The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Linux

computer vulnerability alert CVE-2014-3465 CVE-2014-3467 CVE-2014-3468

GNU Libtasn1: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of GNU Libtasn1.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 30/05/2014.
Identifiers: 1101734, 1102022, 1102323, 1102329, CVE-2014-3465, CVE-2014-3467, CVE-2014-3468, CVE-2014-3469, DSA-3056-1, FEDORA-2014-6895, FEDORA-2014-6919, MDVSA-2014:107, MDVSA-2014:108, MDVSA-2015:072, MDVSA-2015:116, openSUSE-SU-2014:0763-1, openSUSE-SU-2014:0767-1, RHSA-2014:0594-01, RHSA-2014:0596-01, RHSA-2014:0684-01, RHSA-2014:0687-01, RHSA-2014:0815-01, SSA:2014-156-01, SSA:2014-156-02, SUSE-SU-2014:0758-1, SUSE-SU-2014:0788-1, SUSE-SU-2014:0788-2, SUSE-SU-2014:0931-1, USN-2294-1, VIGILANCE-VUL-14822.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in GNU Libtasn1.

An attacker can dereference a NULL pointer in gnutls_x509_dn_oid_name, in order to trigger a denial of service. [severity:2/4; 1101734, CVE-2014-3465]

An attacker can force a read at an invalid memory address, in order to trigger a denial of service. [severity:2/4; 1102022, CVE-2014-3467]

An attacker can generate a memory corruption via asn1_get_bit_der(), in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 1102323, CVE-2014-3468]

An attacker can dereference a NULL pointer in asn1_read_value_type(), in order to trigger a denial of service. [severity:2/4; 1102329, CVE-2014-3469]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-3466

GnuTLS: memory corruption via ServerHello

Synthesis of the vulnerability

An attacker can generate a memory corruption via ServerHello of GnuTLS, in order to trigger a denial of service, and possibly to execute code.
Severity: 2/4.
Creation date: 30/05/2014.
Identifiers: CERTFR-2014-AVI-248, CVE-2014-3466, DSA-2944-1, FEDORA-2014-6881, FEDORA-2014-6891, FEDORA-2014-6953, FEDORA-2014-6963, GNUTLS-SA-2014-3, MDVSA-2014:108, MDVSA-2014:109, MDVSA-2015:072, openSUSE-SU-2014:0763-1, openSUSE-SU-2014:0767-1, RHSA-2014:0594-01, RHSA-2014:0595-01, RHSA-2014:0684-01, RHSA-2014:0815-01, SSA:2014-156-01, SUSE-SU-2014:0758-1, SUSE-SU-2014:0758-2, SUSE-SU-2014:0788-1, SUSE-SU-2014:0788-2, USN-2229-1, VIGILANCE-VUL-14821.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The GnuTLS product implements a SSL/TLS client.

However, a SSL/TLS server can send a malicious ServerHello message to the GnuTLS client, in order to corrupt its memory.

An attacker can therefore generate a memory corruption via ServerHello of GnuTLS, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2014-0237 CVE-2014-0238

PHP: two vulnerabilities of fileinfo CDF

Synthesis of the vulnerability

An attacker can use several vulnerabilities of fileinfo of PHP.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/05/2014.
Identifiers: 67327, 67328, bulletinjan2015, CVE-2014-0237, CVE-2014-0238, DSA-2943-1, DSA-3021-1, DSA-3021-2, FEDORA-2014-6901, FEDORA-2014-6904, FEDORA-2014-7992, FEDORA-2014-9712, MDVSA-2014:115, MDVSA-2014:116, MDVSA-2015:080, openSUSE-SU-2014:0784-1, openSUSE-SU-2014:0786-1, RHSA-2014:1012-01, RHSA-2014:1013-01, RHSA-2014:1606-02, RHSA-2014:1765-01, RHSA-2014:1766-01, RHSA-2015:2155-07, SOL15761, SOL16954, SSA:2014-160-01, SUSE-SU-2014:0869-1, USN-2254-1, USN-2254-2, VIGILANCE-VUL-14819.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can create a malicious CDF file, and send it to the PHP application, to force it to use file_printf() several times, in order to trigger a denial of service. [severity:2/4; 67328, CVE-2014-0237]

An attacker can create a malicious CDF file, and send it to the PHP application, to generate an infinite loop, in order to trigger a denial of service. [severity:2/4; 67327, CVE-2014-0238]
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2014-0178

Samba: information disclosure via shadow_copy

Synthesis of the vulnerability

An attacker, who is authenticated on Samba with Shadow Copy, can use two queries, to read memory fragments, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 28/05/2014.
Identifiers: c05115993, CERTFR-2014-AVI-245, CVE-2014-0178, DSA-2966-1, FEDORA-2014-7654, FEDORA-2014-7672, HPSBUX03574, MDVSA-2014:136, MDVSA-2015:082, openSUSE-SU-2014:0857-1, openSUSE-SU-2014:0859-1, RHSA-2014:0867-01, SSA:2014-175-04, USN-2257-1, VIGILANCE-VUL-14811.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The "vfs objects" (Virtual File System) section of the Samba configuration supports the shadow_copy and shadow_copy2 modules, which are used to perform intermediate copies of files.

The FSCTL_GET_SHADOW_COPY_DATA and FSCTL_SRV_ENUMERATE_SNAPSHOTS queries are used to manage Shadow Copies. However, Samba implements them without initializing 8 bytes in the reply message. This message is then sent to the client.

An attacker, who is authenticated on Samba with Shadow Copy, can therefore use two queries, to read memory fragments, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2014-0119

Apache Tomcat: information disclosure via XML Parser

Synthesis of the vulnerability

An attacker, who is allowed to install a web application, can change the XML parser used by Apache Tomcat, in order to obtain sensitive information.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/05/2014.
Identifiers: c04223376, CERTFR-2014-AVI-243, cpuoct2016, CVE-2014-0119, DSA-3530-1, HPSBUX03102, MDVSA-2015:052, MDVSA-2015:053, MDVSA-2015:084, RHSA-2014:0842-01, RHSA-2014:0843-01, RHSA-2014:0895-01, RHSA-2014:1034-01, RHSA-2014:1038-01, RHSA-2014:1086-01, RHSA-2014:1087-01, RHSA-2014:1088-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0675-01, RHSA-2015:0720-01, RHSA-2015:0765-01, RHSA-2015:1009, SOL15429, SSRT101681, USN-2654-1, VIGILANCE-VUL-14809.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A web application can change the XML parser used by Apache Tomcat, which leads to two vulnerabilities.

An attacker can use an external XML entity, in order to bypass file access constraints imposed by the Security Manager. [severity:2/4]

An attacker can read XML files processed by other web applications installed on the same Tomcat instance. [severity:2/4]

An attacker, who is allowed to install a web application, can therefore change the XML parser used by Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2014-0099

Apache Tomcat: injecting HTTP headers

Synthesis of the vulnerability

An attacker can use a special HTTP Content-Length header, in order to desynchronize Apache Tomcat and its proxy, to bypass security features.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 27/05/2014.
Identifiers: c04223376, c04483248, cpuoct2016, CVE-2014-0097-ERROR, CVE-2014-0099, DSA-3530-1, FEDORA-2015-2109, HPSBUX03102, HPSBUX03150, MDVSA-2015:052, MDVSA-2015:053, MDVSA-2015:084, RHSA-2014:0827-01, RHSA-2014:0833-01, RHSA-2014:0834-02, RHSA-2014:0835-01, RHSA-2014:0836-01, RHSA-2014:0842-01, RHSA-2014:0843-01, RHSA-2014:0865-01, RHSA-2014:0895-01, RHSA-2014:1149-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0675-01, RHSA-2015:0720-01, RHSA-2015:0765-01, RHSA-2015:1009, SB10079, SOL15432, SSRT101681, USN-2302-1, VIGILANCE-VUL-14808.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Tomcat product can be installed behind a reverse proxy, which for example filters attacks.

The HTTP Content-Length header indicates the size of HTTP data. This size is analyzed by the Ascii class, which converts a string to an integer. However, values near the limit trigger an integer overflow. Then, Apache Tomcat does not interpret the HTTP stream in the same way as its reverse proxy.

An attacker can therefore use a special HTTP Content-Length header, in order to desynchronize Apache Tomcat and its proxy, to bypass security features.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2014-0096

Apache Tomcat: information disclosure via Directory Listing

Synthesis of the vulnerability

An attacker can provide an XSLT with an external XML entity, to manipulate data of a Directory Listing of Apache Tomcat, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 27/05/2014.
Identifiers: c04223376, cpuoct2016, CVE-2014-0096, DSA-3530-1, FEDORA-2015-2109, HPSBUX03102, MDVSA-2015:052, MDVSA-2015:053, MDVSA-2015:084, RHSA-2014:0827-01, RHSA-2014:0833-01, RHSA-2014:0834-02, RHSA-2014:0835-01, RHSA-2014:0836-01, RHSA-2014:0842-01, RHSA-2014:0843-01, RHSA-2014:0865-01, RHSA-2014:0895-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0675-01, RHSA-2015:0720-01, RHSA-2015:0765-01, RHSA-2015:1009, SB10079, SOL15428, SSRT101681, USN-2302-1, VIGILANCE-VUL-14807.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A web application can define an XSLT to format a Directory Listing.

However, an attacker can use an XSLT with an external XML entity, in order to bypass file access constraints imposed by the Security Manager.

An attacker, who is allowed to install a web application, can therefore provide an XSLT with an external XML entity, to manipulate data of a Directory Listing of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-0075

Apache Tomcat: denial of service via Chunked

Synthesis of the vulnerability

An attacker can send an HTTP Chunked header to Apache Tomcat, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 27/05/2014.
Identifiers: c04223376, c04483248, cpuoct2016, CVE-2014-0075, DSA-3530-1, FEDORA-2015-2109, HPSBUX03102, HPSBUX03150, MDVSA-2015:052, MDVSA-2015:053, MDVSA-2015:084, RHSA-2014:0827-01, RHSA-2014:0833-01, RHSA-2014:0834-02, RHSA-2014:0835-01, RHSA-2014:0836-01, RHSA-2014:0842-01, RHSA-2014:0843-01, RHSA-2014:0865-01, RHSA-2014:0895-01, RHSA-2014:1149-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0675-01, RHSA-2015:0720-01, RHSA-2015:0765-01, RHSA-2015:1009, SB10079, SOL15426, SSRT101681, USN-2302-1, VIGILANCE-VUL-14806.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HTTP Transfer-Encoding header can use the "chunked" type, to indicate that data is split in chunks before being transmitted.

However, using a special chunk size, an attacker can bypass resource limits.

An attacker can therefore send an HTTP Chunked header to Apache Tomcat, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2014-0114

Apache Struts 1: code execution via ClassLoader

Synthesis of the vulnerability

An attacker can use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Severity: 3/4.
Creation date: 26/05/2014.
Identifiers: 1672316, 1673982, 1674339, 1675822, 2016214, c04399728, c05324755, CERTFR-2014-AVI-382, cpuapr2017, cpujan2018, cpujan2019, cpuoct2017, cpuoct2018, CVE-2014-0114, DSA-2940-1, ESA-2014-080, FEDORA-2014-9380, HPSBGN03669, HPSBMU03090, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, MDVSA-2014:095, RHSA-2014:0474-01, RHSA-2014:0497-01, RHSA-2014:0500-01, RHSA-2014:0511-01, RHSA-2018:2669-01, SOL15282, SUSE-SU-2014:0902-1, swg22017525, VIGILANCE-VUL-14799, VMSA-2014-0008, VMSA-2014-0008.1, VMSA-2014-0008.2, VMSA-2014-0012.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Struts product is used to develop Java EE applications.

However, the "class" parameter is mapped to getClass(), and can be used to manipulate the ClassLoader.

An attacker can therefore use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2014-0179 CVE-2014-5177

libvirt: external XML entity injection via XML_PARSE_NOENT

Synthesis of the vulnerability

An attacker can transmit malicious XML data to libvirt, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/05/2014.
Identifiers: CVE-2014-0179, CVE-2014-5177, DSA-3038-1, FEDORA-2014-6586, LSN-2014-0003, MDVSA-2014:097, MDVSA-2015:115, openSUSE-SU-2014:0650-1, openSUSE-SU-2014:0674-1, RHSA-2014:0560-01, RHSA-2014:0914-01, SUSE-SU-2014:0785-1, USN-2366-1, VIGILANCE-VUL-14796.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the libvirt parser uses the XML_PARSE_NOENT flag of libxml2, which allows external entities.

An attacker can therefore transmit malicious XML data to libvirt, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Linux: