| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Debian Lenny
Apache Batik: external XML entity injection
Synthesis of the vulnerability
An attacker can transmit malicious XML data to Apache Batik, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Debian, Fedora, QRadar SIEM, WebSphere AS Traditional, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 05/06/2015.
Identifiers: 1959083, 1963275, 2015810, 7014463, 7022958, CVE-2015-0250, DSA-3205-1, FEDORA-2015-8745, FEDORA-2015-8783, FEDORA-2015-8803, MDVSA-2015:203, RHSA-2015:2559-01, RHSA-2015:2560-01, RHSA-2016:0041-01, RHSA-2016:0042-01, USN-2548-1, VIGILANCE-VUL-17069.
Description of the vulnerability
An attacker can transmit malicious XML data to Apache Batik, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: use after free via NewSessionTicket
Synthesis of the vulnerability
An attacker, who own a malicious TLS server, can send the NewSessionTicket message, to force the usage of a freed memory area in a client linked to OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Impacted products: ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Operations, HP Switch, HP-UX, AIX, IRAD, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SBR, McAfee Email and Web Security, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP, Snap Creator Framework, SnapManager, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, Puppet, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet client.
Creation date: 04/06/2015.
Identifiers: 1961569, 1964113, 1970103, 2003480, 2003620, 2003673, 9010038, 9010039, bulletinjul2015, c04760669, c05184351, c05353965, CERTFR-2015-AVI-431, CERTFR-2016-AVI-128, CERTFR-2016-AVI-303, cisco-sa-20150612-openssl, cpuapr2017, cpuoct2016, cpuoct2017, CTX216642, CVE-2015-1791, DSA-3287-1, FEDORA-2015-10047, FEDORA-2015-10108, FreeBSD-SA-15:10.openssl, HPSBGN03678, HPSBHF03613, HPSBUX03388, JSA10694, JSA10733, NetBSD-SA2015-008, NTAP-20150616-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2016:0640-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1115-01, SA40002, SA98, SB10122, SOL16914, SSA:2015-162-01, SSRT102180, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1182-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, TSB16728, USN-2639-1, VIGILANCE-VUL-17062.
Description of the vulnerability
The TLS protocol uses the NewSessionTicket message to obtain a new session ticket (RFC 5077).
The ssl3_get_new_session_ticket() function of the ssl/s3_clnt.c file implements NewSessionTicket in an OpenSSL client. However, if the client is multi-threaded, this function frees a memory area before reusing it.
An attacker, who own a malicious TLS server, can therefore send the NewSessionTicket message, to force the usage of a freed memory area in a client linked to OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial) |
Xen: read-write access via PCI Register
Synthesis of the vulnerability
An attacker can bypass access restrictions of PCI Register in Pass Through mode of Xen, in order to trigger a denial of service, and possibly to execute code.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 03/06/2015.
Identifiers: CERTFR-2015-AVI-242, CERTFR-2015-AVI-255, CTX201145, CTX206006, CVE-2015-4106, DSA-3284-1, DSA-3286-1, FEDORA-2015-9456, FEDORA-2015-9466, FEDORA-2015-9965, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, openSUSE-SU-2015:2249-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1045-1, SUSE-SU-2015:1156-1, SUSE-SU-2015:1157-1, USN-2630-1, VIGILANCE-VUL-17055, XSA-131.
Description of the vulnerability
The Xen product may be configured to attribute some PCI address ranges to a guest system.
However, Qemu allows guest systems to read and write in PCI configuration registers.
An attacker can therefore bypass access restrictions of PCI Register in Pass Through mode of Xen, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial) |
Xen: denial of service via disk exhaustion by logging
Synthesis of the vulnerability
An attacker that have administrator privileges in a guest system can trigger logging of an excessive amount af bus access via Xen, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user console.
Creation date: 03/06/2015.
Identifiers: CERTFR-2015-AVI-242, CERTFR-2015-AVI-255, CTX201145, CTX206006, CVE-2015-4105, DSA-3284-1, DSA-3286-1, FEDORA-2015-9456, FEDORA-2015-9466, FEDORA-2015-9965, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1045-1, SUSE-SU-2015:1156-1, SUSE-SU-2015:1157-1, USN-2630-1, VIGILANCE-VUL-17053, XSA-130.
Description of the vulnerability
The Xen product may be configured to attribute some PCI address ranges to a guest system.
When a bus access is recognized as invalid by Xen, this access may be logged. However, no limit is defined for the amount of log space. So a guest system may exhaust the free space of the host disk.
An attacker that have administrator privileges in a guest system can therefore trigger logging of an excessive amount of bus access via Xen, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Xen: denial of service via interruptions PCI
Synthesis of the vulnerability
An attacker can change the PCI interrupt mask in Xen, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user console.
Creation date: 03/06/2015.
Identifiers: CERTFR-2015-AVI-242, CERTFR-2015-AVI-255, CTX201145, CTX206006, CVE-2015-4104, DSA-3284-1, DSA-3286-1, FEDORA-2015-9456, FEDORA-2015-9466, FEDORA-2015-9965, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1045-1, SUSE-SU-2015:1156-1, SUSE-SU-2015:1157-1, USN-2630-1, VIGILANCE-VUL-17052, XSA-129.
Description of the vulnerability
The Xen product may be configured to attribute some PCI address ranges to a guest system.
Xen may mask interrupts from PCI devices when, for instance, they can not handled. This is an internal feature and guest systems should not be able to change the interrupt mask. However, writes to these masks are not blocked. So Xen may receive an unmanageable interrupt, which leads to host server failure.
An attacker that have administrator privileges in a guest system can therefore change the PCI interrupt mask in Xen, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Xen: denial of service via writes to the PCI bus
Synthesis of the vulnerability
An attacker that have administrator privileges in a guest system can trigger changes in some PCI configuration registers of Xen, in order to trigger a denial of service against the host server.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user console.
Creation date: 03/06/2015.
Identifiers: CERTFR-2015-AVI-242, CERTFR-2015-AVI-255, CTX201145, CTX206006, CVE-2015-4103, DSA-3284-1, DSA-3286-1, FEDORA-2015-9456, FEDORA-2015-9466, FEDORA-2015-9965, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, SUSE-SU-2015:1042-1, SUSE-SU-2015:1045-1, SUSE-SU-2015:1156-1, SUSE-SU-2015:1157-1, USN-2630-1, VIGILANCE-VUL-17051, XSA-128.
Description of the vulnerability
The Xen product may be configured to attribute some PCI address ranges to a guest system.
Writes to the PCI bus are normally filtered by Xen. However, there is a way for the guest system to make Xen rewrite some PCI configuration registers whith the values previously known by Xen. This bus access may alter the device states and disturb the interrupt handling layer of the DOM0 kernel, which would lead to its halt.
An attacker that have administrator privileges in a guest system can therefore trigger changes in some PCI configuration registers of Xen, in order to trigger a denial of service against the host server.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: denial of service via UDF
Synthesis of the vulnerability
An attacker can create an ill formed UDF filesystem image and make the Linux kernel mount then read it, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 03/06/2015.
Identifiers: CERTFR-2015-AVI-254, CERTFR-2015-AVI-283, CERTFR-2015-AVI-357, CVE-2015-4167, DSA-3313-1, openSUSE-SU-2015:1382-1, openSUSE-SU-2016:0301-1, SOL17321, SUSE-SU-2015:1324-1, SUSE-SU-2015:1592-1, SUSE-SU-2015:1611-1, USN-2631-1, USN-2632-1, USN-2662-1, USN-2663-1, USN-2664-1, USN-2666-1, VIGILANCE-VUL-17041.
Description of the vulnerability
The UDF filesystem is used for DVD.
However, the UDF module does not check all the length fields included in the file descriptors (aka i-node). When the kernel notices that it follows an invalid address that seems valid according to the length fields, it halts and notifies a bug.
An attacker can therefore create an ill-formed UDF filesystem image and make the Linux kernel mount then read it, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: memory corruption via pipe_iov_copy
Synthesis of the vulnerability
A local attacker can generate a memory corruption in pipe_iov_copy functions of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Android OS, NSM Central Manager, NSMXpress, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server.
Provenance: user shell.
Creation date: 03/06/2015.
Identifiers: 1202855, CERTFR-2015-AVI-243, CERTFR-2015-AVI-261, CERTFR-2015-AVI-263, CERTFR-2015-AVI-318, CVE-2015-1805, DSA-3290-1, JSA10853, RHSA-2015:1042-01, RHSA-2015:1081-01, RHSA-2015:1082-01, RHSA-2015:1120-01, RHSA-2015:1137-01, RHSA-2015:1138-01, RHSA-2015:1139-01, RHSA-2015:1190-01, RHSA-2015:1199-01, RHSA-2015:1211-01, RHSA-2016:0103-01, SOL17458, SOL17462, SUSE-SU-2015:1224-1, SUSE-SU-2015:1324-1, SUSE-SU-2015:1478-1, SUSE-SU-2015:1592-1, SUSE-SU-2015:1611-1, USN-2678-1, USN-2679-1, USN-2680-1, USN-2681-1, VIGILANCE-VUL-17038.
Description of the vulnerability
The Linux kernel implements Unix pipes using the virtual PipeFS filesystem (fs/pipe.c).
The pipe reading/writing functions use pipe_iov_copy_to_user() and pipe_iov_copy_from_user() from fs/pipe.c. However, if the iovec size is incoherent, these functions perform copies on invalid memory areas.
A local attacker can therefore generate a memory corruption in pipe_iov_copy functions of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial) |
TORQUE: denial of service via Kill Process
Synthesis of the vulnerability
A local attacker can use TORQUE, in order to kill every system process.
Impacted products: Debian, Fedora.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 01/06/2015.
Identifiers: CVE-2014-3684, DSA-3058-1, FEDORA-2015-8544, FEDORA-2015-8571, FEDORA-2015-8577, MDVSA-2015:124, VIGILANCE-VUL-17016.
Description of the vulnerability
A local attacker can use TORQUE, in order to kill every system process.
Full Vigil@nce bulletin... (Free trial) |
FusionForge: code execution via URL
Synthesis of the vulnerability
An attacker can use a vulnerability in URL of FusionForge, in order to execute code.
Impacted products: Debian, Fedora.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 01/06/2015.
Identifiers: CVE-2015-0850, DSA-3275-1, FEDORA-2015-9128, FEDORA-2015-9324, VIGILANCE-VUL-17014.
Description of the vulnerability
An attacker can use a vulnerability in URL of FusionForge, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Debian Lenny:
|