The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Jessie

computer vulnerability CVE-2015-3165 CVE-2015-3166 CVE-2015-3167

PostgreSQL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PostgreSQL.
Impacted products: Debian, Fedora, PostgreSQL, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 22/05/2015.
Identifiers: CERTFR-2015-AVI-239, CVE-2015-3165, CVE-2015-3166, CVE-2015-3167, DSA-3269-1, DSA-3269-2, DSA-3270-1, FEDORA-2015-8815, RHSA-2015:1194-01, RHSA-2015:1195-01, RHSA-2015:1196-01, USN-2621-1, VIGILANCE-VUL-16975.

Description of the vulnerability

Several vulnerabilities were announced in PostgreSQL.

An attacker can force the usage of a freed memory area after an Authentication Timeout, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2015-3165]

An attacker can trigger a fatal error in Standard Library, in order to trigger a denial of service. [severity:2/4; CVE-2015-3166]

An attacker can read the various pgcrypto error messages, in order to more easily perform a brute force. [severity:1/4; CVE-2015-3167]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-4000

TLS: weakening Diffie-Hellman via Logjam

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Impacted products: Apache httpd, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Clearswift Email Gateway, Debian, Summit, Fedora, FileZilla Server, FreeBSD, HPE BSM, HPE NNMi, HP Operations, HP-UX, AIX, DB2 UDB, IRAD, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, JUNOS, Junos Pulse, Juniper Network Connect, Juniper SBR, lighttpd, ePO, Firefox, NSS, MySQL Community, MySQL Enterprise, Data ONTAP, Snap Creator Framework, SnapManager, NetBSD, nginx, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraDB Cluster, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, Polycom VBP, Postfix, SSL protocol, Pulse Connect Secure, Puppet, RHEL, JBoss EAP by Red Hat, Sendmail, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 20/05/2015.
Revision date: 20/05/2015.
Identifiers: 1610582, 1647054, 1957980, 1958984, 1959033, 1959539, 1959745, 1960194, 1960418, 1960862, 1962398, 1962694, 1963151, 9010038, 9010039, 9010041, 9010044, BSA-2015-005, bulletinjan2016, bulletinjul2015, c04725401, c04760669, c04767175, c04770140, c04773119, c04773241, c04774058, c04778650, c04832246, c04918839, c04926789, CERTFR-2016-AVI-303, CTX216642, CVE-2015-4000, DLA-507-1, DSA-3287-1, DSA-3300-1, DSA-3688-1, FEDORA-2015-10047, FEDORA-2015-10108, FEDORA-2015-9048, FEDORA-2015-9130, FEDORA-2015-9161, FreeBSD-EN-15:08.sendmail, FreeBSD-SA-15:10.openssl, HPSBGN03399, HPSBGN03407, HPSBGN03411, HPSBGN03417, HPSBHF03433, HPSBMU03345, HPSBMU03401, HPSBUX03363, HPSBUX03388, HPSBUX03435, HPSBUX03512, JSA10681, Logjam, NetBSD-SA2015-008, NTAP-20150616-0001, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2015:1209-1, openSUSE-SU-2015:1216-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2016:0226-1, openSUSE-SU-2016:0255-1, openSUSE-SU-2016:0261-1, openSUSE-SU-2016:2267-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1072-01, RHSA-2015:1185-01, RHSA-2015:1197-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA111, SA40002, SA98, SB10122, SSA:2015-219-02, SSRT102180, SSRT102254, SSRT102964, SSRT102977, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1177-1, SUSE-SU-2015:1177-2, SUSE-SU-2015:1181-1, SUSE-SU-2015:1181-2, SUSE-SU-2015:1182-2, SUSE-SU-2015:1183-1, SUSE-SU-2015:1183-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, SUSE-SU-2015:1268-1, SUSE-SU-2015:1268-2, SUSE-SU-2015:1269-1, SUSE-SU-2015:1581-1, SUSE-SU-2016:0224-1, TSB16728, USN-2624-1, USN-2625-1, USN-2656-1, USN-2656-2, VIGILANCE-VUL-16950, VN-2015-007.

Description of the vulnerability

The Diffie-Hellman algorithm is used to exchange cryptographic keys. The DHE_EXPORT suite uses prime numbers smaller than 512 bits.

The Diffie-Hellman algorithm is used by TLS. However, during the negotiation, an attacker, located as a Man-in-the-Middle, can force TLS to use DHE_EXPORT (event if stronger suites are available).

This vulnerability can then be combined with VIGILANCE-VUL-16951.

An attacker, located as a Man-in-the-Middle, can therefore force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-1251 CVE-2015-1252 CVE-2015-1253

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Chrome, openSUSE, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 19/05/2015.
Identifiers: CERTFR-2015-AVI-233, CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264, CVE-2015-1265, CVE-2015-3910, DSA-3267-1, openSUSE-SU-2015:0969-1, openSUSE-SU-2015:1867-1, openSUSE-SU-2015:1872-1, openSUSE-SU-2015:1873-1, openSUSE-SU-2015:1876-1, openSUSE-SU-2015:1877-1, openSUSE-SU-2015:1887-1, RHSA-2015:1023-01, USN-2610-1, VIGILANCE-VUL-16943, ZDI-15-236.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can bypass security features in Sandbox, in order to escalate his privileges. [severity:4/4; CVE-2015-1252]

An attacker can trigger a Cross Origin Bypass in DOM, in order to execute JavaScript code in the context of the web site. [severity:4/4; CVE-2015-1253]

An attacker can trigger a Cross Origin Bypass in Editing, in order to execute JavaScript code in the context of the web site. [severity:4/4; CVE-2015-1254]

An attacker can force the usage of a freed memory area in WebAudio, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-1255]

An attacker can force the usage of a freed memory area in SVG, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-1256]

An attacker can force the usage of a freed memory area in Speech, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-1251, ZDI-15-236]

An attacker can generate a buffer overflow in SVG, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1257]

An attacker can generate an integer overflow in Libvpx, in order to trigger a denial of service, and possibly to execute code (VIGILANCE-VUL-17972). [severity:3/4; CVE-2015-1258]

An attacker can generate a memory corruption in PDFium, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1259]

An attacker can force the usage of a freed memory area in WebRTC, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1260]

An attacker can spoof the address bar. [severity:2/4; CVE-2015-1261]

An attacker can generate a memory corruption in Blink, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1262]

An attacker can trigger an unsecured download in Spellcheck. [severity:2/4; CVE-2015-1263]

An attacker can trigger a Cross Site Scripting in Bookmarks, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2015-1264]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-1265]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-3902 CVE-2015-3903

phpMyAdmin: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Impacted products: Debian, Fedora, openSUSE, phpMyAdmin.
Severity: 2/4.
Creation date: 18/05/2015.
Identifiers: CERTFR-2015-AVI-226, CVE-2015-3902, CVE-2015-3903, DSA-3382-1, FEDORA-2015-8267, FEDORA-2015-8274, openSUSE-SU-2015:1191-1, PMASA-2015-2, PMASA-2015-3, VIGILANCE-VUL-16921.

Description of the vulnerability

Several vulnerabilities were announced in phpMyAdmin.

An attacker can trigger a Cross Site Request Forgery in PhpMyAdmin Setup, in order to force the victim to perform operations. [severity:2/4; CVE-2015-3902, PMASA-2015-2]

An attacker can use a Man-in-the-Middle in the GitHub API, in order to read or alter data. [severity:2/4; CVE-2015-3903, PMASA-2015-3]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-4025 CVE-2015-4026

PHP: file access via the null character

Synthesis of the vulnerability

When a PHP application does not filter null characters in its parameters, and then uses these parameters to access to a file, the name of the file which is really accessed is truncated.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 18/05/2015.
Identifiers: bulletinjul2017, CERTFR-2015-AVI-234, CVE-2015-4025, CVE-2015-4026, CVE-2017-4025-ERROR, DSA-3280-1, FEDORA-2015-8370, FEDORA-2015-8383, openSUSE-SU-2015:0993-1, openSUSE-SU-2017:3329-1, RHSA-2015:1135-01, RHSA-2015:1186-01, RHSA-2015:1187-01, RHSA-2015:1218-01, RHSA-2015:1219-01, SOL16993, SSA:2015-162-02, SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2016:1638-1, USN-2658-1, VIGILANCE-VUL-16918.

Description of the vulnerability

The PHP language offers several file processing functions: set_include_path(), tempnam(), rmdir() and readlink().

The C language uses the null '\0' character as the end of a string, but the PHP language allows a string to contain a null: "str\0ing".

File processing functions (implemented in C) truncate the file name after the null character. However, the optional PHP code checking the file name validity does not truncate the file name. This inconsistency can for example allow the access to a file, even if its extension is invalid.

When a PHP application does not filter null characters in its parameters, and then uses these parameters to access to a file, the name of the file which is really accessed is therefore truncated.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-7810

Apache Tomcat: privilege escalation via Web Application

Synthesis of the vulnerability

An attacker can create a malicious application, and invite the administrator to install it on Apache Tomcat, in order to escalate his privileges.
Impacted products: Tomcat, Debian, HP-UX, Solaris, RHEL.
Severity: 2/4.
Creation date: 18/05/2015.
Identifiers: bulletinoct2015, c05054964, CVE-2014-7810, DSA-3428-1, DSA-3447-1, DSA-3530-1, HPSBUX03561, RHSA-2015:1621-01, RHSA-2015:1622-01, RHSA-2016:0492-01, VIGILANCE-VUL-16917.

Description of the vulnerability

The Apache Tomcat administrator can accept to install web applications from untrusted sources.

However, these applications can use the Expression Language to bypass the Security Manager.

An attacker can therefore create a malicious application, and invite the administrator to install it on Apache Tomcat, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-4024

PHP: denial of service via multipart/form-data

Synthesis of the vulnerability

An attacker can send specially formed multipart/form-data data to PHP, in order to trigger a denial of service.
Impacted products: CheckPoint Security Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 18/05/2015.
Identifiers: 69364, bulletinjul2015, bulletinjul2017, CERTFR-2015-AVI-234, CVE-2015-4024, DSA-3280-1, FEDORA-2015-8370, FEDORA-2015-8383, openSUSE-SU-2015:0993-1, RHSA-2015:1135-01, RHSA-2015:1186-01, RHSA-2015:1187-01, RHSA-2015:1218-01, RHSA-2015:1219-01, sk106834, SOL16826, SSA:2015-162-02, SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2016:1638-1, USN-2658-1, VIGILANCE-VUL-16916.

Description of the vulnerability

The PHP product supports data in the MIME multipart format of type "form-data".

However, if the file name is on several lines, the multipart_buffer_headers() function consumes numerous resources to rebuilt it.

An attacker can therefore send specially formed multipart/form-data data to PHP, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-4022

PHP: integer overflow of ftp_genlist

Synthesis of the vulnerability

An attacker can generate an integer overflow in ftp_genlist() of PHP, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 18/05/2015.
Identifiers: 69545, bulletinjul2017, CERTFR-2015-AVI-234, CVE-2015-4022, DSA-3280-1, FEDORA-2015-8370, FEDORA-2015-8383, openSUSE-SU-2015:0993-1, RHSA-2015:1135-01, RHSA-2015:1187-01, RHSA-2015:1218-01, RHSA-2015:1219-01, SSA:2015-162-02, SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2016:1638-1, USN-2658-1, VIGILANCE-VUL-16915.

Description of the vulnerability

The PHP product implements a FTP client.

However, if a directory listing is too large, a size overflows, and an allocated memory area is too short in ftp_genlist().

An attacker can therefore generate an integer overflow in ftp_genlist() of PHP, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-4021

PHP: memory corruption via phar_parse_tarfile

Synthesis of the vulnerability

An attacker can generate a memory corruption in phar_parse_tarfile() of PHP, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 18/05/2015.
Identifiers: 69453, bulletinjul2017, CERTFR-2015-AVI-234, CVE-2015-4021, DSA-3280-1, FEDORA-2015-8370, FEDORA-2015-8383, openSUSE-SU-2015:0993-1, RHSA-2015:1135-01, RHSA-2015:1186-01, RHSA-2015:1187-01, RHSA-2015:1218-01, RHSA-2015:1219-01, SSA:2015-162-02, SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2016:1638-1, USN-2658-1, VIGILANCE-VUL-16913.

Description of the vulnerability

The PHP product uses the Phar extension to manipulate PHP archives.

However, when a file name starts by the '\0' character, the phar_parse_tarfile() function writes a null byte before the storage array.

An attacker can therefore generate a memory corruption in phar_parse_tarfile() of PHP, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-4037

QEMU: file corruption via /tmp/qemu-smb

Synthesis of the vulnerability

A local attacker can create a symbolic link named /tmp/qemu-smb.pid-N, in order to alter the pointed file, with privileges of QEMU.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Creation date: 18/05/2015.
Identifiers: CVE-2015-4037, DSA-3284-1, DSA-3285-1, FEDORA-2015-9599, FEDORA-2015-9601, openSUSE-SU-2015:1964-1, openSUSE-SU-2015:1965-1, openSUSE-SU-2015:2003-1, SUSE-SU-2015:1519-1, SUSE-SU-2015:1853-1, SUSE-SU-2015:1894-1, SUSE-SU-2015:1908-1, SUSE-SU-2015:1952-1, SUSE-SU-2016:0658-1, USN-2630-1, VIGILANCE-VUL-16910.

Description of the vulnerability

The QEMU product uses a temporary file named /tmp/qemu-smb.pid-N.

However, when the file is opened, the program does not check if it is an existing symbolic link. The file pointed by the link is thus opened with privileges of the program.

Moreover, the file name is predictable, and is located in a publicly writable directory, so the attacker can create the symbolic link before its usage.

A local attacker can therefore create a symbolic link named /tmp/qemu-smb.pid-N, in order to alter the pointed file, with privileges of QEMU.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Jessie: