| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Debian Lenny
Samba: use after free via NetLogon
Synthesis of the vulnerability
An unauthenticated attacker can force the usage of a freed memory area in NetLogon of Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Impacted products: Debian, Fedora, HP-UX, OES, openSUSE, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 23/02/2015.
Revision date: 15/04/2015.
Identifiers: 7014420, bulletinjan2015, c04636672, CERTFR-2015-AVI-078, CVE-2015-0240, DSA-3171-1, FEDORA-2015-2519, FEDORA-2015-2538, HPSBUX03320, MDVSA-2015:081, MDVSA-2015:082, MDVSA-2015:083, openSUSE-SU-2015:0375-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2015:0249-01, RHSA-2015:0250-01, RHSA-2015:0251-01, RHSA-2015:0252-01, RHSA-2015:0253-01, RHSA-2015:0254-01, RHSA-2015:0255-01, RHSA-2015:0256-01, RHSA-2015:0257-01, SSA:2015-064-01, SSRT101952, SUSE-SU-2015:0353-1, SUSE-SU-2015:0371-1, SUSE-SU-2015:0386-1, USN-2508-1, VIGILANCE-VUL-16242.
Description of the vulnerability
The Samba product implements the NetLogon service.
An unauthenticated attacker (NULL session over IPC) can use the RPC ServerPasswordSet() of NetLogon. However, the _netr_ServerPasswordSet() function frees a memory area before reusing it.
An unauthenticated attacker can therefore force the usage of a freed memory area in NetLogon of Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Full Vigil@nce bulletin... (Free trial) |
Debian, Ubuntu: denial of service via TCP Fast Open
Synthesis of the vulnerability
A local attacker can use TCP Fast Open with the Linux kernel from Debian/Ubuntu, in order to trigger a denial of service.
Impacted products: Debian, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 15/04/2015.
Identifiers: 782515, CERTFR-2015-AVI-236, CERTFR-2015-AVI-237, CVE-2015-3332, DSA-3237-1, SUSE-SU-2015:1071-1, USN-2615-1, USN-2616-1, USN-2619-1, USN-2620-1, VIGILANCE-VUL-16618.
Description of the vulnerability
The Linux kernel used in Debian/Ubuntu includes backports of fixes from more recent upstream versions.
Some fixes about the handling of TCP Fastopen (to open TCP connections with only one exchange) have not been fully backported. In such a kernel, when a process opens a TCP socket in fast open mode, some TCP data from the TCP packet are not saved, which leads to an inconsistency in the connection state and then to a kernel panic when this is noticed at process context switching time.
A local attacker can therefore use TCP Fast Open with the Linux kernel from Debian/Ubuntu, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
ProFTPD: read-write access via mod_copy
Synthesis of the vulnerability
An attacker can bypass access restrictions via mod_copy of ProFTPD, in order to read or alter files.
Impacted products: Debian, Fedora, openSUSE, ProFTPD, Slackware.
Severity: 3/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 15/04/2015.
Identifiers: 4169, CERTFR-2015-AVI-178, CERTFR-2015-AVI-235, CVE-2015-3306, DSA-3263-1, FEDORA-2015-6401, FEDORA-2015-7086, openSUSE-SU-2015:1031-1, SSA:2015-111-12, VIGILANCE-VUL-16616.
Description of the vulnerability
The ProFTPD product can be configured with the mod_copy module, which adds the following commands:
SITE CPFR originalFile
SITE CPTO newFile
However, this module can be used without being authenticated. An attacker can thus bypass access restrictions to data.
An attacker can therefore bypass access restrictions via mod_copy of ProFTPD, in order to read or alter files.
Full Vigil@nce bulletin... (Free trial) |
SQLite: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of SQLite.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, PHP, RHEL, Slackware, SQLite, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/04/2015.
Identifiers: bulletinapr2016, CERTFR-2015-AVI-265, cpujul2018, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, DSA-3252-1, DSA-3252-2, FEDORA-2015-6324, FEDORA-2015-6349, MDVSA-2015:217, RHSA-2015:1634-01, RHSA-2015:1635-01, SOL16950, SSA:2015-198-02, USN-2698-1, VIGILANCE-VUL-16615.
Description of the vulnerability
Several vulnerabilities were announced in SQLite.
An attacker can force a read at an invalid address in the parser of collation rules, in order to trigger a denial of service. [severity:1/4; CVE-2015-3414]
An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:1/4; CVE-2015-3415]
An attacker can generate a buffer overflow in a use of printf, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2015-3416]
Full Vigil@nce bulletin... (Free trial) |
Oracle MySQL: several vulnerabilities of April 2015
Synthesis of the vulnerability
Several vulnerabilities of Oracle MySQL were announced in April 2015.
Impacted products: Debian, Junos Space, MySQL Community, MySQL Enterprise, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Percona Server, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 26.
Creation date: 15/04/2015.
Identifiers: bulletinapr2016, bulletinapr2017, bulletinoct2015, CERTFR-2015-AVI-173, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, cpuapr2015, cpuoct2016, CVE-2014-0112, CVE-2014-3569, CVE-2014-7809, CVE-2015-0405, CVE-2015-0423, CVE-2015-0433, CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0498, CVE-2015-0499, CVE-2015-0500, CVE-2015-0501, CVE-2015-0503, CVE-2015-0505, CVE-2015-0506, CVE-2015-0507, CVE-2015-0508, CVE-2015-0511, CVE-2015-2566, CVE-2015-2567, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2575, CVE-2015-2576, DLA-526-1, DSA-3229-1, DSA-3311-1, DSA-3621-1, JSA10698, MDVSA-2015:227, openSUSE-SU-2015:0967-1, openSUSE-SU-2015:1216-1, openSUSE-SU-2016:2304-1, RHSA-2015:1628-01, RHSA-2015:1629-01, RHSA-2015:1647-01, RHSA-2015:1665-01, SSA:2015-132-01, SSA:2015-132-02, SUSE-SU-2015:0946-1, SUSE-SU-2015:1273-1, USN-2575-1, VIGILANCE-VUL-16614.
Description of the vulnerability
Several vulnerabilities were announced in Oracle MySQL.
An attacker can use a vulnerability of Service Manager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0112]
An attacker can use a vulnerability of Service Manager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-7809]
An attacker can use a vulnerability of Server : Compiling, in order to trigger a denial of service. [severity:2/4; CVE-2015-0501]
An attacker can use a vulnerability of Server : Security : Encryption, in order to trigger a denial of service. [severity:2/4; CVE-2014-3569]
An attacker can use a vulnerability of Server : Security : Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2015-2568]
An attacker can use a vulnerability of Connector/J, in order to obtain or alter information. [severity:2/4; CVE-2015-2575]
An attacker can use a vulnerability of Server : DDL, in order to trigger a denial of service. [severity:2/4; CVE-2015-2573]
An attacker can use a vulnerability of Server : Information Schema, in order to trigger a denial of service. [severity:2/4; CVE-2015-0500]
An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-0439]
An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-0508]
An attacker can use a vulnerability of Server : InnoDB : DML, in order to trigger a denial of service. [severity:2/4; CVE-2015-0433]
An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-0423]
An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-2571]
An attacker can use a vulnerability of Server : Partition, in order to trigger a denial of service. [severity:2/4; CVE-2015-0438]
An attacker can use a vulnerability of Server : Partition, in order to trigger a denial of service. [severity:2/4; CVE-2015-0503]
An attacker can use a vulnerability of Server : Security : Encryption, in order to trigger a denial of service. [severity:2/4; CVE-2015-0441]
An attacker can use a vulnerability of Server : XA, in order to trigger a denial of service. [severity:2/4; CVE-2015-0405]
An attacker can use a vulnerability of Server : DDL, in order to trigger a denial of service. [severity:2/4; CVE-2015-0505]
An attacker can use a vulnerability of Server : Federated, in order to trigger a denial of service. [severity:2/4; CVE-2015-0499]
An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-0506]
An attacker can use a vulnerability of Server : Memcached, in order to trigger a denial of service. [severity:2/4; CVE-2015-0507]
An attacker can use a vulnerability of Server : Security : Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2015-2567]
An attacker can use a vulnerability of Server : DML, in order to trigger a denial of service. [severity:1/4; CVE-2015-2566]
An attacker can use a vulnerability of Server : SP, in order to trigger a denial of service. [severity:2/4; CVE-2015-0511]
An attacker can use a vulnerability of Installation, in order to alter information. [severity:1/4; CVE-2015-2576]
An attacker can use a vulnerability of Server : Replication, in order to trigger a denial of service. [severity:1/4; CVE-2015-0498]
Full Vigil@nce bulletin... (Free trial) |
Google Chrome: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Chrome, openSUSE, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 15/04/2015.
Identifiers: CERTFR-2015-AVI-167, CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249, CVE-2015-3333, CVE-2015-3334, CVE-2015-3335, CVE-2015-3336, DSA-3238-1, openSUSE-SU-2015:0748-1, openSUSE-SU-2015:1867-1, openSUSE-SU-2015:1872-1, openSUSE-SU-2015:1873-1, openSUSE-SU-2015:1876-1, openSUSE-SU-2015:1877-1, openSUSE-SU-2015:1887-1, RHSA-2015:0816-01, USN-2570-1, VIGILANCE-VUL-16609.
Description of the vulnerability
Several vulnerabilities were announced in Google Chrome.
An attacker can use a Cross-origin-bypass of HTML, in order to execute code. [severity:4/4; CVE-2015-1235]
An attacker can use a Cross-origin-bypass of Blink, in order to execute code. [severity:3/4; CVE-2015-1236]
An attacker can force the usage of a freed memory area in IPC, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-1237]
An attacker can generate a buffer overflow in Skia, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-1238]
An attacker can force a read at an invalid address in WebGL, in order to trigger a denial of service. [severity:2/4; CVE-2015-1240]
An attacker can use a Tap-Jacking, in order to execute code. [severity:2/4; CVE-2015-1241]
An attacker can generate a memory corruption in V8, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-1242]
An attacker can bypass HSTS, in order to escalate his privileges. [severity:3/4; CVE-2015-1244]
An attacker can force the usage of a freed memory area in PDFium, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1245]
An attacker can force a read at an invalid address in Blink, in order to trigger a denial of service. [severity:2/4; CVE-2015-1246]
An attacker can use OpenSearch, in order to escalate his privileges. [severity:2/4; CVE-2015-1247]
An attacker can bypass SafeBrowsing, in order to escalate his privileges. [severity:3/4; CVE-2015-1248]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-1249]
An attacker can use Google V8, in order to trigger a denial of service. [severity:2/4; CVE-2015-3333]
An attacker can use browser/ui/website_settings/website_settings.cc, in order to obtain sensitive information. [severity:2/4; CVE-2015-3334]
An attacker can use NaClSandbox::InitializeLayerTwoSandbox, in order to obtain sensitive information. [severity:2/4; CVE-2015-3335]
An attacker can use CONTENT_SETTINGS_TYPE, in order to trigger a denial of service. [severity:2/4; CVE-2015-3336]
Full Vigil@nce bulletin... (Free trial) |
Oracle Java: several vulnerabilities of April 2015
Synthesis of the vulnerability
Several vulnerabilities of Oracle Java were announced in April 2015.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Debian, Avamar, ECC, Fedora, AIX, DB2 UDB, Domino, Notes, IRAD, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, ePO, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 15/04/2015.
Identifiers: 1610582, 1902260, 1903541, 1903704, 1958902, 1960194, 1964236, 1966551, 1967498, 1968485, 205086, 206954, 7045736, BSA-2015-009, CERTFR-2015-AVI-172, cpuapr2015, CVE-2015-0204, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492, DSA-3234-1, DSA-3235-1, DSA-3316-1, ESA-2015-085, ESA-2015-134, FEDORA-2015-6357, FEDORA-2015-6369, FEDORA-2015-6397, FREAK, MDVSA-2015:212, openSUSE-SU-2015:0773-1, openSUSE-SU-2015:0774-1, RHSA-2015:0806-01, RHSA-2015:0807-01, RHSA-2015:0808-01, RHSA-2015:0809-01, RHSA-2015:0854-01, RHSA-2015:0857-01, RHSA-2015:0858-01, RHSA-2015:1006-01, RHSA-2015:1007-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SB10119, SUSE-SU-2015:0833-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2168-1, SUSE-SU-2015:2168-2, SUSE-SU-2015:2182-1, SUSE-SU-2015:2192-1, SUSE-SU-2015:2216-1, USN-2573-1, USN-2574-1, VIGILANCE-VUL-16607, VU#243585.
Description of the vulnerability
Several vulnerabilities were announced in Oracle Java.
An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0469]
An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0459]
An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0491]
An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0460]
An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0492]
An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0458]
An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0484]
An attacker can use a vulnerability of Tools, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-0480]
An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; CVE-2015-0486]
An attacker can use a vulnerability of JSSE, in order to trigger a denial of service. [severity:2/4; CVE-2015-0488]
An attacker can use a vulnerability of Beans, in order to alter information. [severity:2/4; CVE-2015-0477]
An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-0470]
An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-17836). [severity:2/4; CVE-2015-0478]
An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data (VIGILANCE-VUL-16301). [severity:2/4; CVE-2015-0204, FREAK, VU#243585]
Full Vigil@nce bulletin... (Free trial) |
Ruby: accepting Wildcard IDN
Synthesis of the vulnerability
An attacker can create a Wildcard IDN certificate, which is accepted by Ruby, in order to perform a Man-in-the-Middle.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Puppet, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 14/04/2015.
Identifiers: bulletinjul2015, CVE-2015-1855, DSA-3245-1, DSA-3246-1, DSA-3247-1, FEDORA-2015-6377, MDVSA-2015:224, openSUSE-SU-2017:1128-1, SUSE-SU-2017:1067-1, USN-3365-1, VIGILANCE-VUL-16594.
Description of the vulnerability
An IDN (International Domain Name) can contain encoded Unicode characters. For example:
www.xn--kcry6tjko.example.org
A X.509 certificate can contain the '*' character to indicate that it can be used on servers with the same sub-domain. For example:
w*.example.org
The RFC 6125 forbids wildcard characters in certificates for IDN. For example:
xn--kcry6tjko*.example.org
However, Ruby allows these certificates.
An attacker can therefore create a Wildcard IDN certificate, which is accepted by Ruby, in order to perform a Man-in-the-Middle.
Full Vigil@nce bulletin... (Free trial) |
ppp: denial of service via too high PID
Synthesis of the vulnerability
An attacker can send many requests to pppd, in order to trigger an exception and so a denial of service.
Impacted products: Debian, openSUSE, openSUSE Leap, Slackware, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 14/04/2015.
Identifiers: 782450, CVE-2015-3310, DSA-3228-1, MDVSA-2015:222, openSUSE-SU-2015:2121-1, SSA:2015-111-11, USN-2595-1, VIGILANCE-VUL-16586.
Description of the vulnerability
The ppp product manages the point to point connections, as used for instance in tunneling.
A separate pppd process is created for each incoming tunneling request. However, pppd assumes that process identifiers are 16 bits wide and uses this identifier to build a string. When the PID grows above that, protection mechanisms against buffer overflow in the C library trigger an exception and halts the pppd server process.
An attacker can therefore send many requests to pppd, in order to trigger a fatal exception and so a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Net-SNMP: memory leak via snmp_pdu_parse
Synthesis of the vulnerability
An attacker can create a memory leak in snmp_pdu_parse() of Net-SNMP, in order to trigger a denial of service.
Impacted products: Arkoon FAST360, XenServer, Debian, BIG-IP Hardware, TMOS, Net-SNMP, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 13/04/2015.
Identifiers: bulletinoct2016, CERTFR-2016-AVI-133, CTX209443, CVE-2015-5621, DSA-4154-1, MDVSA-2015:229, openSUSE-SU-2015:1502-1, RHSA-2015:1636-01, SOL17378, STORM-2015-09-EN, STORM-2015-10-EN, STORM-2015-11-EN.2, STORM-2015-12-EN, USN-2711-1, VIGILANCE-VUL-16576.
Description of the vulnerability
The Net-SNMP product uses the snmp_pdu_parse() function to analyze data of SNMP packets.
However, after an error, the memory allocated to process an option in snmp_parse_var_op() is never freed.
An attacker can therefore create a memory leak in snmp_pdu_parse() of Net-SNMP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Debian Lenny:
|