The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Stretch

vulnerability CVE-2009-4138

Linux kernel: NULL dereference via FireWire

Synthesis of the vulnerability

An attacker can plug a malicious FireWire device, in order to stop the kernel or to execute privileged code.
Impacted products: Debian, Linux, openSUSE, RHEL, SLES, ESX, ESXi.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 15/12/2009.
Identifiers: BID-37339, CERTA-2002-AVI-252, CVE-2009-4138, DSA-2004-1, RHSA-2010:0046-01, RHSA-2010:0631-01, SUSE-SA:2010:001, SUSE-SA:2010:005, SUSE-SA:2010:012, VIGILANCE-VUL-9290, VMSA-2010-0009, VMSA-2010-0009.1.

Description of the vulnerability

The FireWire port (IEEE 1394) is used by high speed serial devices. The drivers/firewire/ohci.c file of the Linux kernel implements OHCI (Open Host Controller Interface), which is a standard interface.

However, the drivers/firewire/ohci.c file does not correctly handle the case where the size of FireWire data is zero, which forces a NULL pointer to be dereferenced.

An attacker can therefore plug a malicious FireWire device, or access to /dev/fw*, in order to stop the kernel.

An attacker may also use this vulnerability with VIGILANCE-VUL-8953/VIGILANCE-VUL-8861 in order to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2009-4307 CVE-2009-4308

Linux kernel: denials of service via ext4

Synthesis of the vulnerability

An attacker can create a malicious ext4 filesystem and then mount it in order to stop the kernel.
Impacted products: Debian, Linux, Mandriva Linux, openSUSE, RHEL, SLES, ESX, ESXi, vCenter Server, VirtualCenter, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/12/2009.
Identifiers: CERTA-2002-AVI-252, CVE-2009-4307, CVE-2009-4308, DSA-2004-1, DSA-2443-1, MDVSA-2010:188, MDVSA-2010:198, MDVSA-2011:029, RHSA-2010:0147-01, RHSA-2010:0178-02, RHSA-2010:0380-01, SUSE-SA:2010:001, SUSE-SA:2010:005, SUSE-SA:2010:012, VIGILANCE-VUL-9289, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2.

Description of the vulnerability

The ext4 filesystem is supported by the Linux kernel since version 2.6.23. Its implementation contains several vulnerabilities leading to denials of service.

A malicious ext4 file system generates a division by zero in the ext4_fill_flex_info() function of the fs/ext4/super.c file. [severity:1/4; CVE-2009-4307]

A malicious ext4 file system generates a NULL pointer dereference in the ext4_decode_error() function of the fs/ext4/super.c file. [severity:1/4; CVE-2009-4308]

An attacker can therefore create a malicious ext4 filesystem and then mount it in order to stop the kernel.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-4034 CVE-2009-4136

PostgreSQL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of PostgreSQL, in order to access to user's data.
Impacted products: Debian, Fedora, HPE NNMi, Mandriva Linux, OpenSolaris, openSUSE, Solaris, PostgreSQL, RHEL, SLES, TurboLinux.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/12/2009.
Identifiers: 274870, 6909139, 6909140, 6909142, BID-37333, BID-37334, c03333585, CERTA-2009-AVI-546, CVE-2009-4034, CVE-2009-4136, DSA-1964-1, FEDORA-2009-13363, FEDORA-2009-13381, HPSBMU02781, MDVSA-2009:333, RHSA-2010:0427-01, RHSA-2010:0428-01, RHSA-2010:0429-01, SSRT100617, SUSE-SR:2010:001, TLSA-2010-2, VIGILANCE-VUL-9285.

Description of the vulnerability

Two vulnerabilities were announced in PostgreSQL.

When a SSL certificate is used, an attacker can send a X.509 certificate with a field containing a null character, in order to bypass access restrictions. [severity:2/4; BID-37334, CERTA-2009-AVI-546, CVE-2009-4034]

A local attacker can use an index function, in order to elevate his privileges. [severity:2/4; BID-37333, CVE-2009-4136]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2009-4005

Linux kernel: denial of service via ISDN

Synthesis of the vulnerability

An attacker can send a short ISDN frame, in order to generate a denial of service.
Impacted products: Debian, Linux, Mandriva Linux, NLD, openSUSE, RHEL, SLES.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: intranet client.
Creation date: 15/12/2009.
Identifiers: BID-37036, CERTA-2002-AVI-252, CVE-2009-4005, DSA-2003-1, DSA-2004-1, MDVSA-2010:030, MDVSA-2010:034, MDVSA-2010:034-1, MDVSA-2010:034-2, RHSA-2010:0076-01, SUSE-SA:2009:061, SUSE-SA:2009:064, SUSE-SA:2010:001, SUSE-SA:2010:005, SUSE-SA:2010:013, VIGILANCE-VUL-9282.

Description of the vulnerability

ISDN networks use HDLC (High-Level Data Link Control) frames, which end with 2 bytes of CRC and one byte of tag.

The collect_rx_frame() function of the drivers/isdn/hisax/hfc_usb.c file truncates these 3 bytes. However, if the received frame is too short, the function uses a negative array index.

An attacker can therefore send a short ISDN frame, in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-4020

Linux kernel: memory corruption via HFS

Synthesis of the vulnerability

An local attacker can create a specially crafted HFS filesystem in order to corrupt memory and possibly execute code.
Impacted products: Debian, Linux, openSUSE, RHEL, SLES, ESX, ESXi.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 09/12/2009.
Identifiers: 540736, CERTA-2002-AVI-252, CVE-2009-4020, DSA-2003-1, DSA-2004-1, openSUSE-SU-2012:0781-1, openSUSE-SU-2012:0799-1, openSUSE-SU-2012:0812-1, openSUSE-SU-2012:1439-1, RHSA-2010:0046-01, RHSA-2010:0076-01, SUSE-SA:2010:005, SUSE-SA:2010:016, SUSE-SA:2010:019, SUSE-SA:2010:023, SUSE-SA:2010:036, SUSE-SU-2011:0928-1, SUSE-SU-2012:1056-1, VIGILANCE-VUL-9266, VMSA-2010-0009, VMSA-2010-0009.1.

Description of the vulnerability

The hfs_cat_move(), hfs_readdir() and hfs_fill_super() methods of the files fs/hfs/catalog.c, fs/hfs/dir.c and fs/hfs/super.c handles respectively renaming of an HFS file, reading of an HFS directory and mounting an HFS filesystem.

The hfs_bnode_read() method of the file fs/hfs/bnode.c copy an HFS node to a buffer. The hfs_cat_move(), hfs_readdir() and hfs_fill_super() methods allocate on the stack a fixed length buffer and use hfs_bnode_read() to copy an HFS node read from the partition in this buffer. However, the size of the data to copy is not checked.

An local attacker can therefore create a specially crafted HFS filesystem in order to corrupt memory and possibly execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2009-3563

NTP: denial of service

Synthesis of the vulnerability

A remote attacker can send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Impacted products: Avaya Ethernet Routing Switch, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, Tru64 UNIX, HP-UX, AIX, Juniper J-Series, Junos OS, Mandriva Linux, Mandriva NF, Meinberg NTP Server, NetBSD, Nortel ESM, Nortel VPN Router, NLD, OES, NTP.org, OpenSolaris, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SLES, ESX, ESXi.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 09/12/2009.
Identifiers: 025389-01, 1021781, 2009009932, 275590, 6902029, BID-37255, c01961950, c02737553, c03714526, CERTA-2010-AVI-002, CR131466, CVE-2009-3563, DSA-1948-1, FEDORA-2009-13046, FEDORA-2009-13090, FEDORA-2009-13121, FreeBSD-SA-10:02.ntpd, HPSBTU02496, HPSBUX02639, HPSBUX02859, IZ68659, IZ71047, IZ71071, IZ71093, IZ71608, IZ71610, IZ71611, IZ71613, IZ71614, MDVSA-2009:328, NetBSD-SA2010-005, PSN-2009-12-609, RHSA-2009:1648-01, RHSA-2009:1651-01, SOL10905, SSA:2009-343-01, SSRT090245, SSRT100293, SSRT101144, SUSE-SR:2009:020, VIGILANCE-VUL-9259, VMSA-2010-0004, VMSA-2010-0004.1, VMSA-2010-0004.2, VMSA-2010-0004.3, VMSA-2010-0009, VMSA-2010-0009.1.

Description of the vulnerability

The NTP protocol possess multiple modes of operation.

The MODE_PRIVATE mode is used by ntpdc to query the state of ntpd daemon. When ntpd receives an invalid MODE_PRIVATE request, it sends back a MODE_PRIVATE error. However, when ntpd receives a MODE_PRIVATE error, it sends it back to the sender generating a loop.

A remote attacker can therefore send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2009-4026 CVE-2009-4027

Linux kernel: denial of service of mac80211

Synthesis of the vulnerability

An attacker can send malicious 802.11 packets, in order to stop the system.
Impacted products: Debian, Linux, openSUSE, RHEL.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/12/2009.
Identifiers: CERTA-2010-AVI-080, CVE-2009-4026, CVE-2009-4027, DSA-1996-1, RHSA-2010:0178-02, RHSA-2010:0380-01, SUSE-SA:2010:001, VIGILANCE-VUL-9260.

Description of the vulnerability

The standard IEEE 802.11-2007 defines frames ADDBA (Add Block ACK) and DELBA (Delete Block ACK) to manage multicast communications.

When the ieee80211_sta_stop_rx_ba_session() function of the net/mac80211/agg-rx.c file handles a malformed DELBA frame, it calls the BUG_ON() macro, which stops the kernel.

An attacker can therefore send malicious 802.11 packets, in order to stop the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2009-4031

Linux kernel: denial of service via KVM

Synthesis of the vulnerability

An attacker in a KVM guest system can use a long x86 instruction, in order to generate a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE, RHEL.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 09/12/2009.
Identifiers: BID-37130, CVE-2009-4031, DSA-1962-1, FEDORA-2009-13098, RHSA-2009:1659-01, RHSA-2009:1692-01, SUSE-SA:2010:018, VIGILANCE-VUL-9257.

Description of the vulnerability

The KVM feature of the kernel is used to virtualize a system under Linux.

Instructions of x86 processors are limited to 15 bytes. However, the do_insn_fetch() function of the arch/x86/kvm/emulate.c file accepts longer instructions, which slows the system.

An attacker in a KVM guest system can therefore use a long x86 instruction, in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-7247 CVE-2009-4019 CVE-2009-4028

MySQL: several vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of MySQL, in order to generate a denial of service, or to access to users' tables.
Impacted products: Debian, Fedora, Mandriva Linux, MySQL Community, MySQL Enterprise, openSUSE, Solaris, Percona Server, RHEL, SLES.
Severity: 2/4.
Consequences: data reading, data creation/edition, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 4.
Creation date: 09/12/2009.
Identifiers: BID-37075, BID-37076, BID-37297, BID-38043, CERTA-2010-AVI-080, CERTA-2013-AVI-543, CVE-2008-7247, CVE-2009-4019, CVE-2009-4028, CVE-2009-4030, DSA-1997-1, FEDORA-2009-12180, FEDORA-2009-13466, FEDORA-2009-13504, FEDORA-2010-1300, FEDORA-2010-1348, MDVSA-2010:011, MDVSA-2010:012, MDVSA-2010:044, RHSA-2010:0109-01, RHSA-2010:0110-01, SUSE-SR:2010:007, SUSE-SR:2010:011, SUSE-SR:2010:021, VIGILANCE-VUL-9253.

Description of the vulnerability

An attacker can use several vulnerabilities of MySQL.

A local attacker can use a symbolic link, in order to bypass access restrictions. [severity:2/4; BID-37075, BID-38043, CVE-2008-7247, CVE-2009-4030]

A malicious server can offer an invalid SSL certificate, which is accepted by the MySQL client. [severity:2/4; BID-37076, CVE-2009-4028]

An attacker can use a SELECT query, with sub-queries, in order to generate a denial of service. [severity:1/4; CVE-2009-4019]

A local attacker can force the GeomFromWKB() function to dereference a NULL pointer, which creates a denial of service. [severity:1/4; CVE-2009-4019]

An attacker can thus generate a denial of service, or access to users' tables.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2009-3560

expat: denial of service via XML in big2_toUtf8

Synthesis of the vulnerability

An attacker can create XML data containing a malicious character, in order to create a denial of service in expat.
Impacted products: Apache httpd, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Mandriva Linux, Mandriva NF, NetBSD, NLD, OES, OpenSolaris, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware, SLES, Unix (platform) ~ not comprehensive, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/12/2009.
Identifiers: 273630, 2894085, 6905480, BID-37203, c02752210, CERTA-2009-AVI-533, CERTA-2010-AVI-510, CERTA-2012-AVI-046, CERTFR-2014-AVI-529, CVE-2009-3560, DSA-1953-1, DSA-1953-2, DSA-1977-1, FEDORA-2009-12690, FEDORA-2009-12716, FEDORA-2009-12737, HPSBUX02645, MDVSA-2009:316, MDVSA-2009:316-1, MDVSA-2009:316-2, MDVSA-2009:316-3, RHSA-2009:1625-01, RHSA-2011:0896-01, RHSA-2011:0897-01, SOL15905, SSA:2011-041-02, SSA:2011-041-03, SSRT100387, SUSE-SR:2009:020, SUSE-SR:2010:001, SUSE-SR:2010:005, SUSE-SR:2010:011, SUSE-SR:2010:012, SUSE-SR:2010:013, SUSE-SR:2010:014, SUSE-SR:2010:015, VIGILANCE-VUL-9251, VMSA-2010-0004, VMSA-2010-0004.1, VMSA-2010-0004.2, VMSA-2010-0004.3.

Description of the vulnerability

The expat library manages XML data.

In UTF-8 encoding, a character can be encoded with several bytes. When XML data ends in the middle of these bytes, the doProlog() function of the lib/xmlparse.c file does not correctly skip some bytes, which forces the big2_toUtf8() function of the lib/xmltok_impl.c file to read after the end of data.

An attacker can therefore create XML data containing a malicious character, in order to create a denial of service in applications using expat.

This vulnerability is different from VIGILANCE-VUL-9250.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Stretch: