP.org, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-5194

NTP.org: unreachable memory reading via logconfig

Synthesis of the vulnerability

An authenticated attacker can force a read at an invalid address in NTP.org, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Meinberg NTP Server, NTP.org, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 25/08/2015.
Identifiers: CVE-2015-5194, DSA-3388-1, FEDORA-2015-14212, FEDORA-2015-77bfbc1bcd, RHSA-2016:0780-01, RHSA-2016:2583-02, sol02360853, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-2783-1, VIGILANCE-VUL-17745.

Description of the vulnerability

The ntpd command can send configuration directives to the NTP.org server (after authentication). For example:
  ntpq -c ":config logconfig a"

However, when the server receives this command, it tries to read an unreachable memory area, which triggers a fatal error.

An authenticated attacker can therefore force a read at an invalid address in NTP.org, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-3219 CVE-2015-3988

OpenStack Dashboard/Horizon: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenStack Dashboard/Horizon.
Impacted products: Debian, RHEL.
Severity: 2/4.
Creation date: 25/08/2015.
Identifiers: CVE-2015-3219, CVE-2015-3988, DSA-3617-1, RHSA-2015:1679-01, VIGILANCE-VUL-17738.

Description of the vulnerability

Several vulnerabilities were announced in OpenStack Dashboard/Horizon.

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2015-3219]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2015-3988]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-5225

QEMU: buffer overflow of vnc_refresh_server_surface

Synthesis of the vulnerability

An attacker, who is privileged in a guest system, can generate a buffer overflow in the vnc_refresh_server_surface() function of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: Debian, Fedora, QEMU, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 24/08/2015.
Identifiers: CVE-2015-5225, DSA-3348-1, FEDORA-2015-15364, FEDORA-2015-16368, RHSA-2015:1772-01, USN-2724-1, VIGILANCE-VUL-17734.

Description of the vulnerability

The QEMU product implements a VNC display driver in the ui/vnc.c file.

However, if the size of data is greater than the size of the storage array, an overflow occurs in the vnc_refresh_server_surface() function.

An attacker, who is privileged in a guest system, can therefore generate a buffer overflow in the vnc_refresh_server_surface() function of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-5949

VideoLAN VLC: memory corruption via 3GP

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious 3GP video, to generate a memory corruption in VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE Leap, VLC.
Severity: 3/4.
Creation date: 20/08/2015.
Identifiers: CVE-2015-5949, DSA-3342-1, ocert-2015-009, openSUSE-SU-2016:0476-1, VIGILANCE-VUL-17722.

Description of the vulnerability

The VideoLAN VLC product supports the 3GP format, which is a simplified version of MP4.

However, the MP4_BoxFree() function does not correctly process a pointer list, which corrupts the memory.

An attacker can therefore invite the victim to open a malicious 3GP video, to generate a memory corruption in VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-6658 CVE-2015-6659 CVE-2015-6660

Drupal: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Drupal.
Impacted products: Debian, Drupal Core, Fedora.
Severity: 2/4.
Creation date: 20/08/2015.
Identifiers: CERTFR-2015-AVI-367, CVE-2015-6658, CVE-2015-6659, CVE-2015-6660, CVE-2015-6661, CVE-2015-6665, DSA-3346-1, FEDORA-2015-13916, FEDORA-2015-13917, FEDORA-2015-14442, FEDORA-2015-14444, SA-CORE-2015-003, VIGILANCE-VUL-17718.

Description of the vulnerability

Several vulnerabilities were announced in Drupal.

An attacker can trigger a Cross Site Scripting in Drupal via Ajax system, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2015-6665]

An attacker can trigger a Cross Site Scripting in Drupal via Autocomplete system, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2015-6658]

An attacker can use a SQL injection in Drupal via Database API, in order to read or alter data. [severity:2/4; CVE-2015-6659]

An attacker can trigger a Cross Site Request Forgery in Drupal via Form API, in order to force the victim to perform operations. [severity:2/4; CVE-2015-6660]

An attacker can bypass security features in Drupal Access system, in order to obtain sensitive information. [severity:1/4; CVE-2015-6661]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-2721

Mozilla NSS: disabling Forward Secrecy of ECDHE_ECDSA

Synthesis of the vulnerability

An attacker can act as a Man-in-the-middle on an ECDHE_ECDSA exchange with a Mozilla NSS client, in order to disable the Forward Secrecy, which may ease the session decryption.
Impacted products: Debian, NSS, Solaris, RHEL.
Severity: 1/4.
Creation date: 18/08/2015.
Identifiers: 1086145, bulletinoct2015, CVE-2015-2721, DSA-3336-1, MFSA-2015-71, RHSA-2015:1664-01, VIGILANCE-VUL-17695.

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

During an ECDHE_ECDSA exchange, if the server does not send the ServerKeyExchange message, the TLS client must abort the handshake. However, NSS accepts it, and it uses the EC key from the ECDSA certificate, which prevents Forward Secrecy.

This vulnerability is a variant of VIGILANCE-VUL-16300.

An attacker can therefore act as a Man-in-the-middle on an ECDHE_ECDSA exchange with a Mozilla NSS client, in order to disable the Forward Secrecy, which may ease the session decryption.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Jessie: