The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Lenny

vulnerability CVE-2015-5475

Request Tracker: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Request Tracker, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Fedora.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/08/2015.
Identifiers: CVE-2015-5475, DSA-3335-1, FEDORA-2015-13664, FEDORA-2015-13718, VIGILANCE-VUL-17670.

Description of the vulnerability

The Request Tracker product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Request Tracker, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-6241 CVE-2015-6242 CVE-2015-6243

Wireshark: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE, Solaris, RHEL, Wireshark.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 13/08/2015.
Identifiers: 11309, 11358, 11373, 11381, 11389, bulletinoct2015, CERTFR-2015-AVI-350, CVE-2015-6241, CVE-2015-6242, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6247, CVE-2015-6248, CVE-2015-6249, DLA-497-1, DSA-3367-1, FEDORA-2015-13945, openSUSE-SU-2015:1428-1, openSUSE-SU-2015:1836-1, openSUSE-SU-2015:1836-2, RHSA-2015:2393-01, VIGILANCE-VUL-17666, wnpa-sec-2015-21, wnpa-sec-2015-22, wnpa-sec-2015-23, wnpa-sec-2015-24, wnpa-sec-2015-25, wnpa-sec-2015-26, wnpa-sec-2015-27, wnpa-sec-2015-28, wnpa-sec-2015-29.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send a malicious packet, in order to trigger a denial of service in the Protocol Tree. [severity:2/4; 11309, CVE-2015-6241, wnpa-sec-2015-21]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 11373, CVE-2015-6242, wnpa-sec-2015-22]

An attacker can send a malicious packet, in order to trigger a denial of service. [severity:2/4; 11381, CVE-2015-6243, wnpa-sec-2015-23]

An attacker can send a malicious ZigBee packet, in order to trigger a denial of service. [severity:2/4; 11389, CVE-2015-6244, wnpa-sec-2015-24]

An attacker can generate an infinite loop with a GSM RLC/MAC packet, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6245, wnpa-sec-2015-25]

An attacker can send a malicious WaveAgent packet, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6246, wnpa-sec-2015-26]

An attacker can generate an infinite loop in OpenFlow, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6247, wnpa-sec-2015-27]

An attacker can send a malicious Ptvcursor packet, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6248, wnpa-sec-2015-28]

An attacker can send a malicious WCCP packet, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6249, wnpa-sec-2015-29]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-6251

GnuTLS: use after free via Certificate DN Decoding

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in Certificate DN Decoding of GnuTLS, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, Slackware, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 12/08/2015.
Identifiers: CVE-2015-6251, DSA-3334-1, FEDORA-2015-13140, GNUTLS-SA-2015-3, openSUSE-SU-2015:1499-1, SSA:2015-233-01, SSA:2016-254-01, USN-2727-1, VIGILANCE-VUL-17653.

Description of the vulnerability

An attacker can force the usage of a freed memory area in Certificate DN Decoding of GnuTLS, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-4473 CVE-2015-4474 CVE-2015-4475

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox/Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 12/08/2015.
Identifiers: 1185820, bulletinoct2016, CERTFR-2015-AVI-349, CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4477, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4481, CVE-2015-4482, CVE-2015-4483, CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4490, CVE-2015-4491, CVE-2015-4492, CVE-2015-4493, DSA-3333-1, DSA-3410-1, FEDORA-2015-012399857d, FEDORA-2015-13397, FEDORA-2015-13436, FEDORA-2015-29dfba02ca, MFSA-2015-79, MFSA-2015-80, MFSA-2015-81, MFSA-2015-82, MFSA-2015-83, MFSA-2015-84, MFSA-2015-85, MFSA-2015-86, MFSA-2015-87, MFSA-2015-88, MFSA-2015-89, MFSA-2015-90, MFSA-2015-91, MFSA-2015-92, openSUSE-SU-2015:1389-1, openSUSE-SU-2015:1390-1, openSUSE-SU-2015:1453-1, openSUSE-SU-2015:1454-1, RHSA-2015:1586-01, RHSA-2015:1682-01, SSA:2015-226-01, SSA:2015-226-02, SUSE-SU-2015:1379-1, SUSE-SU-2015:1380-1, SUSE-SU-2015:1449-1, SUSE-SU-2015:1476-1, SUSE-SU-2015:1528-1, SUSE-SU-2015:2081-1, USN-2702-1, USN-2702-2, USN-2702-3, USN-2712-1, VIGILANCE-VUL-17644, ZDI-15-456.

Description of the vulnerability

Several vulnerabilities were announced in Firefox/Thunderbird.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4473, CVE-2015-4474, MFSA-2015-79]

An attacker can force a read at an invalid address with MP3, in order to trigger a denial of service. [severity:3/4; CVE-2015-4475, MFSA-2015-80]

An attacker can force the usage of a freed memory area in MediaStream, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4477, MFSA-2015-81]

An attacker can bypass security features in JavaScript, in order to escalate his privileges. [severity:3/4; CVE-2015-4478, MFSA-2015-82]

An attacker can generate a buffer overflow in libstagefright, in order to trigger a denial of service, and possibly to run code. These vulnerabilities are similar to those of VIGILANCE-VUL-17512. [severity:4/4; CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, MFSA-2015-83, ZDI-15-456]

An attacker can use Mozilla Maintenance Service, in order to overwrite a file. [severity:3/4; CVE-2015-4481, MFSA-2015-84]

An attacker can generate a buffer overflow in Updater MAR File, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-4482, MFSA-2015-85]

An attacker can bypass security features with a POST "feed:", in order to escalate his privileges. [severity:1/4; CVE-2015-4483, MFSA-2015-86]

An attacker can trigger a fatal error in JavaScript Shared Memory, in order to trigger a denial of service. [severity:2/4; CVE-2015-4484, MFSA-2015-87]

An attacker can generate a buffer overflow in gdk-pixbuf, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-17706). [severity:3/4; CVE-2015-4491, MFSA-2015-88]

An attacker can generate a buffer overflow in Libvpx, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4485, CVE-2015-4486, MFSA-2015-89]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, MFSA-2015-90]

An attacker can bypass security features in CSP Specification, in order to escalate his privileges. [severity:2/4; CVE-2015-4490, MFSA-2015-91]

An attacker can force the usage of a freed memory area in XMLHttpRequest, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 1185820, CVE-2015-4492, MFSA-2015-92]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3329 CVE-2015-6831 CVE-2015-6832

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, BIG-IP Hardware, TMOS, openSUSE, openSUSE Leap, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 15.
Creation date: 07/08/2015.
Revision date: 10/08/2015.
Identifiers: 66387, 69441, 69793, 69892, 69975, 70002, 70014, 70019, 70064, 70068, 70081, 70121, 70166, 70168, 70169, CERTFR-2015-AVI-330, CVE-2015-3329, CVE-2015-6831, CVE-2015-6832, CVE-2015-6833, CVE-2015-8835, CVE-2015-8867, CVE-2015-8873, CVE-2015-8874, CVE-2015-8876, CVE-2015-8877, CVE-2015-8878, CVE-2015-8879, DLA-499-1, DSA-3602-1, openSUSE-SU-2015:1628-1, openSUSE-SU-2016:1167-1, openSUSE-SU-2016:1173-1, openSUSE-SU-2016:1274-1, openSUSE-SU-2016:1357-1, openSUSE-SU-2016:1373-1, openSUSE-SU-2016:1524-1, openSUSE-SU-2016:1553-1, openSUSE-SU-2016:1688-1, RHSA-2016:0457-01, RHSA-2016:2750-01, SOL91084571, SUSE-SU-2015:1633-1, SUSE-SU-2015:1818-1, SUSE-SU-2016:1145-1, SUSE-SU-2016:1166-1, SUSE-SU-2016:1581-1, SUSE-SU-2016:1638-1, USN-2758-1, USN-2952-1, USN-2952-2, USN-3045-1, VIGILANCE-VUL-17607.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can trigger a fatal error with recursive functions, in order to trigger a denial of service. [severity:1/4; 69793, CVE-2015-8873]

Arrays which are different are seen as equivalent, which may have an impact on security. [severity:1/4; 69892]

Temporary directories are managed incorrectly. [severity:1/4; 70002, CVE-2015-8878]

An attacker can use a vulnerability in unserialize(), in order to run code. [severity:3/4; 70121, CVE-2015-8876]

The openssl_random_pseudo_bytes() function is not cryptographically secure. [severity:2/4; 70014, CVE-2015-8867]

An attacker can generate a buffer overflow in phar_set_inode, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69441, CVE-2015-3329]

Files extracted from an archive can be stored outside the destination directory. [severity:2/4; 70019, CVE-2015-6833]

An attacker can bypass security features in SoapClient, in order to obtain sensitive information. [severity:2/4; 70081, CVE-2015-8835]

An attacker can generate a memory corruption during an unserialize of ArrayObject, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70068, CVE-2015-6832]

An attacker can force the usage of a freed memory area during an unserialize of SPLArrayObject, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70166, CVE-2015-6831]

An attacker can force the usage of a freed memory area during an unserialize of SplObjectStorage, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70168, CVE-2015-6831]

An attacker can force the usage of a freed memory area during an unserialize of SplDoublyLinkedList, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70169, CVE-2015-6831]

An attacker can trigger a fatal error in GD, in order to trigger a denial of service (VIGILANCE-VUL-19670). [severity:2/4; 66387, CVE-2015-8874]

An attacker can trigger a fatal error via odbc_bindcols, in order to trigger a denial of service. [severity:1/4; 69975, CVE-2015-8879]

An attacker can create a memory leak via gdImageScaleTwoPass, in order to trigger a denial of service (VIGILANCE-VUL-19788). [severity:1/4; 70064, CVE-2015-8877]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-3576

Apache ActiveMQ: denial of service via Shutdown

Synthesis of the vulnerability

An attacker can generate a stop with Shutdown of Apache ActiveMQ, in order to trigger a denial of service.
Impacted products: Debian, QRadar SIEM.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 10/08/2015.
Identifiers: 2015823, CVE-2014-3576, DSA-3330-1, VIGILANCE-VUL-17610.

Description of the vulnerability

An attacker can generate a stop with Shutdown of Apache ActiveMQ, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-5745

QEMU: buffer overflow of virtio-serial-bus

Synthesis of the vulnerability

An attacker in a guest system can generate a buffer overflow in virtio-serial-bus.c of QEMU, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service.
Provenance: user shell.
Creation date: 06/08/2015.
Identifiers: CVE-2015-5745, DSA-3348-1, DSA-3349-1, FEDORA-2015-015aec3bf2, FEDORA-2015-13402, FEDORA-2015-13404, FEDORA-2015-efc1d7ba5e, openSUSE-SU-2016:1750-1, SUSE-SU-2016:1560-1, SUSE-SU-2016:1698-1, SUSE-SU-2016:1703-1, SUSE-SU-2016:1785-1, USN-2724-1, VIGILANCE-VUL-17605.

Description of the vulnerability

The QEMU product emulates a serial bus in hw/char/virtio-serial-bus.c.

However, the send_control_msg() function performs a memcpy() without checking the size of a control message.

An attacker in a guest system can therefore generate a buffer overflow in virtio-serial-bus.c of QEMU, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-5156

Linux kernel: buffer overflow of virtnet_probe

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the virtnet_probe() function of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, NSM Central Manager, NSMXpress, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 06/08/2015.
Identifiers: CERTFR-2015-AVI-435, CERTFR-2015-AVI-436, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-241, CVE-2015-5156, DSA-3364-1, FEDORA-2015-0253d1f070, FEDORA-2015-c15f00eb95, JSA10853, RHSA-2015:1977-01, RHSA-2015:1978-01, RHSA-2016:0855-01, SUSE-SU-2015:1727-1, SUSE-SU-2015:2292-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, USN-2773-1, USN-2774-1, USN-2775-1, USN-2776-1, USN-2777-1, USN-2778-1, USN-2779-1, VIGILANCE-VUL-17601.

Description of the vulnerability

A KVM guest system uses the drivers/net/virtio_net.c network driver of the Linux kernel.

However, the NETIF_F_FRAGLIST option is used, so if the number of fragments is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow in the virtnet_probe() function of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3184 CVE-2015-3187

Apache Subversion: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Subversion.
Impacted products: Subversion, Debian, Fedora, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/08/2015.
Identifiers: CVE-2015-3184, CVE-2015-3187, DSA-3331-1, FEDORA-2015-6efa349a85, openSUSE-SU-2015:1401-1, openSUSE-SU-2015:2363-1, RHSA-2015:1742-01, SUSE-SU-2017:2200-1, USN-2721-1, VIGILANCE-VUL-17597.

Description of the vulnerability

Several vulnerabilities were announced in Apache Subversion.

An unauthenticated attacker can bypass security features of mod_authz_svn on Apache httpd 2.4.*, in order to access to files which should be protected. [severity:2/4; CVE-2015-3184]

An attacker can use svn_repos_trace_node_locations(), in order to obtain the history of paths of a node, to see sensitive information. [severity:1/4; CVE-2015-3187]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-3290 CVE-2015-3291 CVE-2015-5157

Linux kernel: four vulnerabilities of NMI

Synthesis of the vulnerability

Several vulnerabilities were announced in the NMI (Non-maskable interrupt) processing by the Linux kernel.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, NSM Central Manager, NSMXpress, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 23/07/2015.
Revision date: 05/08/2015.
Identifiers: CERTFR-2015-AVI-321, CERTFR-2015-AVI-324, CERTFR-2015-AVI-357, CERTFR-2015-AVI-508, CERTFR-2015-AVI-563, CERTFR-2016-AVI-050, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2015-3290, CVE-2015-3291, CVE-2015-5157, DSA-3313-1, FEDORA-2015-12437, JSA10774, JSA10853, openSUSE-SU-2015:1382-1, openSUSE-SU-2015:1842-1, openSUSE-SU-2016:0301-1, openSUSE-SU-2016:0318-1, RHSA-2016:0185-01, RHSA-2016:0212-01, RHSA-2016:0224-01, RHSA-2016:0715-01, SOL17326, SUSE-SU-2015:1727-1, SUSE-SU-2015:2108-1, SUSE-SU-2015:2339-1, SUSE-SU-2015:2350-1, SUSE-SU-2016:0354-1, USN-2687-1, USN-2688-1, USN-2689-1, USN-2690-1, USN-2691-1, USN-2700-1, USN-2701-1, VIGILANCE-VUL-17495.

Description of the vulnerability

Several vulnerabilities were announced in the NMI (Non-maskable interrupt) processing by the Linux kernel.

An attacker can change the execution path of SYSCALL/SYSRET instructions, in order to run code with kernel privileges. [severity:2/4; CVE-2015-3291]

An attacker can generate a memory corruption after an IRET instruction fault, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-5157]

An attacker can generate a log filling, in order to trigger a denial of service. [severity:2/4]

An attacker can generate a memory corruption by nesting NMIs on a 64 bit processor, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-3290]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Lenny: