The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Google Android Jelly Bean

computer vulnerability note CVE-2016-7097

Linux kernel: privilege escalation via setxattr

Synthesis of the vulnerability

A local attacker can use setxattr() on the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, QRadar SIEM, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 26/08/2016.
Identifiers: 2011746, CERTFR-2016-AVI-393, CERTFR-2016-AVI-426, CERTFR-2017-AVI-001, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CERTFR-2017-AVI-131, CERTFR-2017-AVI-287, CERTFR-2017-AVI-307, CVE-2016-7097, DLA-772-1, FEDORA-2017-6cc158c193, FEDORA-2017-81fbd592d4, K31603170, openSUSE-SU-2016:3021-1, openSUSE-SU-2016:3058-1, RHSA-2017:0817-01, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:1102-1, USN-3146-1, USN-3146-2, USN-3147-1, USN-3161-1, USN-3161-2, USN-3161-3, USN-3161-4, USN-3162-1, USN-3162-2, USN-3422-1, USN-3422-2, VIGILANCE-VUL-20479.

Description of the vulnerability

The Linux kernel implements the setxattr() system call, which is used to set extended attributes.

However, if setxattr() is called to set a POSIX ACL, and if the user is not privileged, the sgid bit is not reset.

A local attacker can therefore use setxattr() on the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-3288

Linux kernel: memory corruption of the zero page

Synthesis of the vulnerability

An attacker can change the page zero on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 25/08/2016.
Identifiers: 979021, CERTFR-2016-AVI-378, CERTFR-2017-AVI-188, CERTFR-2017-AVI-282, CVE-2015-3288, openSUSE-SU-2016:2144-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1613-1, SUSE-SU-2017:1628-1, SUSE-SU-2017:1696-1, SUSE-SU-2017:1706-1, SUSE-SU-2017:2342-1, USN-3127-1, USN-3127-2, VIGILANCE-VUL-20470.

Description of the vulnerability

The memory page at address zero is reserved.

However, in some cases, a local attacker can write data at this address.

An attacker can therefore change the page zero on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-2182

OpenSSL: memory corruption via BN_bn2dec

Synthesis of the vulnerability

An attacker can generate a memory corruption via BN_bn2dec() of OpenSSL, in order to trigger a denial of service, and possibly to run code.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, Android OS, hMailServer, HP Switch, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, ePO, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/08/2016.
Identifiers: 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2000209, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2182, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, K01276005, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SA40312, SB10171, SB10215, SOL01276005, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20460.

Description of the vulnerability

The OpenSSL library works on large numbers to perform operations such are RSA.

The BN_bn2dec() function converts a large number to its decimal representation. However, a special number forces BN_div_word() to return a limit value, then data are written after the end of the memory area.

An attacker can therefore generate a memory corruption via BN_bn2dec() of OpenSSL, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-6828

Linux kernel: use after free via tcp_xmit_retransmit_queue

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via tcp_xmit_retransmit_queue() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 16/08/2016.
Identifiers: CERTFR-2016-AVI-334, CERTFR-2017-AVI-001, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CVE-2016-6828, DLA-609-1, DSA-3659-1, FEDORA-2016-5e24d8c350, FEDORA-2016-723350dd75, FEDORA-2016-f1adaaadc6, K62442245, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, RHSA-2017:0036-01, RHSA-2017:0086-01, RHSA-2017:0091-01, RHSA-2017:0113-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, USN-3097-1, USN-3097-2, USN-3098-1, USN-3098-2, USN-3099-1, USN-3099-2, USN-3099-3, USN-3099-4, VIGILANCE-VUL-20384.

Description of the vulnerability

The Linux kernel manages a TCP sending queue.

However, special system call sequence forces the tcp_xmit_retransmit_queue() function to free a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via tcp_xmit_retransmit_queue() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-6136

Linux kernel: memory corruption via audit_log_single_execve_arg

Synthesis of the vulnerability

An attacker can generate a memory corruption via audit_log_single_execve_arg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Linux, RHEL, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 09/08/2016.
Identifiers: 120681, 1353533, CERTFR-2016-AVI-315, CERTFR-2016-AVI-334, CVE-2016-6136, DLA-609-1, DSA-3659-1, FEDORA-2016-30e3636e79, FEDORA-2016-754e4768d8, K90803619, RHSA-2016:2574-02, RHSA-2016:2584-02, RHSA-2017:0307-01, USN-3084-1, USN-3084-2, USN-3084-3, USN-3084-4, USN-3097-1, USN-3097-2, USN-3098-1, USN-3098-2, VIGILANCE-VUL-20336.

Description of the vulnerability

The Linux kernel implements audit features.

The audit_log_single_execve_arg() function of the auditsc.c file checks its parameters obtained via copy_from_user(). However, this function then reuses the value from the user space area, which may have been modified after the check.

An attacker can therefore generate a memory corruption via audit_log_single_execve_arg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-5419 CVE-2016-5420 CVE-2016-5421

cURL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cURL.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, Brocade vTM, curl, Debian, Fedora, Android OS, Juniper EX-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, Puppet, RHEL, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, client access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 03/08/2016.
Identifiers: bulletinoct2016, cpuoct2018, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, DLA-586-1, DSA-3638-1, FEDORA-2016-24316f1f56, FEDORA-2016-8354baae0f, HT207423, JSA10874, openSUSE-SU-2016:2227-1, openSUSE-SU-2016:2379-1, RHSA-2016:2575-02, RHSA-2018:3558-01, SSA:2016-219-01, STORM-2019-002, USN-3048-1, VIGILANCE-VUL-20295.

Description of the vulnerability

Several vulnerabilities were announced in cURL.

The TLS client of libcurl can resume a session even if the client certificate changed, which may lead to the authentication with an incorrect identity. [severity:2/4; CVE-2016-5419]

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity. [severity:2/4; CVE-2016-5420]

An attacker can force the usage of a freed memory area via curleasyinit(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5421]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2012-6701 CVE-2014-9863 CVE-2014-9864

Android OS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Android.
Impacted products: Android OS.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 43.
Creation date: 02/08/2016.
Identifiers: BAD-CVE-2106-2504, CERTFR-2016-AVI-257, CVE-2012-6701, CVE-2014-9863, CVE-2014-9864, CVE-2014-9865, CVE-2014-9866, CVE-2014-9867, CVE-2014-9868, CVE-2014-9869, CVE-2014-9870, CVE-2014-9871, CVE-2014-9872, CVE-2014-9873, CVE-2014-9874, CVE-2014-9875, CVE-2014-9876, CVE-2014-9877, CVE-2014-9878, CVE-2014-9879, CVE-2014-9880, CVE-2014-9881, CVE-2014-9882, CVE-2014-9883, CVE-2014-9884, CVE-2014-9885, CVE-2014-9886, CVE-2014-9887, CVE-2014-9888, CVE-2014-9889, CVE-2014-9890, CVE-2014-9891, CVE-2014-9892, CVE-2014-9893, CVE-2014-9894, CVE-2014-9895, CVE-2014-9896, CVE-2014-9897, CVE-2014-9898, CVE-2014-9899, CVE-2014-9900, CVE-2014-9901, CVE-2014-9902, CVE-2014-9903, CVE-2014-9904, CVE-2015-1593, CVE-2015-2686, CVE-2015-8937, CVE-2015-8938, CVE-2015-8939, CVE-2015-8940, CVE-2015-8941, CVE-2015-8942, CVE-2015-8943, CVE-2015-8944, CVE-2016-2497, CVE-2016-2504, CVE-2016-2544, CVE-2016-2546, CVE-2016-2842, CVE-2016-3672, CVE-2016-3819, CVE-2016-3820, CVE-2016-3821, CVE-2016-3822, CVE-2016-3823, CVE-2016-3824, CVE-2016-3825, CVE-2016-3826, CVE-2016-3827, CVE-2016-3828, CVE-2016-3829, CVE-2016-3830, CVE-2016-3831, CVE-2016-3832, CVE-2016-3833, CVE-2016-3834, CVE-2016-3835, CVE-2016-3836, CVE-2016-3837, CVE-2016-3838, CVE-2016-3839, CVE-2016-3840, CVE-2016-3841, CVE-2016-3842, CVE-2016-3843, CVE-2016-3844, CVE-2016-3845, CVE-2016-3846, CVE-2016-3847, CVE-2016-3848, CVE-2016-3849, CVE-2016-3850, CVE-2016-3851, CVE-2016-3852, CVE-2016-3853, CVE-2016-3854, CVE-2016-3855, CVE-2016-3856, CVE-2016-3857, CVE-2016-4482, CVE-2016-4569, CVE-2016-4578, QuadRooter, VIGILANCE-VUL-20288.

Description of the vulnerability

Several vulnerabilities were announced in Android.

An attacker can use a vulnerability via Mediaserver, in order to run code. [severity:4/4; CVE-2016-3819, CVE-2016-3820, CVE-2016-3821]

An attacker can use a vulnerability via libjhead, in order to run code. [severity:3/4; CVE-2016-3822]

An attacker can bypass security features via Mediaserver, in order to escalate his privileges. [severity:3/4; CVE-2016-3823, CVE-2016-3824, CVE-2016-3825, CVE-2016-3826]

An attacker can trigger a fatal error via Mediaserver, in order to trigger a denial of service. [severity:3/4; CVE-2016-3827, CVE-2016-3828, CVE-2016-3829, CVE-2016-3830]

An attacker can trigger a fatal error via System Clock, in order to trigger a denial of service. [severity:3/4; CVE-2016-3831]

An attacker can bypass security features via Framework APIs, in order to escalate his privileges. [severity:2/4; CVE-2016-3832]

An attacker can bypass security features via Shell, in order to escalate his privileges. [severity:2/4; CVE-2016-3833]

An attacker can bypass security features via OpenSSL, in order to obtain sensitive information. [severity:2/4; CVE-2016-2842]

An attacker can bypass security features via Camera APIs, in order to obtain sensitive information. [severity:2/4; CVE-2016-3834]

An attacker can bypass security features via Mediaserver, in order to obtain sensitive information. [severity:2/4; CVE-2016-3835]

An attacker can bypass security features via SurfaceFlinger, in order to obtain sensitive information. [severity:2/4; CVE-2016-3836]

An attacker can bypass security features via Wi-Fi, in order to obtain sensitive information. [severity:2/4; CVE-2016-3837]

An attacker can trigger a fatal error via System UI, in order to trigger a denial of service. [severity:2/4; CVE-2016-3838]

An attacker can trigger a fatal error via Bluetooth, in order to trigger a denial of service. [severity:2/4; CVE-2016-3839]

An attacker can use a vulnerability via Qualcomm Wi-Fi driver, in order to run code. [severity:4/4; CVE-2014-9902]

An attacker can use a vulnerability via Conscrypt, in order to run code. [severity:4/4; CVE-2016-3840]

An attacker can bypass security features via Qualcomm, in order to escalate his privileges. [severity:4/4; CVE-2014-9863, CVE-2014-9864, CVE-2014-9865, CVE-2014-9866, CVE-2014-9867, CVE-2014-9868, CVE-2014-9869, CVE-2014-9870, CVE-2014-9871, CVE-2014-9872, CVE-2014-9873, CVE-2014-9874, CVE-2014-9875, CVE-2014-9876, CVE-2014-9877, CVE-2014-9878, CVE-2014-9879, CVE-2014-9880, CVE-2014-9881, CVE-2014-9882, CVE-2014-9883, CVE-2014-9884, CVE-2014-9885, CVE-2014-9886, CVE-2014-9887, CVE-2014-9888, CVE-2014-9889, CVE-2014-9890, CVE-2014-9891, CVE-2015-8937, CVE-2015-8938, CVE-2015-8939, CVE-2015-8940, CVE-2015-8941, CVE-2015-8942, CVE-2015-8943]

This vulnerability is described in VIGILANCE-VUL-20648. [severity:4/4; CVE-2015-2686, CVE-2016-3841]

An attacker can bypass security features via Qualcomm GPU Driver, in order to escalate his privileges. [severity:4/4; CVE-2016-3842]

An attacker can bypass security features via Qualcomm Performance Component, in order to escalate his privileges. [severity:4/4; CVE-2016-3843]

An attacker can bypass security features via Kernel, in order to escalate his privileges (VIGILANCE-VUL-20403). [severity:4/4; CVE-2016-3857]

An attacker can bypass security features via Kernel Memory System, in order to escalate his privileges. [severity:3/4; CVE-2015-1593, CVE-2016-3672]

An attacker can bypass security features via Kernel Sound Component, in order to escalate his privileges (VIGILANCE-VUL-20440). [severity:3/4; CVE-2014-9904, CVE-2016-2544, CVE-2016-2546]

An attacker can bypass security features via Kernel File System, in order to escalate his privileges. [severity:3/4; CVE-2012-6701]

An attacker can bypass security features via Mediaserver, in order to escalate his privileges. [severity:3/4; CVE-2016-3844]

An attacker can bypass security features via Kernel Video Driver, in order to escalate his privileges. [severity:3/4; CVE-2016-3845]

An attacker can bypass security features via Serial Peripheral Interface Driver, in order to escalate his privileges. [severity:3/4; CVE-2016-3846]

An attacker can bypass security features via NVIDIA Media Driver, in order to escalate his privileges. [severity:3/4; CVE-2016-3847, CVE-2016-3848]

An attacker can bypass security features via ION Driver, in order to escalate his privileges. [severity:3/4; CVE-2016-3849]

An attacker can bypass security features via Qualcomm Bootloader, in order to escalate his privileges. [severity:3/4; CVE-2016-3850]

An attacker can bypass security features via Kernel Performance Subsystem, in order to escalate his privileges. [severity:3/4; CVE-2016-3843]

An attacker can bypass security features via LG Electronics Bootloader, in order to escalate his privileges. [severity:3/4; CVE-2016-3851]

An attacker can bypass security features via Qualcomm Components, in order to obtain sensitive information. [severity:3/4; CVE-2014-9892, CVE-2014-9893, CVE-2014-9894, CVE-2014-9895, CVE-2014-9896, CVE-2014-9897, CVE-2014-9898, CVE-2014-9899, CVE-2014-9900, CVE-2015-8944]

An attacker can bypass security features via Kernel Scheduler, in order to obtain sensitive information. [severity:3/4; CVE-2014-9903]

An attacker can bypass security features via MediaTek Wi-Fi Driver, in order to obtain sensitive information. [severity:3/4; CVE-2016-3852]

An attacker can bypass security features via USB Driver, in order to obtain sensitive information. [severity:3/4; CVE-2016-4482]

An attacker can trigger a fatal error via Qualcomm Components, in order to trigger a denial of service. [severity:3/4; CVE-2014-9901]

An attacker can bypass security features via Google Play Services, in order to escalate his privileges. [severity:2/4; CVE-2016-3853]

An attacker can bypass security features via Framework APIs, in order to escalate his privileges. [severity:2/4; CVE-2016-2497]

An attacker can bypass security features via Kernel Networking Component, in order to obtain sensitive information. [severity:2/4; CVE-2016-4578]

An attacker can bypass security features via Kernel Sound Component, in order to obtain sensitive information. [severity:2/4; CVE-2016-4569, CVE-2016-4578]

An unknown vulnerability was announced via Qualcomm Components. [severity:3/4; CVE-2016-3854, CVE-2016-3855, CVE-2016-3856]

An attacker can force the usage of a freed memory area via KGSL, in order to trigger a denial of service, and possibly to run code. [severity:2/4; BAD-CVE-2106-2504, CVE-2016-2504, QuadRooter]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 20196

Android Contacts: phone calls

Synthesis of the vulnerability

An attacker can invite the victim to install a malicious application, which uses Android Contacts, in order to make phone calls.
Impacted products: Android Applications ~ not comprehensive, Android OS.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 22/07/2016.
Identifiers: JVN#06212291, VIGILANCE-VUL-20196.

Description of the vulnerability

The Contacts application can be installed on Android.

However, it accepts queries form other local applications, which request a phone call, without the CALL_PHONE permission.

An attacker can therefore invite the victim to install a malicious application, which uses Android Contacts, in order to make phone calls.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-8871

OpenJPEG: use after free via opj_j2k_write_mco

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via opj_j2k_write_mco of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2016.
Identifiers: CVE-2015-8871, DSA-3665-1, FEDORA-2016-14d8f9b4ed, FEDORA-2016-8fa7ced365, FEDORA-2016-abdc548f46, FEDORA-2016-d2ab705e4a, openSUSE-SU-2017:2186-1, openSUSE-SU-2017:2567-1, VIGILANCE-VUL-20102.

Description of the vulnerability

An attacker can force the usage of a freed memory area via opj_j2k_write_mco of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5696

Linux kernel: injecting TCP packets via Challenge ACK

Synthesis of the vulnerability

An attacker can predict the sequence of a TCP session performed to a Linux server, in order to inject a TCP packet, which can interact with the session if it is not encrypted.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, Android OS, NSM Central Manager, NSMXpress, Linux, McAfee Web Gateway, openSUSE, openSUSE Leap, PAN-OS, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: data creation/edition, data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/07/2016.
Identifiers: CERTFR-2016-AVI-287, CERTFR-2016-AVI-289, CERTFR-2017-AVI-001, CERTFR-2017-AVI-044, CERTFR-2017-AVI-053, CERTFR-2017-AVI-131, CVE-2016-5389-REJECT, CVE-2016-5696, DLA-609-1, DSA-3659-1, FEDORA-2016-784d5526d8, FEDORA-2016-9a16b2e14e, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, JSA10853, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, PAN-SA-2017-0015, RHSA-2016:1631-01, RHSA-2016:1632-01, RHSA-2016:1633-01, RHSA-2016:1657-01, RHSA-2016:1664-01, RHSA-2016:1814-01, RHSA-2016:1815-01, RHSA-2016:1939-01, SA131, SB10167, SOL46514822, SSA:2016-236-03, SSA:2016-242-01, SUSE-SU-2016:2245-1, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0437-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:1102-1, USN-3070-1, USN-3070-2, USN-3070-3, USN-3070-4, USN-3071-1, USN-3071-2, USN-3072-1, USN-3072-2, VIGILANCE-VUL-20066.

Description of the vulnerability

The Linux kernel implements the RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks).

However, this implementation provides information which can be used to inject a TCP packet in an active session, but without receiving the TCP reply.

In order to do so, the attacker has to know,
 - the IP address and the TCP port number of the server
 - the IP address of a client with an active session

An attacker can therefore predict the sequence of a TCP session performed to a Linux server, in order to inject a TCP packet, which can interact with the session if it is not encrypted.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Google Android Jelly Bean: