The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Jessie

vulnerability announce CVE-2016-1978

Mozilla NSS: use after free via Low Memory

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in Mozilla NSS, in order to trigger a denial of service, and possibly to run code.
Impacted products: Blue Coat CAS, Debian, Firefox, NSS, SeaMonkey, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 14/03/2016.
Identifiers: CVE-2016-1978, DLA-480-1, DSA-3688-1, MFSA-2016-15, RHSA-2016:0591-01, RHSA-2016:0684-01, RHSA-2016:0685-01, SA124, SUSE-SU-2016:0727-1, SUSE-SU-2016:0777-1, SUSE-SU-2016:0820-1, SUSE-SU-2016:0909-1, USN-2973-1, VIGILANCE-VUL-19162.

Description of the vulnerability

The Mozilla NSS library processes SSL DHE and ECDHE handshakes.

However, in low memory conditions, the ssl3_HandleECDHServerKeyExchange() function frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area in Mozilla NSS, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-3172

Cacti: SQL injection of tree.php

Synthesis of the vulnerability

An attacker can use a SQL injection in tree.php of Cacti, in order to read or alter data.
Impacted products: Cacti, Debian, openSUSE, openSUSE Leap.
Severity: 2/4.
Creation date: 11/03/2016.
Identifiers: 2667, CVE-2016-3172, DLA-560-1, DLA-560-2, openSUSE-SU-2016:1328-1, VIGILANCE-VUL-19157.

Description of the vulnerability

The Cacti product uses a database.

However, user's data entered via tree.php are directly inserted in a SQL query.

An attacker can therefore use a SQL injection in tree.php of Cacti, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-3153 CVE-2016-3154

SPIP: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SPIP.
Impacted products: Debian, SPIP.
Severity: 4/4.
Creation date: 10/03/2016.
Identifiers: CERTFR-2016-AVI-096, CVE-2016-3153, CVE-2016-3154, DSA-3518-1, VIGILANCE-VUL-19154.

Description of the vulnerability

Several vulnerabilities were announced in SPIP.

An attacker can inject PHP code, in order to run code. [severity:4/4; CVE-2016-3153]

An attacker can use unserialize(), in order to inject objects. [severity:3/4; CVE-2016-3154]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-3115

OpenSSH: injection of xauth commands

Synthesis of the vulnerability

An attacker, who has an account with OpenSSH, but which is restricted and without a shell access, can transmit xauth commands via OpenSSH, in order to read/write a file with his own privileges.
Impacted products: Blue Coat CAS, Debian, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Copssh, NSM Central Manager, NSMXpress, Data ONTAP, OpenBSD, OpenSSH, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 1/4.
Creation date: 10/03/2016.
Identifiers: 000008913, 499797, bulletinapr2016, CERTFR-2016-AVI-097, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-3115, DLA-1500-1, DLA-1500-2, ESA-2017-025, FEDORA-2016-188267b485, FEDORA-2016-bb59db3c86, FEDORA-2016-d339d610c1, FEDORA-2016-fc1cc33e05, FreeBSD-SA-16:14.openssh, JSA10774, K93532943, NTAP-20160519-0001, openSUSE-SU-2016:1455-1, RHSA-2016:0465-01, RHSA-2016:0466-01, SA121, SA126, SOL93532943, SSA:2016-070-01, USN-2966-1, VIGILANCE-VUL-19152.

Description of the vulnerability

The xauth utility manages credentials of the user to access to X11.

When X11Forwarding is enabled in sshd_config, the OpenSSH daemon transmits credentials to xauth. However, OpenSSH does not filter line feeds contained in these credentials. So xauth commands can thus be transmitted to xauth. These commands can read/write a file with user's privileges, or to connect to a port.

An attacker, who has an account with OpenSSH, but which is restricted and without a shell access, can therefore transmit xauth commands via OpenSSH, in order to read/write a file with his own privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-3134 CVE-2016-3135

Linux kernel: memory corruption via IPT_SO_SET_REPLACE

Synthesis of the vulnerability

A local attacker with CONFIG_USER_NS can generate a memory corruption via the IPT_SO_SET_REPLACE option of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, netfilter, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 10/03/2016.
Identifiers: CERTFR-2016-AVI-099, CERTFR-2016-AVI-267, CERTFR-2016-AVI-278, CVE-2016-3134, CVE-2016-3135, DLA-516-1, DSA-3607-1, FEDORA-2016-02ed08bf15, FEDORA-2016-3a57b19360, openSUSE-SU-2016:1641-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2649-1, RHSA-2016:1847-01, RHSA-2016:1875-01, RHSA-2016:1883-01, SUSE-SU-2016:1672-1, SUSE-SU-2016:1690-1, SUSE-SU-2016:1696-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2074-1, SUSE-SU-2016:2245-1, USN-2929-1, USN-2929-2, USN-2930-1, USN-2930-2, USN-2930-3, USN-2931-1, USN-2932-1, USN-3049-1, USN-3050-1, USN-3051-1, USN-3052-1, USN-3053-1, USN-3054-1, USN-3055-1, USN-3056-1, USN-3057-1, VIGILANCE-VUL-19150.

Description of the vulnerability

The Linux kernel implements the IPT_SO_SET_REPLACE option of setsockopt() which alters a rule of netfilter iptables. The usage of this option requires no privileges when CONFIG_USER_NS=y.

However, an attacker can create an ipt_entry structure with a next_offset field too large, which leads to a memory corruption.

A local attacker with CONFIG_USER_NS can therefore generate a memory corruption via the IPT_SO_SET_REPLACE option of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-2097 CVE-2016-2098

Rails: two vulnerabilities of Action Pack

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Action Pack of Rails.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL.
Severity: 2/4.
Creation date: 10/03/2016.
Identifiers: CVE-2016-2097, CVE-2016-2098, DLA-604-1, DSA-3509-1, FEDORA-2016-3954061e32, FEDORA-2016-f6af14570f, openSUSE-SU-2016:0790-1, openSUSE-SU-2016:0835-1, RHSA-2016:0454-01, RHSA-2016:0455-01, RHSA-2016:0456-01, VIGILANCE-VUL-19146.

Description of the vulnerability

Several vulnerabilities were announced in Rails.

An attacker can traverse directories in Action View, in order to read a file outside the root path. [severity:2/4; CVE-2016-2097]

An attacker can use a vulnerability in Render Method, in order to run code. [severity:2/4; CVE-2016-2098]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-1285 CVE-2016-1286 CVE-2016-2088

ISC BIND: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, McAfee Email Gateway, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 10/03/2016.
Identifiers: bulletinjan2016, c05087821, CVE-2016-1285, CVE-2016-1286, CVE-2016-2088, DSA-3511-1, FEDORA-2016-161b73fc2c, FEDORA-2016-364c0a9df4, FEDORA-2016-5047abe4a9, FEDORA-2016-b593e84223, FreeBSD-SA-16:13.bind, HPSBUX03583, openSUSE-SU-2016:0827-1, openSUSE-SU-2016:0830-1, openSUSE-SU-2016:0834-1, openSUSE-SU-2016:0859-1, RHSA-2016:0458-01, RHSA-2016:0459-01, RHSA-2016:0562-01, RHSA-2016:0601-01, SB10214, SOL62012529, SSA:2016-069-01, SSRT110084, SUSE-SU-2016:0759-1, SUSE-SU-2016:0780-1, SUSE-SU-2016:0825-1, USN-2925-1, VIGILANCE-VUL-19144.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can force an assertion error via rndc, in order to trigger a denial of service. [severity:2/4; CVE-2016-1285]

An attacker can force an assertion error via DNAME, in order to trigger a denial of service. [severity:3/4; CVE-2016-1286]

An attacker can force an assertion error via DNS Cookies, in order to trigger a denial of service. [severity:3/4; CVE-2016-2088]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-3140

Linux kernel: NULL pointer dereference via digi_acceleport

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in the digi_acceleport() function of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 09/03/2016.
Identifiers: CERTFR-2016-AVI-156, CERTFR-2016-AVI-159, CERTFR-2016-AVI-199, CVE-2016-3140, DLA-516-1, DSA-3607-1, FEDORA-2016-7e602c0e5e, FEDORA-2016-ed5110c4bb, openSUSE-SU-2016:1382-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, OS-S 2016-12, SUSE-SU-2016:1203-1, SUSE-SU-2016:1672-1, SUSE-SU-2016:1690-1, SUSE-SU-2016:1696-1, SUSE-SU-2016:1707-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, USN-2965-1, USN-2965-2, USN-2965-3, USN-2965-4, USN-2968-1, USN-2968-2, USN-2970-1, USN-2971-1, USN-2971-2, USN-2971-3, USN-2996-1, USN-2997-1, USN-3000-1, VIGILANCE-VUL-19142.

Description of the vulnerability

The Linux kernel uses various drivers to manage USB devices.

However, if a malicious USB device is plugged, the digi_acceleport() function does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in the digi_acceleport() function of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-3136

Linux kernel: NULL pointer dereference via mct_u232

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in the mct_u232() function of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 09/03/2016.
Identifiers: CERTFR-2016-AVI-156, CERTFR-2016-AVI-159, CERTFR-2016-AVI-199, CVE-2016-3136, DLA-516-1, DSA-3607-1, FEDORA-2016-7e602c0e5e, FEDORA-2016-ed5110c4bb, openSUSE-SU-2016:1382-1, openSUSE-SU-2016:2144-1, OS-S 2016-08, SUSE-SU-2016:1690-1, SUSE-SU-2016:1696-1, SUSE-SU-2016:1764-1, USN-2965-1, USN-2965-2, USN-2965-3, USN-2965-4, USN-2968-1, USN-2968-2, USN-2970-1, USN-2971-1, USN-2971-2, USN-2971-3, USN-2996-1, USN-2997-1, USN-3000-1, VIGILANCE-VUL-19140.

Description of the vulnerability

The Linux kernel uses various drivers to manage USB devices.

However, if a malicious USB device is plugged, the mct_u232() function does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in the mct_u232() function of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-3137

Linux kernel: NULL pointer dereference via cypress_m8

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in the cypress_m8() function of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 09/03/2016.
Identifiers: CERTFR-2016-AVI-156, CERTFR-2016-AVI-159, CERTFR-2016-AVI-199, CVE-2016-3137, DLA-516-1, DSA-3607-1, FEDORA-2016-7e602c0e5e, FEDORA-2016-ed5110c4bb, openSUSE-SU-2016:1382-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, OS-S 2016-07, SUSE-SU-2016:1203-1, SUSE-SU-2016:1672-1, SUSE-SU-2016:1690-1, SUSE-SU-2016:1696-1, SUSE-SU-2016:1707-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, USN-2965-1, USN-2965-2, USN-2965-3, USN-2965-4, USN-2968-1, USN-2968-2, USN-2970-1, USN-2971-1, USN-2971-2, USN-2971-3, USN-2996-1, USN-2997-1, USN-3000-1, VIGILANCE-VUL-19139.

Description of the vulnerability

The Linux kernel uses various drivers to manage USB devices.

However, if a malicious USB device is plugged, the cypress_m8() function does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in the cypress_m8() function of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Jessie: