The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Linux

vulnerability note CVE-2013-6382

Linux kernel: memory corruption via xfs_attrlist_by_handle

Synthesis of the vulnerability

An attacker with the CAP_SYS_ADMIN capability can generate a memory corruption in the xfs_attrlist_by_handle() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 25/11/2013.
Identifiers: BID-63889, CERTA-2014-AVI-010, CERTFR-2014-AVI-106, CERTFR-2014-AVI-107, CVE-2013-6382, DSA-2906-1, FEDORA-2013-22669, FEDORA-2013-22695, MDVSA-2014:001, openSUSE-SU-2014:0766-1, SUSE-SU-2014:0696-1, SUSE-SU-2014:0807-1, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, USN-2128-1, USN-2129-1, USN-2135-1, USN-2138-1, USN-2139-1, USN-2141-1, USN-2158-1, VIGILANCE-VUL-13824.

Description of the vulnerability

The Linux kernel supports the XFS filesystem.

However, the xfs_attrlist_by_handle() and xfs_compat_attrlist_by_handle() functions do not check if the size of the allocated array is too short.

An attacker with the CAP_SYS_ADMIN capability can therefore generate a memory corruption in the xfs_attrlist_by_handle() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-6381

Linux kernel: buffer overflow of qeth_snmp_command

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the qeth_snmp_command() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Linux, RHEL.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 25/11/2013.
Identifiers: BID-63890, CERTFR-2014-AVI-219, CVE-2013-6381, DSA-2906-1, MDVSA-2013:291, RHSA-2014:0159-01, RHSA-2014:0284-01, RHSA-2014:0285-01, RHSA-2014:0476-01, VIGILANCE-VUL-13823.

Description of the vulnerability

The qeth driver is used on s390 architectures.

However, if the size of SNMP data is greater than the size of the storage array, an overflow occurs in the qeth_snmp_command() function.

An attacker can therefore generate a buffer overflow in the qeth_snmp_command() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-6383

Linux kernel: privilege escalation via aac_compat_do_ioctl

Synthesis of the vulnerability

A local attacker can use ioctls on the aacraid driver of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user shell.
Creation date: 25/11/2013.
Identifiers: BID-63888, CERTFR-2014-AVI-219, CVE-2013-6383, DSA-2906-1, MDVSA-2013:291, openSUSE-SU-2014:0766-1, RHSA-2014:0100-01, RHSA-2014:0285-01, RHSA-2014:0475-01, RHSA-2014:0476-01, RHSA-2014:0634-01, SUSE-SU-2014:0536-1, VIGILANCE-VUL-13822.

Description of the vulnerability

The aacraid kernel driver supports SCSI Adaptec AACRaid devices.

The aac_compat_ioctl() function of the drivers/scsi/aacraid/linit.c file manages control ioctls. However, it does not check if the user owns the CAP_SYS_RAWIO capability.

A local attacker can therefore use ioctls on the aacraid driver of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-6380

Linux kernel: denial of service via aac_send_raw_srb

Synthesis of the vulnerability

A local attacker can generate an error in the aac_send_raw_srb() function of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 25/11/2013.
Identifiers: BID-63887, CERTFR-2014-AVI-106, CVE-2013-6380, DSA-2906-1, FEDORA-2013-22669, FEDORA-2013-22695, MDVSA-2013:291, openSUSE-SU-2014:0204-1, openSUSE-SU-2014:0247-1, USN-2128-1, USN-2129-1, USN-2136-1, VIGILANCE-VUL-13821.

Description of the vulnerability

The aacraid kernel driver supports SCSI Adaptec AACRaid devices.

However, the aac_send_raw_srb() function of the drivers/scsi/aacraid/commctrl.c file can dereference an invalid pointer.

A local attacker can therefore generate an error in the aac_send_raw_srb() function of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-4164

Ruby: buffer overflow of Floating Point

Synthesis of the vulnerability

An attacker can generate a buffer overflow during the conversion of real number by Ruby, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 22/11/2013.
Identifiers: BID-63873, CERTA-2013-AVI-647, CERTFR-2014-AVI-112, CVE-2013-4164, DSA-2809-1, DSA-2810-1, FEDORA-2013-22315, FEDORA-2013-22423, MDVSA-2013:286, openSUSE-SU-2013:1834-1, openSUSE-SU-2013:1835-1, RHSA-2013:1763-01, RHSA-2013:1764-01, RHSA-2013:1767-01, RHSA-2014:0011-01, RHSA-2014:0215-01, SSA:2013-350-06, SUSE-SU-2013:1828-1, SUSE-SU-2013:1897-1, VIGILANCE-VUL-13817.

Description of the vulnerability

The "to_f" function of the Ruby language is used to convert a string representing a floating point number ("1.234") to a number (1.234). This function is for example used by JSON.parse to convert JSON data.

A floating point number is composed of an integer part, and a decimal part. However, if the size of the decimal part is greater than the size of the allocated storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow during the conversion of real number by Ruby, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-6385 CVE-2013-6386 CVE-2013-6387

Drupal Core 7: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Drupal Core 7.
Impacted products: Debian, Drupal Core, Fedora.
Severity: 3/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 21/11/2013.
Identifiers: BID-63837, BID-63840, BID-63843, BID-63845, BID-63847, BID-63848, BID-63849, CERTA-2013-AVI-645, CVE-2013-6385, CVE-2013-6386, CVE-2013-6387, CVE-2013-6388, CVE-2013-6389, DRUPAL-SA-CORE-2013-003, DSA-2804-1, FEDORA-2013-21844, MDVSA-2013:287, MDVSA-2013:287-1, VIGILANCE-VUL-13809.

Description of the vulnerability

Several vulnerabilities were announced in Drupal Core 7.

An attacker can trigger a Cross Site Request Forgery in Form API, in order to force the victim to perform operations. [severity:2/4; BID-63837, CVE-2013-6385]

An attacker can predict randoms generated by mt_rand(), in order for example to guess a password. [severity:2/4; BID-63840, CVE-2013-6386]

Drupal adds a .htaccess file on Apache in directories where users may upload files, in order to forbid the execution of PHP files. However, this protection is not sufficient, and an attacker can upload a PHP file, to execute code. [severity:3/4; BID-63845]

The drupal_valid_token() function can incorrectly return TRUE, so an attacker can escalate his privileges. [severity:2/4; BID-63849]

An attacker can trigger a Cross Site Scripting in the Image module, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-63848, CVE-2013-6387]

An attacker can trigger a Cross Site Scripting in the Color module, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-63847, CVE-2013-6388]

An attacker can use a vulnerability of the Overlay module, in order to redirect the victim. [severity:1/4; BID-63843, CVE-2013-6389]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-6385 CVE-2013-6386

Drupal Core 6: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Drupal Core 6.
Impacted products: Debian, Drupal Core, Fedora.
Severity: 3/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 21/11/2013.
Identifiers: BID-63837, BID-63840, BID-63845, BID-63849, CERTA-2013-AVI-645, CVE-2013-6385, CVE-2013-6386, DRUPAL-SA-CORE-2013-003, DSA-2828-1, FEDORA-2013-22507, VIGILANCE-VUL-13808.

Description of the vulnerability

Several vulnerabilities were announced in Drupal Core 6.

An attacker can trigger a Cross Site Request Forgery in Form API, in order to force the victim to perform operations. [severity:2/4; BID-63837, CVE-2013-6385]

An attacker can predict randoms generated by mt_rand(), in order for example to guess a password. [severity:2/4; BID-63840, CVE-2013-6386]

Drupal adds a .htaccess file on Apache in directories where users may upload files, in order to forbid the execution of PHP files. However, this protection is not sufficient, and an attacker can upload a PHP file, to execute code. [severity:3/4; BID-63845]

The drupal_valid_token() function can incorrectly return TRUE, so an attacker can escalate his privileges. [severity:2/4; BID-63849]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-4547

nginx: file access via space

Synthesis of the vulnerability

An attacker can use a space at the end of a directory/file name, in order to bypass access restrictions of nginx.
Impacted products: Debian, Fedora, nginx, OpenBSD, openSUSE.
Severity: 3/4.
Consequences: data reading, data flow.
Provenance: internet client.
Creation date: 19/11/2013.
Identifiers: BID-63814, CERTA-2013-AVI-644, CVE-2013-4547, DSA-2802-1, FEDORA-2013-21826, MDVSA-2013:281, openSUSE-SU-2013:1745-1, openSUSE-SU-2013:1791-1, openSUSE-SU-2013:1792-1, SUSE-SU-2013:1895-1, VIGILANCE-VUL-13799.

Description of the vulnerability

Access to some parts of a nginx site can be restricted.

The ngx_http_parse_request_line() function of the http/ngx_http_parse.c file parses the HTTP query. It processes spaces in a special way, in order to support old web clients. However, if a directory/file name ends by a space, access restrictions are not honored.

An attacker can therefore use a space at the end of a directory/file name, in order to bypass access restrictions of nginx.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-5607

NSPR: denial of service via memset

Synthesis of the vulnerability

On a 64 bit computer, an attacker can generate the initialization of a large memory area, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 19/11/2013.
Identifiers: BID-63802, CERTA-2013-AVI-642, CVE-2013-5607, DSA-2820-1, FEDORA-2013-22456, FEDORA-2013-22467, FEDORA-2013-23139, FEDORA-2013-23159, MDVSA-2013:269, MDVSA-2013:270, MFSA 2013-103, openSUSE-SU-2013:1730-1, openSUSE-SU-2013:1732-1, RHSA-2013:1791-01, RHSA-2013:1829-01, RHSA-2013:1840-01, RHSA-2013:1841-01, SSA:2013-339-02, SSA:2013-339-03, SUSE-SU-2013:1807-1, VIGILANCE-VUL-13798.

Description of the vulnerability

On a 64 bit computer, an attacker can generate the initialization of a large memory area, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-1741 CVE-2013-2566 CVE-2013-5605

NSS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NSS.
Impacted products: Debian, Fedora, Junos Space, Firefox, NSS, SeaMonkey, Thunderbird, openSUSE, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data flow, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/11/2013.
Revision date: 19/11/2013.
Identifiers: BID-58796, BID-63736, BID-63737, BID-63738, CERTA-2013-AVI-642, CERTFR-2014-AVI-318, CERTFR-2017-AVI-012, cpuapr2017, cpujul2014, cpuoct2016, cpuoct2017, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, DSA-2800-1, DSA-2994-1, DSA-3071-1, FEDORA-2013-22456, FEDORA-2013-22467, FEDORA-2013-23301, FEDORA-2013-23479, JSA10770, MFSA 2013-103, openSUSE-SU-2013:1730-1, openSUSE-SU-2013:1732-1, RHSA-2013:1791-01, RHSA-2013:1829-01, RHSA-2013:1840-01, RHSA-2013:1841-01, RHSA-2014:0041-01, SSA:2013-339-01, SSA:2013-339-02, SSA:2013-339-03, SUSE-SU-2013:1807-1, VIGILANCE-VUL-13789.

Description of the vulnerability

Several vulnerabilities were announced in NSS.

On a 64 bit computer, an attacker can generate the initialization of a large memory area, in order to trigger a denial of service. [severity:1/4; BID-63736, CVE-2013-1741]

An attacker can generate a buffer overflow in Null Cipher, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63738, CVE-2013-5605]

When verifyLog is used, the return code of CERT_VerifyCert() is incorrect, so an invalid certificate may be accepted. [severity:2/4; BID-63737, CVE-2013-5606]

When an attacker has 2^30 RC4 encrypted messages with different keys, he can guess the clear text message (VIGILANCE-VUL-12530). [severity:1/4; BID-58796, CVE-2013-2566]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Linux: