The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Linux

vulnerability alert CVE-2013-1442

Xen: information disclosure via AVX/LWP

Synthesis of the vulnerability

An attacker who is located in a guest system can use the XSAVE/XRSTOR instructions, to read the content of the AVX/LWP registers of Xen, in order to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 25/09/2013.
Identifiers: BID-62630, CVE-2013-1442, DSA-3006-1, FEDORA-2013-17689, FEDORA-2013-17704, openSUSE-SU-2013:1636-1, openSUSE-SU-2013:1953-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-13471, XSA-62.

Description of the vulnerability

The XSAVE and XRSTOR instructions are used to save and restore the processor state. They are disabled by default in Xen.

The AVX (Advanced Vector Extensions) extensions for x86 processors and LWP (AMD Lightweight Profiling) are managed by XSAVE/XRSTOR. However, Xen does not reset their values when the vCPU is changed.

An attacker who is located in a guest system can therefore use the XSAVE/XRSTOR instructions, to read the content of the AVX/LWP registers of Xen, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-4540

IcedTea-Web: overflow of one byte

Synthesis of the vulnerability

An attacker can generate an overflow of one byte in the IcedTea-Web plugin, in order to stop the web browser, and possibly to execute code.
Impacted products: Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/09/2013.
Identifiers: BID-62426, CVE-2012-4540, CVE-2013-4349-REJECT, DSA-2768-1, FEDORA-2013-17016, FEDORA-2013-17026, openSUSE-SU-2013:1509-1, openSUSE-SU-2013:1511-1, SUSE-SU-2013:1520-1, VIGILANCE-VUL-13462.

Description of the vulnerability

The bulletin VIGILANCE-VUL-12121 describes a vulnerability of IcedTea-Web.

However, this vulnerability was not fixed in branch 1.4.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-4327

systemd: privilege escalation via polkit

Synthesis of the vulnerability

A local attacker can use a vulnerability in polkit, used by systemd, in order to escalate his privileges.
Impacted products: Debian, Fedora, MBS, openSUSE, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 20/09/2013.
Identifiers: BID-62503, CVE-2013-4327, DSA-2777-1, FEDORA-2013-17119, FEDORA-2013-17203, MDVSA-2013:243, openSUSE-SU-2013:1527-1, openSUSE-SU-2013:1528-1, VIGILANCE-VUL-13459.

Description of the vulnerability

The bulletin VIGILANCE-VUL-13454 describes a vulnerability of polkit which allows a local attacker to elevate his privileges.

The systemd product uses the DBUS API of polkit, so it is also impacted by this vulnerability.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-4325

hplip: privilege escalation via polkit

Synthesis of the vulnerability

A local attacker can use a vulnerability in polkit, used by hplip, in order to escalate his privileges.
Impacted products: Debian, Fedora, MBS, openSUSE, RHEL, Slackware, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 20/09/2013.
Identifiers: BID-62499, CVE-2013-4325, DSA-2829-1, FEDORA-2013-17112, FEDORA-2013-17127, MDVSA-2013:243, openSUSE-SU-2013:1617-1, openSUSE-SU-2013:1620-1, RHSA-2013:1274-01, SSA:2013-291-01, VIGILANCE-VUL-13457.

Description of the vulnerability

The bulletin VIGILANCE-VUL-13454 describes a vulnerability of polkit which allows a local attacker to elevate his privileges.

The hplip product uses the DBUS API of polkit, so it is also impacted by this vulnerability.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-4296

libvirt: invalid pointer free via remoteDispatchDomainMemoryStats

Synthesis of the vulnerability

An attacker can free an invalid pointer in the remoteDispatchDomainMemoryStats() function of libvirt, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 20/09/2013.
Identifiers: BID-62510, CVE-2013-4296, DSA-2764-1, FEDORA-2013-17305, FEDORA-2013-17618, openSUSE-SU-2013:1549-1, openSUSE-SU-2013:1550-1, RHSA-2013:1272-01, VIGILANCE-VUL-13453.

Description of the vulnerability

The libvirt library provides a standard interface on several virtualization products (Xen, QEMU, KVM, etc.).

The remoteDispatchDomainMemoryStats() function of the daemon/remote.c file displays statistics on memory usage. However, it does not initialize a pointer which is then freed.

An attacker can therefore free an invalid pointer in the remoteDispatchDomainMemoryStats() function of libvirt, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-1718 CVE-2013-1719 CVE-2013-1720

Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox, Thunderbird and SeaMonkey.
Impacted products: Debian, Fedora, MES, Firefox, SeaMonkey, Thunderbird, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 18/09/2013.
Identifiers: BID-62447, BID-62460, BID-62462, BID-62463, BID-62464, BID-62465, BID-62466, BID-62467, BID-62468, BID-62469, BID-62470, BID-62472, BID-62473, BID-62474, BID-62475, BID-62476, BID-62478, BID-62479, BID-62480, BID-62482, CERTA-2013-AVI-531, CVE-2013-1718, CVE-2013-1719, CVE-2013-1720, CVE-2013-1721, CVE-2013-1722, CVE-2013-1723, CVE-2013-1724, CVE-2013-1725, CVE-2013-1726, CVE-2013-1727, CVE-2013-1728, CVE-2013-1729, CVE-2013-1730, CVE-2013-1731, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737, CVE-2013-1738, DSA-2759-1, DSA-2762-1, FEDORA-2013-16992, FEDORA-2013-17047, FEDORA-2013-17366, FEDORA-2013-17373, MDVSA-2013:237, MFSA 2013-76, MFSA 2013-77, MFSA 2013-78, MFSA 2013-79, MFSA 2013-80, MFSA 2013-81, MFSA 2013-82, MFSA 2013-83, MFSA 2013-84, MFSA 2013-85, MFSA 2013-86, MFSA 2013-87, MFSA 2013-88, MFSA 2013-89, MFSA 2013-90, MFSA 2013-91, MFSA 2013-92, openSUSE-SU-2013:1491-1, openSUSE-SU-2013:1493-1, openSUSE-SU-2013:1495-1, openSUSE-SU-2013:1496-1, openSUSE-SU-2013:1499-1, openSUSE-SU-2014:1100-1, RHSA-2013:1268-01, RHSA-2013:1269-01, SSA:2013-260-02, SSA:2013-260-03, SSA:2013-271-01, SUSE-SU-2013:1497-1, VIGILANCE-VUL-13439.

Description of the vulnerability

Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62462, BID-62463, CVE-2013-1718, CVE-2013-1719, MFSA 2013-76]

An attacker can generate a memory corruption in HTML5 Tree Builder, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-62465, CVE-2013-1720, MFSA 2013-77]

An attacker can generate an integer overflow in ANGLE, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62470, CVE-2013-1721, MFSA 2013-78]

An attacker can use a freed memory area in Animation Manager, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62460, CVE-2013-1722, MFSA 2013-79]

An attacker can use a freed memory area in NativeKey, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-62472, CVE-2013-1723, MFSA 2013-80]

An attacker can use a freed memory area in Select, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62464, CVE-2013-1724, MFSA 2013-81]

An attacker can generate a memory corruption in Javascript, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-62467, CVE-2013-1725, MFSA 2013-82]

An attacker can replace files via MAR. [severity:3/4; BID-62482, CVE-2013-1726, MFSA 2013-83]

An attacker can trigger a Cross Site Scripting via "file://", in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-62480, CVE-2013-1727, MFSA 2013-84]

An attacker can use a freed memory area in IonMonkey, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-62468, CVE-2013-1728, MFSA 2013-85]

An attacker can use NVIDIA OS X WebGL, in order to obtain sensitive information. [severity:2/4; BID-62474, CVE-2013-1729, MFSA 2013-86]

An attacker can replace a library, in order to execute code. [severity:3/4; BID-62476, CVE-2013-1731, MFSA 2013-87]

An attacker can generate a memory corruption in XBL, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-62473, CVE-2013-1730, MFSA 2013-88]

An attacker can generate a buffer overflow in Multi-column, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62469, CVE-2013-1732, MFSA 2013-89]

An attacker can generate a memory corruption in Scrolling, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62478, BID-62479, CVE-2013-1735, CVE-2013-1736, MFSA 2013-90]

An attacker can use the "this" object, in order to escalate his privileges. [severity:2/4; BID-62475, CVE-2013-1737, MFSA 2013-91]

An attacker can use a freed memory area in JS_GetGlobalForScopeChain, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-62466, CVE-2013-1738, MFSA 2013-92]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-4338 CVE-2013-4339 CVE-2013-4340

WordPress: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WordPress.
Impacted products: Debian, Fedora, MBS, WordPress Core.
Severity: 3/4.
Consequences: user access/rights, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 12/09/2013.
Revision date: 16/09/2013.
Identifiers: 13418, BID-62344, BID-62345, BID-62346, BID-62421, BID-62424, CERTA-2013-AVI-526, CVE-2013-4338, CVE-2013-4339, CVE-2013-4340, CVE-2013-5738, CVE-2013-5739, DSA-2757-1, FEDORA-2013-16895, FEDORA-2013-16925, MDVSA-2013:239, VIGILANCE-VUL-13418.

Description of the vulnerability

Several vulnerabilities were announced in WordPress.

An attacker can unserialize data, in order to execute code. [severity:3/4; BID-62345, CVE-2013-4338]

An attacker can redirect the victim to another site. [severity:2/4; BID-62344, CVE-2013-4339]

An attacker, with an author privilege, can write an article with the identity of another user. [severity:2/4; BID-62346, CVE-2013-4340]

An attacker can trigger a Cross Site Scripting in get_allowed_mime_types, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-62424, CVE-2013-5738]

An attacker can trigger a Cross Site Scripting in get_allowed_mime_types, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-62421, CVE-2013-5739]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-4351

GnuPG: information disclosure via no-usage-permitted

Synthesis of the vulnerability

When a key is tagged as "no-usage-permitted", an attacker can force GnuPG to use it, in order to obtain sensitive information.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, GnuPG, MBS, MES, openSUSE, Solaris, RHEL.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 13/09/2013.
Identifiers: BID-62921, CVE-2013-4351, DSA-2773-1, DSA-2774-1, FEDORA-2013-18647, FEDORA-2013-18676, MDVSA-2013:247, openSUSE-SU-2013:1494-1, openSUSE-SU-2013:1526-1, openSUSE-SU-2013:1532-1, RHSA-2013:1458-01, RHSA-2013:1459-01, SOL50413110, VIGILANCE-VUL-13429.

Description of the vulnerability

The RFC 4880 allows each PGP key to have flags indicating the possible usages for the key.

When a key has no flag, it should not be used. However, GnuPG interprets this state as meaning that the key can be used for any usage.

When a key is tagged as "no-usage-permitted", an attacker can therefore force GnuPG to use it, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-2888 CVE-2013-2889 CVE-2013-2890

Linux kernel: multiple vulnerabilities of HID

Synthesis of the vulnerability

An attacker can use several vulnerabilities in HID of the Linux kernel.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user console.
Number of vulnerabilities in this bulletin: 12.
Creation date: 13/09/2013.
Identifiers: 1000137, 1000360, 1000373, 1000414, 1000429, 1000451, 1000494, 1000536, 999890, 999960, CERTA-2013-AVI-545, CVE-2013-2888, CVE-2013-2889, CVE-2013-2890, CVE-2013-2891, CVE-2013-2892, CVE-2013-2893, CVE-2013-2894, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2898, CVE-2013-2899, DSA-2766-1, DSA-2906-1, FEDORA-2013-16336, FEDORA-2013-16379, MDVSA-2013:242, MDVSA-2014:124, openSUSE-SU-2014:1669-1, openSUSE-SU-2014:1677-1, openSUSE-SU-2015:0566-1, RHSA-2013:1490-01, RHSA-2013:1527-01, RHSA-2013:1645-02, RHSA-2014:0433-01, SOL15299, SUSE-SU-2014:0536-1, SUSE-SU-2014:1693-1, SUSE-SU-2014:1693-2, SUSE-SU-2014:1695-1, SUSE-SU-2014:1695-2, SUSE-SU-2014:1698-1, SUSE-SU-2015:0481-1, VIGILANCE-VUL-13425.

Description of the vulnerability

Several vulnerabilities were announced in the HID (Human Interface Device) feature of the Linux kernel.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 1000451, CVE-2013-2888]

An attacker can generate a buffer overflow in zeroplus, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 999890, CVE-2013-2889]

An attacker can use CONFIG_HID_SONY, in order to trigger a denial of service. [severity:1/4; CVE-2013-2890]

An attacker can generate a buffer overflow in steelseries, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 999960, CVE-2013-2891]

An attacker can generate a buffer overflow in pantherlord, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 1000429, CVE-2013-2892]

An attacker can generate a buffer overflow in LG, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 1000414, CVE-2013-2893]

An attacker can generate a buffer overflow in lenovo-tpkbd, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 1000137, CVE-2013-2894]

An attacker can generate a buffer overflow in logitech-dj, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 1000360, CVE-2013-2895]

An attacker can dereference a NULL pointer in ntrig, in order to trigger a denial of service. [severity:1/4; 1000494, CVE-2013-2896]

An attacker can generate a buffer overflow in multitouch, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 1000536, CVE-2013-2897]

An attacker can use CONFIG_HID_SENSOR_HUB, in order to obtain sensitive information. [severity:1/4; CVE-2013-2898]

An attacker can dereference a NULL pointer in picolcd_core, in order to trigger a denial of service. [severity:1/4; 1000373, CVE-2013-2899]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-4359

ProFTPD: denial of service via mod_sftp_pam

Synthesis of the vulnerability

When mod_sftp_pam is enabled on ProFTPD, with a keyboard-interactive authentication, an attacker can send a special SSH packet, to force ProFTPD to allocate a large memory area, in order to trigger a denial of service.
Impacted products: Debian, Fedora, MBS, MES, openSUSE, ProFTPD.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 11/09/2013.
Identifiers: BID-62328, CERTA-2013-AVI-549, CVE-2013-4359, DSA-2767-1, DSA-27671-1, FEDORA-2013-16798, FEDORA-2013-16810, MDVSA-2013:245, openSUSE-SU-2013:1563-1, openSUSE-SU-2015:1031-1, VIGILANCE-VUL-13412.

Description of the vulnerability

The mod_sftp module of ProFTPD implements the SFTP sub-system of the SSHv2 protocol. Files are thus transfered inside a SSH session.

The SFTPAuthMethods parameter indicates the supported authentication methods:
 - publickey
 - password
 - keyboard-interactive
 - etc.
The "keyboard-interactive" method uses the mod_sftp_pam module, and allows several message exchanges during the authentication phase.

The contrib/mod_sftp/kbdint.c file of ProFTPD implements the "keyboard-interactive" method. The number of exchanges is stored in the "resp_count" variable. However, ProFTPD does not check if this value is large, before allocating the requested memory areas.

When mod_sftp_pam is enabled on ProFTPD, with a keyboard-interactive authentication, an attacker can therefore send a special SSH packet, to force ProFTPD to allocate a large memory area, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Linux: