The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Linux

vulnerability announce CVE-2013-4555 CVE-2013-4556 CVE-2013-4557

SPIP: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SPIP.
Impacted products: Debian, SPIP.
Severity: 2/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/11/2013.
Revision date: 21/01/2014.
Identifiers: BID-63636, BID-63637, BID-63638, BID-65107, CERTA-2013-AVI-626, CVE-2013-4555, CVE-2013-4556, CVE-2013-4557, CVE-2013-7303, DSA-2794-1, VIGILANCE-VUL-13732.

Description of the vulnerability

Several vulnerabilities were announced in SPIP.

An attacker can trigger a Cross Site Request Forgery during the Logout, in order to force the victim to perform operations. [severity:2/4; BID-63638, CVE-2013-4555]

An attacker can trigger a Cross Site Scripting in the editer_auteur.php page, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-63636, CVE-2013-4556]

An attacker can inject PHP code, in order to execute code. [severity:2/4; BID-63637, CVE-2013-4557]

An attacker can trigger a Cross Site Scripting in the editer_auteur.php page, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-65107, CVE-2013-7303]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-1475 CVE-2014-1476

Drupal: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Drupal.
Impacted products: Debian, Drupal Core, Fedora.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 16/01/2014.
Identifiers: BID-64973, CERTFR-2014-AVI-037, CVE-2014-1475, CVE-2014-1476, DRUPAL-SA-CORE-2014-001, DSA-2847-1, DSA-2851-1, FEDORA-2014-0980, FEDORA-2014-0983, FEDORA-2014-0999, FEDORA-2014-1015, MDVSA-2014:031, VIGILANCE-VUL-14097.

Description of the vulnerability

Several vulnerabilities were announced in Drupal.

An attacker who has an account can access to the account of a victim using OpenID. [severity:3/4; CVE-2014-1475]

An attacker can access to some pages which are visible through Taxonomy, in order to obtain sensitive information. [severity:2/4; CVE-2014-1476]

An attacker can use drupal_form_submit() to send data, in order to bypass access checks. [severity:1/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-4316 CVE-2013-5860 CVE-2013-5881

MySQL: several vulnerabilities of January 2014

Synthesis of the vulnerability

Several vulnerabilities of MySQL were announced in January 2014.
Impacted products: Debian, BIG-IP Hardware, TMOS, Junos Space, MySQL Community, MySQL Enterprise, Solaris, Percona Server, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 19.
Creation date: 15/01/2014.
Identifiers: BID-64849, BID-64854, BID-64864, BID-64868, BID-64873, BID-64877, BID-64880, BID-64885, BID-64888, BID-64891, BID-64893, BID-64895, BID-64896, BID-64897, BID-64898, BID-64904, BID-64908, BID-65298, bulletinoct2015, CERTA-2014-AVI-033, CERTFR-2014-AVI-480, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, cpujan2014, CVE-2013-4316, CVE-2013-5860, CVE-2013-5881, CVE-2013-5882, CVE-2013-5891, CVE-2013-5894, CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0427, CVE-2014-0430, CVE-2014-0431, CVE-2014-0433, CVE-2014-0437, DSA-2845-1, DSA-2848-1, DSA-2919-1, JSA10659, JSA10698, K16385, MDVSA-2014:028, MDVSA-2014:029, MDVSA-2015:091, RHSA-2014:0164-01, RHSA-2014:0173-01, RHSA-2014:0186-01, RHSA-2014:0189-01, SOL16385, SOL16389, SSA:2014-050-02, SUSE-SU-2014:0769-1, USN-2170-1, VIGILANCE-VUL-14092.

Description of the vulnerability

Several vulnerabilities were announced in MySQL.

An attacker can use a vulnerability of MySQL Enterprise Monitor, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-4316]

An attacker can use a vulnerability of GIS, in order to trigger a denial of service. [severity:3/4; BID-64864, CVE-2013-5860]

An attacker can use a vulnerability of Stored Procedure, in order to trigger a denial of service. [severity:3/4; BID-64854, CVE-2013-5882]

An attacker can use a vulnerability of Thread Pooling, in order to alter information. [severity:2/4; BID-64895, CVE-2014-0433]

An attacker can use a vulnerability of InnoDB, in order to trigger a denial of service. [severity:2/4; BID-64873, CVE-2013-5894]

An attacker can use a vulnerability of InnoDB, in order to trigger a denial of service. [severity:2/4; BID-64885, CVE-2013-5881]

An attacker can use a vulnerability of InnoDB, in order to trigger a denial of service. [severity:2/4; BID-64880, CVE-2014-0412]

An attacker can use a vulnerability of Locking, in order to trigger a denial of service. [severity:2/4; BID-64908, CVE-2014-0402]

An attacker can use a vulnerability of Optimizer, in order to trigger a denial of service. [severity:2/4; BID-64904, CVE-2014-0386]

An attacker can use a vulnerability of Partition, in order to trigger a denial of service. [severity:2/4; BID-64891, CVE-2013-5891]

An attacker can use a vulnerability of Privileges, in order to trigger a denial of service. [severity:2/4; BID-64898, CVE-2014-0401]

An attacker can use a vulnerability of FTS, in order to trigger a denial of service. [severity:2/4; BID-64868, CVE-2014-0427]

An attacker can use a vulnerability of InnoDB, in order to trigger a denial of service. [severity:2/4; BID-64897, CVE-2014-0431]

An attacker can use a vulnerability of Optimizer, in order to trigger a denial of service. [severity:2/4; BID-64849, CVE-2014-0437]

An attacker can use a vulnerability of InnoDB, in order to alter information. [severity:2/4; BID-64877, CVE-2014-0393]

An attacker can use a vulnerability of Performance Schema, in order to trigger a denial of service. [severity:1/4; BID-64893, CVE-2014-0430]

An attacker can use a vulnerability of Replication, in order to trigger a denial of service. [severity:1/4; BID-64888, CVE-2014-0420]

An attacker can use a vulnerability of Error Handling, in order to trigger a denial of service. [severity:1/4; BID-64896, CVE-2013-5908]

An attacker can generate a buffer overflow in client/mysql.cc, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-65298, CVE-2014-0001]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-1444

Linux kernel: information disclosure via fst_get_iface

Synthesis of the vulnerability

A local attacker can use an ioctl, in order to read bytes coming from the Linux kernel memory, in order to obtain sensitive information.
Impacted products: Debian, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/01/2014.
Identifiers: BID-64952, CERTFR-2014-AVI-106, CVE-2014-1444, DSA-2906-1, openSUSE-SU-2014:0677-1, openSUSE-SU-2014:0766-1, SUSE-SU-2014:0536-1, SUSE-SU-2014:0696-1, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, USN-2128-1, USN-2129-1, VIGILANCE-VUL-14081.

Description of the vulnerability

The fst_get_iface() function is used by ioctls for the drivers/net/wan/farsync.c driver.

However, it does not initialize all fields of the structure which is returned to the user.

A local attacker can therefore use an ioctl, in order to read bytes coming from the Linux kernel memory, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-1445

Linux kernel: information disclosure via wanxl_ioctl

Synthesis of the vulnerability

A local attacker can use an ioctl, in order to read bytes coming from the Linux kernel memory, in order to obtain sensitive information.
Impacted products: Debian, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/01/2014.
Identifiers: BID-64953, CERTFR-2014-AVI-106, CVE-2014-1445, DSA-2906-1, openSUSE-SU-2014:0677-1, openSUSE-SU-2014:0766-1, SUSE-SU-2014:0536-1, SUSE-SU-2014:0696-1, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, USN-2128-1, USN-2129-1, VIGILANCE-VUL-14080.

Description of the vulnerability

The wanxl_ioctl() function implements ioctls for the drivers/net/wan/wanxl.c driver.

However, it does not initialize all fields of the structure which is returned to the user.

A local attacker can therefore use an ioctl, in order to read bytes coming from the Linux kernel memory, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-1446

Linux kernel: information disclosure via yam_ioctl

Synthesis of the vulnerability

A local attacker can use an ioctl, in order to read bytes coming from the Linux kernel memory, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/01/2014.
Identifiers: BID-64954, CERTFR-2014-AVI-073, CERTFR-2014-AVI-106, CERTFR-2014-AVI-107, CVE-2014-1446, DSA-2906-1, FEDORA-2014-1062, FEDORA-2014-1072, MDVSA-2014:038, openSUSE-SU-2014:0677-1, openSUSE-SU-2014:0678-1, openSUSE-SU-2014:0766-1, SUSE-SU-2014:0536-1, SUSE-SU-2014:0696-1, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, USN-2128-1, USN-2129-1, USN-2133-1, USN-2134-1, USN-2135-1, USN-2136-1, USN-2138-1, USN-2139-1, USN-2141-1, VIGILANCE-VUL-14079.

Description of the vulnerability

The yam_ioctl() function implements ioctls for the drivers/net/hamradio/yam.c driver.

However, it does not initialize all fields of the structure which is returned to the user.

A local attacker can therefore use an ioctl, in order to read bytes coming from the Linux kernel memory, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-1447

libvirt: denial of service via keepalive

Synthesis of the vulnerability

An attacker can use the keepalive feature of libvirt, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/01/2014.
Identifiers: BID-64945, CVE-2014-1447, CVE-2014-1448-REJECT, DSA-2846-1, FEDORA-2014-1042, openSUSE-SU-2014:0268-1, openSUSE-SU-2014:0270-1, RHSA-2014:0103-01, VIGILANCE-VUL-14060.

Description of the vulnerability

The libvirt library provides a standard interface on several virtualization products (Xen, QEMU, KVM, etc.).

When a client connects on libvirtd, he can request a keepalive session (which stays open for other queries). However, if he closes this session before authenticating, an internal error occurs.

An attacker can therefore use the keepalive feature of libvirt, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-0591

ISC BIND: denial of service via NSEC3

Synthesis of the vulnerability

When an authoritative BIND server manages a zone signed with NSEC3, an attacker can send a special query, in order to trigger a denial of service.
Impacted products: Debian, Fedora, FreeBSD, HP-UX, BIND, NetBSD, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 14/01/2014.
Identifiers: AA-01085, BID-64801, c04085336, CERTA-2014-AVI-013, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2014-0591, DSA-3023-1, FEDORA-2014-0811, FEDORA-2014-0858, FreeBSD-SA-14:04.bind, HPSBUX02961, MDVSA-2014:002, openSUSE-SU-2014:0199-1, openSUSE-SU-2014:0202-1, RHSA-2014:0043-01, RHSA-2014:1244-01, SSA:2014-028-01, SSA:2014-175-01, SSRT101420, SUSE-SU-2015:0480-1, VIGILANCE-VUL-14058.

Description of the vulnerability

When DNSSEC is used, each DNS record (triplet {name, type, class}) is signed using a RRSIG record. A DNS server that implements DNSSEC returns to the client normal records and RRSIG records. When the client requested a nonexistent record, the DNS server returns NSEC/NSEC3 records which are also signed.

The query_findclosestnsec3() function of the bin/named/query.c file manages NSEC3 records. However, the processing of domain name labels is incorrect, then a memcpy() is performed on an invalid range, so the resulting name is too long, which triggers a call to the INSIST() macro which stops BIND.

It can be noted that the memcpy() function of the GNU glibc 2.18 was optimized, and that it manages ranges in a different way. It appears that only BIND compiled with this libc version is vulnerable.

When an authoritative BIND server manages a zone signed with NSEC3, an attacker can therefore send a special query, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-6458

libvirtd: NULL pointer dereference via qemuDomainBlockStats

Synthesis of the vulnerability

An attacker can dereference a NULL pointer in qemuDomainBlockStats of libvirtd, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 09/01/2014.
Identifiers: 1043069, BID-64723, CVE-2013-6458, DSA-2846-1, FEDORA-2014-1042, FEDORA-2014-1090, openSUSE-SU-2014:0268-1, openSUSE-SU-2014:0270-1, RHSA-2014:0103-01, VIGILANCE-VUL-14047.

Description of the vulnerability

The libvirt library provides a standard interface on several virtualization products (Xen, QEMU, KVM, etc.).

The qemuDomainBlockStats() function of the qemu/qemu_driver.c file obtains information on a disk. However, it does not check if a pointer is NULL, before using it.

An attacker can therefore dereference a NULL pointer in the qemuDomainBlockStats() function of libvirtd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-6462

libXfont: buffer overflow of bdfReadCharacters

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the bdfReadCharacters() function of libXfont, in order to trigger a denial of service, and possibly to execute privileged code.
Impacted products: Debian, Fedora, NetBSD, OpenBSD, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, XOrg Bundle ~ not comprehensive.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 08/01/2014.
Identifiers: CERTA-2014-AVI-005, CERTA-2014-AVI-005-001, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2013-6462, DSA-2838-1, FEDORA-2014-0443, FEDORA-2014-0467, FEDORA-2015-3948, FEDORA-2015-3964, MDVSA-2014:013, NetBSD-SA2014-001, openSUSE-SU-2014:0073-1, openSUSE-SU-2014:0075-1, RHSA-2014:0018-01, SSA:2014-013-01, SUSE-SU-2014:0881-1, VIGILANCE-VUL-14031.

Description of the vulnerability

The libXfont library is used by X.org (executed as root) to process character fonts.

The BDF (Bitmap Distribution Format) format stores fonts of type bitmap. The bdfReadCharacters() function of the libXfont library reads characters of a BDF font. It uses the sscanf() function to decode "STARTCHAR %s" strings. However, if the size of data is greater than the size of the storage array (100 bytes), an overflow occurs.

An attacker can therefore generate a buffer overflow in the bdfReadCharacters() function of libXfont, in order to trigger a denial of service, and possibly to execute privileged code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Linux: