The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Linux

computer vulnerability bulletin CVE-2014-2525

LibYAML: buffer overflow of yaml_parser_scan_uri_escapes

Synthesis of the vulnerability

An attacker can generate a buffer overflow of LibYAML, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Puppet, RHEL, Slackware, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 27/03/2014.
Identifiers: CVE-2014-2525, DSA-2884-1, DSA-2885-1, FEDORA-2014-4438, FEDORA-2014-4440, FEDORA-2014-4517, FEDORA-2014-4548, MDVSA-2014:070, MDVSA-2014:071, MDVSA-2015:060, oCERT-2014-003, openSUSE-SU-2014:0500-1, openSUSE-SU-2015:0319-1, openSUSE-SU-2016:1067-1, RHSA-2014:0353-01, RHSA-2014:0354-01, RHSA-2014:0355-01, RHSA-2014:0364-01, RHSA-2014:0415-01, SSA:2014-111-01, USN-2160-1, USN-2161-1, VIGILANCE-VUL-14488.

Description of the vulnerability

The LibYAML library is used to read data files in YAML (YAML Ain't Markup Language) format.

However, if the size of an url escaped with "%hh" is greater than the size of the storage array, an overflow occurs in the yaml_parser_scan_uri_escapes() function of the src/scanner.c file.

An attacker can therefore generate a buffer overflow of LibYAML, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-7345

Fine Free file: denial of service via awk BEGIN

Synthesis of the vulnerability

An attacker can invite the victim to analyze a large file with Fine Free file, in order to trigger a denial of service during the AWK format detection.
Impacted products: Debian, Fedora, FreeBSD, openSUSE, PHP, RHEL, Slackware, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/03/2014.
Identifiers: CVE-2013-7345, DSA-2873-1, DSA-2873-2, FEDORA-2014-3589, FEDORA-2014-4340, FEDORA-2014-4735, FEDORA-2014-4767, FEDORA-2014-7992, FEDORA-2014-9712, FreeBSD-SA-14:16.file, MDVSA-2014:073, MDVSA-2014:075, MDVSA-2015:080, openSUSE-SU-2014:0481-1, RHSA-2014:1013-01, RHSA-2014:1765-01, SSA:2014-111-02, USN-2278-1, VIGILANCE-VUL-14487.

Description of the vulnerability

The Fine Free file (libmagic) program analyzes files, in order to automatically recognize their type. The PHP Fileinfo module also uses libmagic.

The AWK language uses a syntax containing "BEGIN {". The Fine Free file program thus uses the following regular expression to detect AWK scripts (MIME type text/x-awk):
  \\s*BEGIN\\s*[{]

However, if the file contains numerous line feeds, this regular expression is slow, because several backtracking operations occurs.

An attacker can therefore invite the victim to analyze a large file with Fine Free file, in order to trigger a denial of service during the AWK format detection.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-2653

OpenSSH: bypassing SSHFP via HostCertificate

Synthesis of the vulnerability

An attacker can setup a malicious SSH server with HostCertificate, and invite an OpenSSH client to connect, without checking SSHFP.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, McAfee Email Gateway, OpenSSH, Solaris, pfSense, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 26/03/2014.
Identifiers: 742513, bulletinoct2015, CVE-2014-2653, DSA-2894-1, FEDORA-2014-6380, FEDORA-2014-6569, FreeBSD-SA-15:16.openssh, MDVSA-2014:068, MDVSA-2015:095, RHSA-2014:1552-02, RHSA-2015:0425-02, SA104, SOL15430, SOL15780, SSA-181018, SSA:2014-293-01, SUSE-SU-2014:0818-1, SYMSA1337, USN-2164-1, VIGILANCE-VUL-14480.

Description of the vulnerability

The SSHFP (RFC 4255) feature is used to publish SSH keys fingerprints in DNS records.

However, when a SSH server presents a HostCertificate, and when the OpenSSH client refuses it, it does not check SSHFP. The user is still presented the host verification prompt.

An attacker can therefore setup a malicious SSH server with HostCertificate, and invite an OpenSSH client to connect, without checking SSHFP.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0139

cURL: incorrect certificate check via IP Wildcard

Synthesis of the vulnerability

An attacker can invite cURL users to connect to a malicious IP site, in order to trigger a Man-in-the-Middle.
Impacted products: curl, Debian, BIG-IP Hardware, TMOS, Fedora, Tivoli Workload Scheduler, Juniper EX-Series, Junos OS, SRX-Series, openSUSE, Slackware, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 26/03/2014.
Identifiers: 1689461, CVE-2014-0139, DSA-2902-1, FEDORA-2014-6912, FEDORA-2014-6921, JSA10874, MDVSA-2014:110, MDVSA-2015:098, MDVSA-2015:213, openSUSE-SU-2014:0530-1, openSUSE-SU-2014:0598-1, SOL15862, SSA:2014-086-01, USN-2167-1, VIGILANCE-VUL-14474.

Description of the vulnerability

The cURL client can access to a SSL server by using its IP address, or by using its domain name.

A X.509 certificate can contain the '*' character to indicate that it can be used on servers with the same sub-domain. For example:
  w*.example.org

The RFC 2818 forbids wildcard characters in certificates for IP addresses. For example:
  *.2.3.4

However, the libcurl library allows these certificates.

An attacker can therefore invite cURL users to connect to a malicious IP site, in order to trigger a Man-in-the-Middle.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-0138

cURL: re-use of non HTTP/FTP connection

Synthesis of the vulnerability

In some cases, an application compiled with libcurl and not using HTTP/FTP can access to data belonging to another user.
Impacted products: curl, Debian, BIG-IP Hardware, TMOS, Fedora, Tivoli Workload Scheduler, Juniper EX-Series, Junos OS, SRX-Series, openSUSE, RHEL, Slackware, Ubuntu, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet server.
Creation date: 26/03/2014.
Identifiers: 1689461, CVE-2014-0138, DSA-2902-1, FEDORA-2014-4436, FEDORA-2014-4449, FEDORA-2014-6912, FEDORA-2014-6921, JSA10874, MDVSA-2014:110, MDVSA-2015:098, openSUSE-SU-2014:0530-1, openSUSE-SU-2014:0598-1, RHSA-2014:0561-01, SOL15862, SSA:2014-086-01, USN-2167-1, VIGILANCE-VUL-14473, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The cURL product supports protocols distinct from HTTP and FTP: SCP, SFTP, POP3(S), IMAP(S), SMTP(S) and LDAP(S).

In order to optimize its performances, libcurl uses a pool to store its recent connections. However, after a first non HTTP/FTP query, if the second query uses a new login, the memorized connection is reused. In this case, authentication data of the first query are thus used for the second query.

In some cases, an application compiled with libcurl and not using HTTP/FTP can therefore access to data belonging to another user.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-2599

Xen: denial of service via HVMOP_set_mem_access

Synthesis of the vulnerability

An attacker, located in a guest HVM system with qemu-dm, can call HVMOP_set_mem_access of Xen, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 25/03/2014.
Identifiers: CVE-2014-2599, DSA-3006-1, FEDORA-2014-4424, FEDORA-2014-4458, VIGILANCE-VUL-14472, XSA-89.

Description of the vulnerability

A Xen guest system can use HVM (Hardware Virtual Machine) with qemu-dm ("device model", daemon to emulate the hardware).

However, HVMOP_set_mem_access does not check the size of its inputs. A vulnerability of qemu-dm can then be used to block the processor.

An attacker, located in a guest HVM system with qemu-dm, can therefore call HVMOP_set_mem_access of Xen, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-0107

Xalan-Java: vulnerabilities of FEATURE_SECURE_PROCESSING

Synthesis of the vulnerability

An attacker can use several vulnerabilities of the FEATURE_SECURE_PROCESSING implementation in Xalan-Java.
Impacted products: Xalan-Java, Debian, Fedora, SiteScope, Mule ESB, openSUSE, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/03/2014.
Identifiers: c05324755, CERTFR-2014-AVI-252, CERTFR-2014-AVI-365, CVE-2014-0107, DSA-2886-1, FEDORA-2014-4426, FEDORA-2014-4443, HPSBGN03669, oCERT-2014-002, openSUSE-SU-2014:0861-1, openSUSE-SU-2014:0948-1, RHSA-2014:0348-01, RHSA-2014:0453-01, RHSA-2014:0454-01, RHSA-2014:0590-01, RHSA-2014:0591-01, RHSA-2014:0818-01, RHSA-2014:0819-01, RHSA-2014:1007-01, RHSA-2014:1059-01, RHSA-2014:1290-01, RHSA-2014:1291-01, RHSA-2014:1351-01, RHSA-2014:1369-01, RHSA-2014:1995-01, RHSA-2015:1009, SUSE-SU-2014:0870-1, USN-2218-1, VIGILANCE-VUL-14468, XALANJ-2435.

Description of the vulnerability

The FEATURE_SECURE_PROCESSING (http://javax.xml.XMLConstants/feature/secure-processing) constant requires Xalan-Java to analyze XML files in a secure way, in order for example to block denial of service attacks. However, it is impacted by three vulnerabilities.

An attacker can access to XSLT 1.0 system-property(), in order to obtain sensitive information. [severity:2/4]

The xalan:content-handler and xalan:entities properties can be used to load a class or an external resource. [severity:2/4; XALANJ-2435]

If BSF (Bean Scripting Framework) is in the classpath, an attacker can open a JAR, in order to execute code. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-2328

Cacti: code execution

Synthesis of the vulnerability

An attacker can inject shell commands in Cacti, in order to execute code.
Impacted products: Cacti, Debian, Fedora, openSUSE.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 25/03/2014.
Identifiers: CVE-2014-2328, DSA-2970-1, DTC-A-20140324-001, FEDORA-2014-4892, FEDORA-2014-4928, openSUSE-SU-2014:0600-1, VIGILANCE-VUL-14467.

Description of the vulnerability

The Cacti product offers a web service.

However, it uses PHP functions of the exec() family, without checking parameters.

An attacker can therefore inject shell commands in Cacti, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-2327

Cacti: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cacti, in order to force the victim to perform operations.
Impacted products: Cacti, Debian, Fedora, openSUSE.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 25/03/2014.
Identifiers: CVE-2014-2327, DSA-2970-1, DTC-A-20140324-001, FEDORA-2014-4892, FEDORA-2014-4928, openSUSE-SU-2015:0479-1, VIGILANCE-VUL-14466.

Description of the vulnerability

The Cacti product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Cacti, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-2326

Cacti: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cacti, in order to execute JavaScript code in the context of the web site.
Impacted products: Cacti, Debian, Fedora, openSUSE.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/03/2014.
Identifiers: CVE-2014-2326, DSA-2970-1, DTC-A-20140324-001, FEDORA-2014-4892, FEDORA-2014-4928, openSUSE-SU-2014:0600-1, VIGILANCE-VUL-14465.

Description of the vulnerability

The Cacti product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cacti, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Linux: