The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Sarge

computer vulnerability note CVE-2012-0045

Linux kernel: denial of service via KVM syscall

Synthesis of the vulnerability

An attacker, who is located in a KVM guest system, can run a malformed program, in order to stop the system.
Impacted products: Debian, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Creation date: 12/01/2012.
Identifiers: BID-51389, CVE-2012-0045, DSA-2443-1, FEDORA-2012-0363, FEDORA-2012-0480, openSUSE-SU-2013:0927-1, RHSA-2012:0350-01, RHSA-2012:0422-01, SUSE-SU-2012:0616-1, VIGILANCE-VUL-11279.

Description of the vulnerability

The arch/x86/kvm/emulate.c file implements the support of KVM (Kernel-based Virtual Machine).

The "syscall" assembler instruction is used to call a procedure which will be run with elevated privileges. During the compilation to assembler code, "syscall" is translated to "0F05".

The "0F05" opcode is not valid on a 32 bit processor. However, KVM does not manage this case, and generates an "illegal instruction" interruption, which stops the system.

An attacker, who is located in a KVM guest system, can therefore run a malformed program, in order to stop the system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2011-3919

libxml2: buffer overflow via xmlStringLenDecodeEntities

Synthesis of the vulnerability

An attacker can send long XML data to an application linked to libxml2, in order to stop it, and possibly to execute code.
Impacted products: Debian, Fedora, NSM Central Manager, NSMXpress, libxml, MES, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 3/4.
Creation date: 12/01/2012.
Identifiers: 771896, CERTA-2012-AVI-004, CERTA-2012-AVI-387, CERTA-2012-AVI-479, CERTA-2012-AVI-673, CVE-2011-3919, DSA-2394-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, ESXi400-201209001, ESXi400-201209401-SG, ESXi410-201208101-SG, ESXi500-201207001, ESXi500-201207101-SG, FEDORA-2012-13820, FEDORA-2012-13824, MDVSA-2012:005, openSUSE-SU-2012:0107-1, PSN-2012-11-767, RHSA-2012:0016-01, RHSA-2012:0017-01, RHSA-2012:0018-01, RHSA-2012:0104-01, RHSA-2013:0217-01, SUSE-SU-2012:0117-1, SUSE-SU-2013:1625-1, SUSE-SU-2013:1627-1, VIGILANCE-VUL-11277, VMSA-2012-0003.1, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0012, VMSA-2012-0012.1, VMSA-2012-0012.2, VMSA-2012-0013, VMSA-2012-0013.1.

Description of the vulnerability

The libxml2 library implements an XML parser.

An XML entity is used for substitutions. For example when <!ENTITY ABC "hello"> is defined, the "&ABC;" entity is equivalent to the text "hello".

The xmlStringLenDecodeEntities() function replaces sub-entities in an entity. In order to do so, it allocates a memory area, and stores replaced entities. When the allocated size is too short, it reallocates a larger memory area. However, the size of this new area is incorrectly computed, and becomes too short.

An attacker can therefore send long XML data to an application linked to libxml2, in order to stop it, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2012-0041 CVE-2012-0042 CVE-2012-0043

Wireshark: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, Solaris, RHEL, Wireshark.
Severity: 2/4.
Creation date: 11/01/2012.
Identifiers: BID-51368, BID-51710, CVE-2012-0041, CVE-2012-0042, CVE-2012-0043, CVE-2012-0066, CVE-2012-0067, CVE-2012-0068, DSA-2395-1, FEDORA-2012-0435, FEDORA-2012-0440, MDVSA-2012:015, openSUSE-SU-2012:0295-1, RHSA-2012:0509-01, RHSA-2013:0125-01, VIGILANCE-VUL-11273, wnpa-sec-2012-01, wnpa-sec-2012-02, wnpa-sec-2012-03.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can invite the victim to open a malicious capture file, in order to execute code. [severity:2/4; CVE-2012-0041, wnpa-sec-2012-01]

A malicious packet dereferences a NULL pointer, and stops Wireshark. [severity:1/4; CVE-2012-0042, wnpa-sec-2012-02]

An attacker can generate a buffer overflow in the RLC dissector, in order to execute code. [severity:2/4; CVE-2012-0043, wnpa-sec-2012-03]

Several other vulnerabilities can lead to a denial of service or to code execution. [severity:2/4; CVE-2012-0066, CVE-2012-0067, CVE-2012-0068]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2011-4108 CVE-2012-0390

GnuTLS, OpenSSL: data reading via DTLS and CBC

Synthesis of the vulnerability

When an exchange uses a DTLS encryption in CBC mode, an attacker can partially retrieve plain text fragments.
Impacted products: Clearswift Email Gateway, Debian, HP-UX, AIX, Tivoli Workload Scheduler, MES, Mandriva Linux, OpenSSL, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Creation date: 09/01/2012.
Identifiers: 1643316, BID-51322, c03141193, CERTA-2012-AVI-479, CVE-2011-4108, CVE-2012-0390, DSA-2390-1, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, ESXi410-201208101-SG, ESXi500-201212102-SG, GNUTLS-SA-2012-1, HPSBUX02734, MDVSA-2012:006, MDVSA-2012:007, openSUSE-SU-2012:0083-1, openSUSE-SU-2012:0344-1, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, RHSA-2012:0059-01, RHSA-2012:0060-01, SSRT100729, SUSE-SU-2012:0084-1, SUSE-SU-2012:0807-1, SUSE-SU-2012:0818-1, SUSE-SU-2014:0320-1, VIGILANCE-VUL-11262, VMSA-2012-0005.2, VMSA-2012-0012.1, VMSA-2012-0012.2, VMSA-2012-0013, VMSA-2012-0013.2, VMSA-2013-0003.

Description of the vulnerability

The DTLS (Datagram Transport Layer Security) protocol, based on TLS, provides a cryptographic layer over the UDP protocol.

In CBC mode, an attacker can measure time difference of decryption computation, in order to retrieve clear text.

When an exchange uses a DTLS encryption in CBC mode, an attacker can therefore partially retrieve plain text fragments.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2011-3892 CVE-2011-3893 CVE-2011-3895

FFmpeg: several vulnerabilities

Synthesis of the vulnerability

An attacker can create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Impacted products: Debian, MBS, MES, Mandriva Linux, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 06/01/2012.
Identifiers: BID-51307, CERTA-2012-AVI-018, CERTA-2012-AVI-253, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2012-0847, CVE-2012-0848, CVE-2012-0849, CVE-2012-0850, CVE-2012-0851, CVE-2012-0852, CVE-2012-0853, CVE-2012-0854, CVE-2012-0855, CVE-2012-0856, CVE-2012-0857, CVE-2012-0858, CVE-2012-0859, DSA-2471-1, DSA-2494-1, DSA-2624-1, MDVSA-2012:074, MDVSA-2012:074-1, MDVSA-2012:075, MDVSA-2012:076, MDVSA-2013:079, VIGILANCE-VUL-11261.

Description of the vulnerability

The FFmpeg suite contains several libraries to process multimedia data.

It is impacted by several vulnerabilities in 4xm, aac, aacdec, aacsbr, aascdec, adpcm, adx_parser, adxdec, alac, als, amr, applehttp, asfdec, atrac3, avidec, cljr, electronicarts, ffmpeg, flicvideo, golomb, h263dec, h264, indeo3, indeo5, ipmovie, j2kdec, kvmc, lavfi, lzo, mlp_parser, mpeg12dec, mpeg4videodec, msrledec, mtv, mxfdec, pam, proresdec, qpeg, riff, rl2demux, rv34, shorten, smacker, soxdec, swr, tm2, truespeech, ulti, v410dec, vc1dec, vcr1dec, vorbis, westwood, ws_snd1, and xl.

An attacker can therefore create a malicious video, and invite the victim to display it with an application linked to FFmpeg, in order to stop it or to execute code on his computer.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2011-4108 CVE-2011-4109 CVE-2011-4576

OpenSSL: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several OpenSSL vulnerabilities, in order to obtain information, to create a denial of service, and possibly to execute code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, IVE OS, Junos Pulse, Juniper SA, MES, Mandriva Linux, NetBSD, OpenSSL, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 3/4.
Creation date: 05/01/2012.
Identifiers: 1643316, BID-51281, c03141193, CERTA-2012-AVI-006, CERTA-2012-AVI-171, CERTA-2012-AVI-479, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, DSA-2390-1, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, ESXi410-201208101-SG, ESXi500-201212102-SG, FEDORA-2012-0232, FEDORA-2012-0250, FreeBSD-SA-12:01.openssl, HPSBUX02734, MDVSA-2012:006, MDVSA-2012:007, openSUSE-SU-2012:0083-1, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, PSN-2012-09-712, RHSA-2012:0059-01, RHSA-2012:0060-01, RHSA-2012:0086-01, RHSA-2012:0109-01, RHSA-2012:0168-01, RHSA-2012:1306-01, RHSA-2012:1307-01, RHSA-2012:1308-01, SOL15388, SOL15389, SOL15395, SOL15461, SSRT100729, SUSE-SU-2012:0084-1, SUSE-SU-2014:0320-1, VIGILANCE-VUL-11257, VMSA-2012-0005.2, VMSA-2012-0012.1, VMSA-2012-0012.2, VMSA-2012-0013, VMSA-2012-0013.2, VMSA-2013-0003.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

The DTLS (Datagram Transport Layer Security) protocol, based on TLS, provides a cryptographic layer over the UDP protocol. In CBC mode, an attacker can measure time difference of decryption computation, in order to retrieve the clear text (VIGILANCE-VUL-11262). [severity:1/4; CERTA-2012-AVI-006, CERTA-2012-AVI-171, CVE-2011-4108]

When the X509_V_FLAG_POLICY_CHECK is set on OpenSSL 0.9.8, an attacker can generate a double memory free, which may lead to code execution. Apache httpd does not use this flag. [severity:3/4; CVE-2011-4109]

When SSL 3.0 is used, each message can contain up to 15 bytes which are not reset before being sent. This occurs when a message is larger than the previous message, and in practice these data come from the handshake and are not sensitive. [severity:2/4; CVE-2011-4576]

When OpenSSL is configured with "enable-rfc3779", a certificate containing malformed RFC 3779 data (X.509 Extensions for IP Addresses and AS Identifiers) generates an assertion error, which stops the application. [severity:2/4; CVE-2011-4577]

The SGC (Server Gated Cryptography) technology processes weak algorithms/keys, and it is considered as obsolete. An attacker can use the handshake restart feature of SGC, in order to create a denial of service. [severity:2/4; CVE-2011-4619]

When GOST ENGINE (GOST algorithms defined in draft-chudov-cryptopro-cptls-04) are enabled, an attacker can send invalid parameters, in order to stop the TLS server. [severity:2/4; CVE-2012-0027]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2011-4127

Linux kernel: privilege elevation via SG_IO

Synthesis of the vulnerability

A local attacker can use the SG_IO ioctl, in order to access to a disk partition.
Impacted products: Debian, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 27/12/2011.
Identifiers: 752375, BID-51176, CVE-2011-4127, DSA-2389-1, FEDORA-2011-17372, FEDORA-2011-17388, FEDORA-2012-0861, FEDORA-2012-0876, openSUSE-SU-2013:0927-1, RHSA-2011:1849-01, RHSA-2011:1850-01, RHSA-2012:0107-01, RHSA-2012:0333-01, RHSA-2012:0358-01, SUSE-SU-2012:0153-1, SUSE-SU-2012:0153-2, SUSE-SU-2012:0554-1, SUSE-SU-2012:0554-2, SUSE-SU-2015:0812-1, VIGILANCE-VUL-11252.

Description of the vulnerability

The SG_IO ioctl is used to access to a SCSI device.

The kernel allows users to call it. An attacker, who is located in a guest KVM system, can thus access to data of the host system.

A local attacker can therefore use the SG_IO ioctl, in order to access to a disk partition.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2011-4862

MIT krb5-appl: buffer overflow of telnetd

Synthesis of the vulnerability

A remote unauthenticated attacker can generate a buffer overflow in the telnetd daemon of MIT krb5-appl, in order to stop it, or to execute code.
Impacted products: AsyncOS, Cisco Content SMA, Cisco ESA, IronPort Email, IronPort Management, IronPort Web, Cisco WSA, Debian, Fedora, FreeBSD, MES, Mandriva Linux, MIT krb5, NetBSD, NLD, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, ESX.
Severity: 4/4.
Creation date: 27/12/2011.
Identifiers: 83262, BID-51182, CERTA-2011-AVI-718, CERTA-2012-ALE-001-001, cisco-amb-20120126-ironport, cisco-sa-20120126-ironport, CVE-2011-4862, DSA-2372-1, DSA-2373-1, DSA-2375-1, FEDORA-2011-17492, FEDORA-2011-17493, FreeBSD-SA-11:08.telnetd, MDVSA-2011:195, MITKRB5-SA-2011-008, openSUSE-SU-2012:0019-1, openSUSE-SU-2012:0051-1, RHSA-2011:1851-01, RHSA-2011:1852-02, RHSA-2011:1853-01, RHSA-2011:1854-01, SUSE-SU-2012:0010-1, SUSE-SU-2012:0018-1, SUSE-SU-2012:0024-1, SUSE-SU-2012:0042-1, SUSE-SU-2012:0050-1, SUSE-SU-2012:0056-1, VIGILANCE-VUL-11248.

Description of the vulnerability

The RFC 2946 defines an encryption protocol for TELNET sessions. The telnetd daemon of MIT krb5-appl implements this RFC.

The TELNET ENCRYPT (38) option defines the ENC_KEYID (7) sub-option, which indicates the encryption key identifier.

When the telnetd daemon receives the ENC_KEYID sub-option, it calls the encrypt_keyid() function of the libtelnet/encrypt.c file. However, this function does not check the size of the identifier, so an overflow occurs.

A remote unauthenticated attacker can therefore generate a buffer overflow in the telnetd daemon of MIT krb5-appl, in order to stop it, or to execute code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2011-4622

Linux kernel: denial of service via KVM PIT

Synthesis of the vulnerability

A local attacker in an KVM environment can use a PIT, in order to stop the system.
Impacted products: Debian, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Creation date: 22/12/2011.
Identifiers: BID-51172, CVE-2011-4622, DSA-2389-1, FEDORA-2012-0145, FEDORA-2012-0492, openSUSE-SU-2013:0925-1, openSUSE-SU-2013:0927-1, RHSA-2012:0051-01, RHSA-2012:0350-01, SUSE-SU-2012:0616-1, SUSE-SU-2013:0786-1, VIGILANCE-VUL-11246.

Description of the vulnerability

On an x86 processor, the PIT Intel 8254 (Programmable Interval Timer) is used to count or to program tasks.

The KVM (Kernel-based Virtual Machine) environment of the Linux kernel implements a PIT 8254. The create_pit_timer() function of file arch/x86/kvm/i8254.c creates a timer. However, this function does not check if an IRQCHIP is set. A NULL pointer is then dereferenced.

A local attacker in an KVM environment can therefore use a PIT, in order to stop the system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2011-4528 CVE-2011-4869

Unbound: denial of service

Synthesis of the vulnerability

An attacker, who owns a DNS server, can return special records, in order to stop Unbound.
Impacted products: Debian, Fedora, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 20/12/2011.
Identifiers: CVE-2011-4528, CVE-2011-4869, DSA-2370-1, FEDORA-2011-17282, FEDORA-2011-17337, VIGILANCE-VUL-11240, VU#209659.

Description of the vulnerability

The Unbound product is a DNS server handling DNSSEC extensions. It is impacted by two vulnerabilities.

When an authoritative DNS server returns duplicated records signed by DNSSEC, Unbound does not correctly compute the signed size, which stop it. [severity:2/4; CVE-2011-4528]

When an authoritative DNS server returns a NSEC3 record with special data, an assertion error occurs in nsec3_do_prove_nodata(). [severity:2/4; CVE-2011-4869]

An attacker, who owns a DNS server, can therefore return special records, in order to stop Unbound.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Sarge: