| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Dell EMC PowerPath
OpenSSL: six vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Tomcat, Mac OS X, StormShield, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, Android OS, HP Operations, HP Switch, AIX, IRAD, QRadar SIEM, IBM System x Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee NSM, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP 7-Mode, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, pfSense, Pulse Connect Secure, Puppet, Python, RHEL, JBoss EAP by Red Hat, SAS Management Console, Shibboleth SP, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, VxWorks, X2GoClient.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 03/05/2016.
Identifiers: 1982949, 1985850, 1987779, 1993215, 1995099, 1998797, 2003480, 2003620, 2003673, 510853, 9010083, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-151, CERTFR-2016-AVI-153, CERTFR-2018-AVI-160, cisco-sa-20160504-openssl, cpuapr2017, cpujan2018, cpujul2016, cpujul2017, cpujul2018, cpuoct2016, cpuoct2017, cpuoct2018, CTX212736, CTX233832, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, DLA-456-1, DSA-3566-1, ESA-2017-142, FEDORA-2016-05c567df1a, FEDORA-2016-1e39d934ed, FEDORA-2016-e1234b65a2, FG-IR-16-026, FreeBSD-SA-16:17.openssl, HPESBGN03728, HPESBHF03756, HT206903, JSA10759, K23230229, K36488941, K51920288, K75152412, K93600123, MBGSA-1603, MIGR-5099595, MIGR-5099597, NTAP-20160504-0001, openSUSE-SU-2016:1237-1, openSUSE-SU-2016:1238-1, openSUSE-SU-2016:1239-1, openSUSE-SU-2016:1240-1, openSUSE-SU-2016:1241-1, openSUSE-SU-2016:1242-1, openSUSE-SU-2016:1243-1, openSUSE-SU-2016:1273-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:0487-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2016:0722-01, RHSA-2016:0996-01, RHSA-2016:1137-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, RHSA-2016:2073-01, SA123, SA40202, SB10160, SOL23230229, SOL36488941, SOL51920288, SOL75152412, SP-CAAAPPQ, SPL-119440, SPL-121159, SPL-123095, SSA:2016-124-01, STORM-2016-002, SUSE-SU-2016:1206-1, SUSE-SU-2016:1228-1, SUSE-SU-2016:1231-1, SUSE-SU-2016:1233-1, SUSE-SU-2016:1267-1, SUSE-SU-2016:1290-1, SUSE-SU-2016:1360-1, SUSE-SU-2018:0112-1, TNS-2016-10, USN-2959-1, VIGILANCE-VUL-19512, VN-2016-006, VN-2016-007.
Description of the vulnerability
Several vulnerabilities were announced in OpenSSL.
An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. This vulnerability was initially fixed in versions 1.0.1o and 1.0.2c, but it was not disclosed at that time. [severity:3/4; CVE-2016-2108]
An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. [severity:3/4; CVE-2016-2107]
An attacker can generate a buffer overflow in EVP_EncodeUpdate(), which is mainly used by command line applications, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2105]
An attacker can generate a buffer overflow in EVP_EncryptUpdate(), which is difficult to reach, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2106]
An attacker can trigger an excessive memory usage in d2i_CMS_bio(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2109]
An attacker can force a read at an invalid address in applications using X509_NAME_oneline(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-2176]
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: seven vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, HP Switch, AIX, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, McAfee Web Gateway, Meinberg NTP Server, Data ONTAP 7-Mode, Snap Creator Framework, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, ROX, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, VxWorks, WinSCP, X2GoClient.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 01/03/2016.
Revision date: 07/03/2016.
Identifiers: 000008897, 046178, 046208, 1979498, 1979602, 1987779, 1993210, 2003480, 2003620, 2003673, 2012827, 2013020, 2014202, 2014651, 2014669, 2015080, 2016039, 7043086, 9010066, 9010067, 9010072, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CTX208403, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842, DSA-3500-1, ESA-2016-080, FEDORA-2016-2802690366, FEDORA-2016-e1234b65a2, FEDORA-2016-e6807b3394, FreeBSD-SA-16:12.openssl, HPESBHF03741, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10722, JSA10759, K22334603, K52349521, K93122894, MBGSA-1602, NTAP-20160301-0001, NTAP-20160303-0001, NTAP-20160321-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:1211-1, openSUSE-SU-2017:1212-1, PAN-SA-2016-0020, PAN-SA-2016-0028, PAN-SA-2016-0030, RHSA-2016:0301-01, RHSA-2016:0302-01, RHSA-2016:0303-01, RHSA-2016:0304-01, RHSA-2016:0305-01, RHSA-2016:0306-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, RHSA-2016:1519-01, RHSA-2016:2073-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA117, SA40168, SB10156, SOL22334603, SOL40524634, SOL52349521, SOL79215841, SOL93122894, SSA:2016-062-02, SSA-623229, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2016-03, USN-2914-1, VIGILANCE-VUL-19060, VN-2016-004, VU#583776.
Description of the vulnerability
Several vulnerabilities were announced in OpenSSL.
An attacker can act as a Man-in-the-Middle on a server supporting SSLv2 and EXPORT ciphers (this configuration is considered as weak since several years), in order to read or write data in the session. [severity:2/4; CVE-2016-0800, VU#583776]
An attacker can force the usage of a freed memory area when OpenSSL processes a DSA private key (this scenario is rare), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0705]
An attacker can read a memory fragment via SRP_VBASE_get_by_user, in order to obtain sensitive information. [severity:1/4; CVE-2016-0798]
An attacker can force a NULL pointer to be dereferenced in BN_hex2bn(), in order to trigger a denial of service. [severity:1/4; CVE-2016-0797]
An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the BIO_*printf() functions, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0799]
An attacker can use cache conflicts on Intel Sandy-Bridge, in order to obtain RSA keys. [severity:1/4; CVE-2016-0702]
An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the internal doapr_outch() function, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2842]
Full Vigil@nce bulletin... (Free trial) |
glibc: buffer overflow of getaddrinfo
Synthesis of the vulnerability
An attacker, who owns a malicious DNS server, can reply with long data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Impacted products: ArubaOS, Blue Coat CAS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco Wireless IP Phone, Cisco Wireless Controller, XenDesktop, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, QRadar SIEM, Trinzic, NSM Central Manager, NSMXpress, McAfee Email Gateway, McAfee MOVE AntiVirus, VirusScan, McAfee Web Gateway, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RealPresence Distributed Media Application, Polycom VBP, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 16/02/2016.
Revision date: 17/02/2016.
Identifiers: 046146, 046151, 046153, 046155, 046158, 1977665, 478832, 479427, 479906, 480572, 480707, 480708, ARUBA-PSA-2016-001, BSA-2016-003, BSA-2016-004, CERTFR-2016-AVI-066, CERTFR-2016-AVI-071, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20160218-glibc, CTX206991, CVE-2015-7547, ESA-2016-020, ESA-2016-027, ESA-2016-028, ESA-2016-029, ESA-2016-030, FEDORA-2016-0480defc94, FEDORA-2016-0f9e9a34ce, JSA10774, KB #4858, openSUSE-SU-2016:0490-1, openSUSE-SU-2016:0510-1, openSUSE-SU-2016:0511-1, openSUSE-SU-2016:0512-1, PAN-SA-2016-0021, RHSA-2016:0175-01, RHSA-2016:0176-01, RHSA-2016:0225-01, SA114, SB10150, SOL47098834, SSA:2016-054-02, SSA-301706, SUSE-SU-2016:0470-1, SUSE-SU-2016:0471-1, SUSE-SU-2016:0472-1, SUSE-SU-2016:0473-1, USN-2900-1, VIGILANCE-VUL-18956, VMSA-2016-0002, VMSA-2016-0002.1, VN-2016-003.
Description of the vulnerability
The glibc library implements a DNS resolver (libresolv).
An application can thus call the getaddrinfo() function, which queries DNS servers. When the AF_UNSPEC type is used in the getaddrinfo() call, two DNS A and AAAA queries are sent simultaneously. However, this special case, and a case with AF_INET6 are not correctly managed, and lead to an overflow if the reply coming from the DNS server is larger than 2048 bytes.
An attacker, who owns a malicious DNS server, can therefore reply with large data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Full Vigil@nce bulletin... (Free trial) |
EMC PowerPath Virtual Appliance: undocumented accounts
Synthesis of the vulnerability
An attacker can log in on two accounts created by EMC PowerPath Virtual Appliance, which can be used to obtain information about the system.
Impacted products: PowerPath, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: intranet client.
Creation date: 01/04/2015.
Identifiers: CVE-2015-0529, ESA-2015-056, VIGILANCE-VUL-16516.
Description of the vulnerability
The EMC PowerPath Virtual Appliance product creates several users.
However, the "emcupdate" and "svcuser" users are not documented, and have a fixed default password.
An attacker can therefore log in on two accounts created by EMC PowerPath Virtual Appliance, which can be used to obtain information about the system.
Full Vigil@nce bulletin... (Free trial) |
bash: command execution in the function parser
Synthesis of the vulnerability
An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, openSUSE Leap, Solaris, RSA Authentication Manager, ROX, RuggedSwitch, Slackware, Stonesoft NGFW/VPN, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 29/09/2014.
Identifiers: 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, CTX200217, CTX200223, CVE-2014-6278, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2015:164, openSUSE-SU-2014:1310-1, openSUSE-SU-2016:2961-1, SB10085, sk102673, SOL15629, SSA:2014-272-01, SSA-860967, T1021272, USN-2380-1, VIGILANCE-VUL-15421, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9.
Description of the vulnerability
The bash interpreter can use functions.
However, when bash parses the source code to create the function, it directly executes commands located at some places.
This vulnerability can be used with the same attack vector than VIGILANCE-VUL-15399.
An attacker can therefore define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
bash: memory corruption in the function parser
Synthesis of the vulnerability
An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, openSUSE Leap, Solaris, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, RSA Authentication Manager, ROX, RuggedSwitch, Slackware, Stonesoft NGFW/VPN, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 29/09/2014.
Identifiers: 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, CTX200217, CTX200223, CVE-2014-6277, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2015:164, openSUSE-SU-2014:1310-1, openSUSE-SU-2016:2961-1, SB10085, sk102673, SOL15629, SSA:2014-272-01, SSA-860967, T1021272, USN-2380-1, VIGILANCE-VUL-15420, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9.
Description of the vulnerability
The bash interpreter can use functions.
However, when bash parses the source code to create the function, it corrupts its memory.
This vulnerability can be used with the same attack vector than VIGILANCE-VUL-15399.
An attacker can therefore define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
bash: two denial of service
Synthesis of the vulnerability
An attacker can use several vulnerabilities of bash.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, Solaris, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, RHEL, RSA Authentication Manager, ROX, RuggedSwitch, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/09/2014.
Identifiers: 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, CTX200217, CTX200223, CVE-2014-7186, CVE-2014-7187, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2015:164, openSUSE-SU-2014:1229-1, openSUSE-SU-2014:1242-1, openSUSE-SU-2014:1248-1, openSUSE-SU-2014:1308-1, openSUSE-SU-2014:1310-1, RHSA-2014:1311-01, RHSA-2014:1312-01, RHSA-2014:1354-01, RHSA-2014:1865-01, SB10085, sk102673, SOL15629, SSA-860967, SUSE-SU-2014:1247-1, SUSE-SU-2014:1247-2, T1021272, USN-2364-1, VIGILANCE-VUL-15419, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9.
Description of the vulnerability
Several vulnerabilities were announced in bash.
An attacker can force a read at an invalid address in redir_stack, in order to trigger a denial of service. [severity:1/4; CVE-2014-7186]
An attacker can generate a buffer overflow of one byte in word_lineno, in order to trigger a denial of service, and possibly to execute code. [severity:1/4; CVE-2014-7187]
Full Vigil@nce bulletin... (Free trial) |
bash: code execution via Function Variable
Synthesis of the vulnerability
An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, Cisco ASR, Cisco ACE, ASA, IOS XE Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Secure ACS, Cisco CUCM, Cisco Unified CCX, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiManager, FortiManager Virtual Appliance, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, Solaris, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, RHEL, RSA Authentication Manager, ROX, RuggedSwitch, Slackware, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/09/2014.
Identifiers: 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, cisco-sa-20140926-bash, CTX200217, CTX200223, CVE-2014-3659-REJECT, CVE-2014-7169, DSA-3035-1, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, FEDORA-2014-11514, FEDORA-2014-11527, FEDORA-2014-12202, FG-IR-14-030, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2014:190, MDVSA-2015:164, openSUSE-SU-2014:1229-1, openSUSE-SU-2014:1242-1, openSUSE-SU-2014:1248-1, openSUSE-SU-2014:1308-1, openSUSE-SU-2014:1310-1, pfSense-SA-14_18.packages, RHSA-2014:1306-01, RHSA-2014:1311-01, RHSA-2014:1312-01, RHSA-2014:1354-01, RHSA-2014:1865-01, SB10085, sk102673, SOL15629, SSA:2014-268-01, SSA:2014-268-02, SSA-860967, SUSE-SU-2014:1247-1, SUSE-SU-2014:1247-2, T1021272, USN-2363-1, USN-2363-2, VIGILANCE-VUL-15401, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9, VN-2014-002.
Description of the vulnerability
The bulletin VIGILANCE-VUL-15399 describes a vulnerability of bash.
However, the offered patch (VIGILANCE-SOL-36695) is incomplete. An variant of the initial attack can thus still be used to execute code or to create a file.
In this case, the code is run when the variable is parsed (which is not necessarily an environment variable), and not when the shell starts. The impact may thus be lower, but this was not confirmed.
An attacker can therefore define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
bash: code execution via Environment Variable, ShellShock
Synthesis of the vulnerability
An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, Cisco ASR, Cisco ACE, ASA, IOS XE Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Secure ACS, Cisco CUCM, Cisco Unified CCX, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiManager, FortiManager Virtual Appliance, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, Solaris, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, RHEL, RSA Authentication Manager, ROX, RuggedSwitch, Slackware, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 24/09/2014.
Identifiers: 1141597, 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-ALE-006, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, cisco-sa-20140926-bash, CTX200217, CTX200223, CVE-2014-6271, DSA-3032-1, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, FEDORA-2014-11360, FEDORA-2014-11503, FG-IR-14-030, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2014:186, MDVSA-2015:164, openSUSE-SU-2014:1226-1, openSUSE-SU-2014:1238-1, openSUSE-SU-2014:1308-1, openSUSE-SU-2014:1310-1, pfSense-SA-14_18.packages, RHSA-2014:1293-01, RHSA-2014:1294-01, RHSA-2014:1295-01, RHSA-2014:1354-01, SB10085, ShellShock, sk102673, SOL15629, SSA:2014-267-01, SSA-860967, SUSE-SU-2014:1212-1, SUSE-SU-2014:1213-1, SUSE-SU-2014:1214-1, SUSE-SU-2014:1223-1, T1021272, USN-2362-1, VIGILANCE-VUL-15399, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9, VN-2014-002, VU#252743.
Description of the vulnerability
When bash interpreter is started, environment variables of the parent process are transfered to the current process. For example:
export A=test
bash
echo $A
Functions can also be transfered through environment variables. For example:
export F='() { echo bonjour; }'
bash
F
However, bash loads functions by interpreting the full environment variable. If an environment variable starts with "() {" and ends with "; command", then the command is run when the shell is started.
The main attack vectors are:
- CGI scripts (Apache mod_cgi, mod_cgid) on a web server (variables: HTTP_header, REMOTE_HOST, SERVER_PROTOCOL)
- OpenSSH via AcceptEnv (variables : TERM, ForceCommand avec SSH_ORIGINAL_COMMAND)
An attacker can therefore define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: man in the middle via ChangeCipherSpec
Synthesis of the vulnerability
An attacker can act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Impacted products: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, Provider-1, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ATA, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Management, IronPort Web, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, WebNS, Cisco WSA, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, ECC, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, HP Operations, ProCurve Switch, HP Switch, HP-UX, AIX, Tivoli Storage Manager, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper UAC, McAfee Web Gateway, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Polycom CMA, HDX, RealPresence Collaboration Server, Polycom VBP, RHEL, JBoss EAP by Red Hat, ACE Agent, ACE Server, RSA Authentication Agent, RSA Authentication Manager, SecurID, ROS, ROX, RuggedSwitch, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, InterScan Messaging Security Suite, InterScan Web Security Suite, TrendMicro ServerProtect, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: document.
Creation date: 05/06/2014.
Revision date: 05/06/2014.
Identifiers: 1676496, 1690827, aid-06062014, c04336637, c04347622, c04363613, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, CERTFR-2014-AVI-513, cisco-sa-20140605-openssl, cpuoct2016, CTX140876, CVE-2014-0224, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBHF03052, HPSBUX03046, JSA10629, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2015:0229-1, openSUSE-SU-2016:0640-1, RHSA-2014:0624-01, RHSA-2014:0625-01, RHSA-2014:0626-01, RHSA-2014:0627-01, RHSA-2014:0628-01, RHSA-2014:0629-01, RHSA-2014:0630-01, RHSA-2014:0631-01, RHSA-2014:0632-01, RHSA-2014:0633-01, RHSA-2014:0679-01, RHSA-2014:0680-01, SA40006, SA80, SB10075, sk101186, SOL15325, SPL-85063, SSA:2014-156-03, SSA-234763, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14844, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9, VU#978508.
Description of the vulnerability
The OpenSSL product implements SSL/TLS, which uses a handshake.
However, by using a handshake with a ChangeCipherSpec message, an attacker can force the usage of weak keys.
An attacker can therefore act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Dell EMC PowerPath:
|