The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HP Business Service Management

computer vulnerability alert CVE-2015-2808

TLS: RC4 decryption via Bar Mitzvah

Synthesis of the vulnerability

An attacker can use the Bar Mitzvah Attack on TLS, in order to obtain sensitive information encrypted by RC4.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Avamar, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, HPE BSM, HP Data Protector, HPE NNMi, HP Operations, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Domino, Notes, IRAD, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, SnapManager, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 27/03/2015.
Identifiers: 1450666, 1610582, 1647054, 1882708, 1883551, 1883553, 1902260, 1903541, 1960659, 1963275, 1967498, 523628, 7014463, 7022958, 7045736, 9010041, 9010044, Bar Mitzvah, BSA-2015-007, c04708650, c04767175, c04770140, c04772305, c04773119, c04773241, c04777195, c04777255, c04832246, c04926789, c05085988, c05336888, cpujan2018, cpuoct2017, CVE-2015-2808, DSA-2018-124, HPSBGN03350, HPSBGN03393, HPSBGN03399, HPSBGN03407, HPSBGN03414, HPSBGN03415, HPSBGN03580, HPSBHF03673, HPSBMU03345, HPSBMU03401, HPSBUX03435, HPSBUX03512, NTAP-20150715-0001, NTAP-20151028-0001, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SOL16864, SSRT102254, SSRT102977, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, VIGILANCE-VUL-16486, VN-2015-004.

Description of the vulnerability

During the initialization of a TLS session, the client and the server negotiate cryptographic algorithms. The RC4 algorithm can be chosen to encrypt data.

For some weak keys (one over 2^24), the Invariance Weakness can be used to predict the two LSB (Least Significant Bit) of the 100 first bytes encrypted with RC4. The first TLS message is "Finished" (36 bytes), thus an attacker can predict LSBs of 64 bytes.

An attacker can therefore use the Bar Mitzvah Attack on TLS, in order to obtain sensitive information encrypted by RC4.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-0235

glibc: buffer overflow of gethostbyname, GHOST

Synthesis of the vulnerability

An attacker can for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code. Several programs using the gethostbyname() function are vulnerable with a similar attack vector.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, Provider-1, SecurePlatform, CheckPoint Security Gateway, CheckPoint VSX-1, Cisco ASR, Cisco Catalyst, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco CUCM, XenServer, Clearswift Email Gateway, Debian, Unisphere EMC, VNX Operating Environment, VNX Series, Exim, BIG-IP Hardware, TMOS, HPE BSM, HP Operations, Performance Center, Junos Space, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, openSUSE, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, PHP, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, Polycom VBP, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, WordPress Core.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet server.
Creation date: 27/01/2015.
Revision date: 27/01/2015.
Identifiers: 198850, 199399, c04577814, c04589512, CERTFR-2015-AVI-043, cisco-sa-20150128-ghost, cpujul2015, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CTX200437, CVE-2015-0235, DSA-3142-1, ESA-2015-030, ESA-2015-041, GHOST, HPSBGN03270, HPSBGN03285, JSA10671, K16057, KM01391662, MDVSA-2015:039, openSUSE-SU-2015:0162-1, openSUSE-SU-2015:0184-1, PAN-SA-2015-0002, RHSA-2015:0090-01, RHSA-2015:0092-01, RHSA-2015:0099-01, RHSA-2015:0101-01, RHSA-2015:0126-01, SB10100, sk104443, SOL16057, SSA:2015-028-01, SSA-994726, SUSE-SU-2015:0158-1, USN-2485-1, VIGILANCE-VUL-16060, VU#967332.

Description of the vulnerability

The glibc library provides two functions to obtain the IP address of a server from its DNS name:
  struct hostent *gethostbyname(const char *name);
  struct hostent *gethostbyname2(const char *name, int af);

For example:
  he = gethostbyname("www.example.com");

These functions also accept to directly process an IP address:
  he = gethostbyname("192.168.1.1");

However, a malformed IPv4 address, which is too long such as 192.168.111111.1 (more than 1024 byte long) triggers an overflow in the __nss_hostname_digits_dots() function.

An attacker can therefore for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code.

Several programs using the gethostbyname() function are vulnerable (exim, php, pppd, procmail) with a similar attack vector. The following programs are apparently not vulnerable: apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, squid, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-9322

Linux kernel: privilege escalation via IRET gsbase

Synthesis of the vulnerability

A local attacker can call an IRET on the Linux kernel, in order to escalate his privileges.
Impacted products: BIG-IP Hardware, TMOS, Android OS, HPE BSM, HP Operations, Performance Center, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 16/12/2014.
Identifiers: c04594684, CERTFR-2014-AVI-532, CERTFR-2015-AVI-021, CERTFR-2015-AVI-054, CVE-2014-9322, HPSBGN03282, KM01411792, MDVSA-2015:027, openSUSE-SU-2014:1669-1, openSUSE-SU-2014:1677-1, openSUSE-SU-2014:1678-1, openSUSE-SU-2015:0566-1, RHSA-2014:1997-01, RHSA-2014:1998-01, RHSA-2014:2008-01, RHSA-2014:2009-01, RHSA-2014:2010-01, RHSA-2014:2028-01, RHSA-2014:2029-01, RHSA-2014:2030-01, RHSA-2014:2031-01, RHSA-2015:0009-01, SOL16122, SUSE-SU-2014:1693-1, SUSE-SU-2014:1693-2, SUSE-SU-2014:1695-1, SUSE-SU-2014:1695-2, SUSE-SU-2014:1698-1, SUSE-SU-2015:0068-1, SUSE-SU-2015:0581-1, SUSE-SU-2015:0736-1, SUSE-SU-2015:0812-1, USN-2464-1, USN-2491-1, VIGILANCE-VUL-15815.

Description of the vulnerability

On an Intel processor, when an interruption/exception occurs (for example a system call via int 0x80), the current context (registers CS and EIP/RIP, and flags) is saved. At the end of the interruption/exception, the IRET instruction restores saved values, so the interrupted program can continue its execution where it was interrupted:
 - restore the EIP/RIP instruction pointer
 - restore the CS register (privilege switch)
 - restore flags

However, on a 64 bit processor, with a writable kernel stack, after an IRET triggering a #SS Fault, the general_protection() function is executed with kernel/user BS Base addresses swapped.

A local attacker can therefore call an IRET on the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-3673 CVE-2014-3687 CVE-2014-3688

Linux kernel: multiple vulnerabilities of SCTP

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SCTP of the Linux kernel.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HPE BSM, HP Operations, Performance Center, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 28/10/2014.
Identifiers: c04594684, CERTFR-2014-AVI-455, CERTFR-2014-AVI-459, CERTFR-2014-AVI-495, CERTFR-2014-AVI-528, CERTFR-2014-AVI-532, CERTFR-2015-AVI-051, CERTFR-2015-AVI-165, CERTFR-2018-AVI-361, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, DSA-3060-1, FEDORA-2014-13558, FEDORA-2014-13773, FEDORA-2014-14068, HPSBGN03282, KM01411792, MDVSA-2014:230, MDVSA-2015:027, openSUSE-SU-2014:1677-1, openSUSE-SU-2014:1678-1, openSUSE-SU-2015:0566-1, RHSA-2014:1971-01, RHSA-2014:1997-01, RHSA-2014:2009-01, RHSA-2014:2028-01, RHSA-2014:2030-01, RHSA-2015:0043-01, RHSA-2015:0062-01, RHSA-2015:0115-01, SOL15910, SOL16025, SUSE-SU-2014:1693-1, SUSE-SU-2014:1693-2, SUSE-SU-2014:1695-1, SUSE-SU-2014:1695-2, SUSE-SU-2014:1698-1, SUSE-SU-2015:0068-1, SUSE-SU-2015:0178-1, SUSE-SU-2015:0481-1, SUSE-SU-2015:0529-1, SUSE-SU-2015:0581-1, SUSE-SU-2015:0652-1, SUSE-SU-2015:0736-1, SUSE-SU-2015:0812-1, SUSE-SU-2018:2062-1, USN-2417-1, USN-2418-1, USN-2441-1, USN-2442-1, USN-2445-1, USN-2446-1, USN-2447-1, USN-2447-2, USN-2448-1, USN-2448-2, VIGILANCE-VUL-15554.

Description of the vulnerability

Several vulnerabilities were announced in the Linux kernel.

An attacker can send duplicated packets of type ASCONF to a kernel that bundles fragments in the output queue, in order to trigger a denial of service. [severity:2/4; CVE-2014-3687]

An attacker can send specially crafted ASCONF packets, in order to trigger a denial of service. [severity:2/4; CVE-2014-3673]

An attacker can send a sequence of SCTP fragments, the last of which has an ill formed header, in order make the kernel use an excessive amount of memory for the packet queue and so, to trigger a denial of service. [severity:2/4; CVE-2014-3688]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-3566

SSL 3.0: decrypting session, POODLE

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information.
Impacted products: SES, SNS, Apache httpd, Arkoon FAST360, ArubaOS, Asterisk Open Source, BES, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, IronPort Email, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, WebNS, Clearswift Email Gateway, Clearswift Web Gateway, CUPS, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, F-Secure AV, hMailServer, HPE BSM, HP Data Protector, HPE NNMi, HP Operations, ProCurve Switch, SiteScope, HP Switch, TippingPoint IPS, HP-UX, AIX, Domino, Notes, Security Directory Server, SPSS Data Collection, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, McAfee Email and Web Security, McAfee Email Gateway, ePO, VirusScan, McAfee Web Gateway, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, NETASQ, NetBSD, NetScreen Firewall, ScreenOS, nginx, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT, Solaris, Tuxedo, WebLogic, Palo Alto Firewall PA***, PAN-OS, Polycom CMA, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, Postfix, SSL protocol, Puppet, RHEL, JBoss EAP by Red Hat, RSA Authentication Manager, ROS, ROX, RuggedSwitch, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, WinSCP.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 15/10/2014.
Identifiers: 10923, 1589583, 1595265, 1653364, 1657963, 1663874, 1687167, 1687173, 1687433, 1687604, 1687611, 1690160, 1690185, 1690342, 1691140, 1692551, 1695392, 1696383, 1699051, 1700706, 2977292, 3009008, 7036319, aid-10142014, AST-2014-011, bulletinapr2015, bulletinjan2015, bulletinjan2016, bulletinjul2015, bulletinjul2016, bulletinoct2015, c04486577, c04487990, c04492722, c04497114, c04506802, c04510230, c04567918, c04616259, c04626982, c04676133, c04776510, CERTFR-2014-ALE-007, CERTFR-2014-AVI-454, CERTFR-2014-AVI-509, CERTFR-2015-AVI-169, CERTFR-2016-AVI-303, cisco-sa-20141015-poodle, cpujul2017, CTX216642, CVE-2014-3566, DSA-3053-1, DSA-3253-1, DSA-3489-1, ESA-2014-178, ESA-2015-098, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FEDORA-2014-12989, FEDORA-2014-12991, FEDORA-2014-13012, FEDORA-2014-13017, FEDORA-2014-13040, FEDORA-2014-13069, FEDORA-2014-13070, FEDORA-2014-13444, FEDORA-2014-13451, FEDORA-2014-13764, FEDORA-2014-13777, FEDORA-2014-13781, FEDORA-2014-13794, FEDORA-2014-14234, FEDORA-2014-14237, FEDORA-2014-15379, FEDORA-2014-15390, FEDORA-2014-15411, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2015-9090, FEDORA-2015-9110, FreeBSD-SA-14:23.openssl, FSC-2014-8, HPSBGN03256, HPSBGN03305, HPSBGN03332, HPSBHF03156, HPSBHF03300, HPSBMU03152, HPSBMU03184, HPSBMU03213, HPSBMU03416, HPSBUX03162, HPSBUX03194, JSA10656, MDVSA-2014:203, MDVSA-2014:218, MDVSA-2015:062, NetBSD-SA2014-015, nettcp_advisory, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1384-1, openSUSE-SU-2014:1395-1, openSUSE-SU-2014:1426-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1586-1, openSUSE-SU-2017:0980-1, PAN-SA-2014-0005, POODLE, RHSA-2014:1652-01, RHSA-2014:1653-01, RHSA-2014:1692-01, RHSA-2014:1920-01, RHSA-2014:1948-01, RHSA-2015:0010-01, RHSA-2015:0011-01, RHSA-2015:0012-01, RHSA-2015:1545-01, RHSA-2015:1546-01, SA83, SB10090, SB10104, sk102989, SOL15702, SP-CAAANKE, SP-CAAANST, SPL-91947, SPL-91948, SSA:2014-288-01, SSA-396873, SSA-472334, SSRT101767, STORM-2014-02-FR, SUSE-SU-2014:1357-1, SUSE-SU-2014:1361-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, SUSE-SU-2015:0010-1, SUSE-SU-2016:1457-1, SUSE-SU-2016:1459-1, T1021439, TSB16540, USN-2839-1, VIGILANCE-VUL-15485, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2, VN-2014-003, VU#577193.

Description of the vulnerability

An SSL/TLS session can be established using several protocols:
 - SSL 2.0 (obsolete)
 - SSL 3.0
 - TLS 1.0
 - TLS 1.1
 - TLS 1.2

An attacker can downgrade the version to SSLv3. However, with SSL 3.0, an attacker can change the padding position with a CBC encryption, in order to progressively guess clear text fragments.

This vulnerability is named POODLE (Padding Oracle On Downgraded Legacy Encryption).

An attacker, located as a Man-in-the-Middle, can therefore decrypt a SSL 3.0 session, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-6410

Linux kernel: infinite loop of __udf_read_inode

Synthesis of the vulnerability

An attacker can mount an UDF file system, to generate a large recursion in __udf_read_inode(), in order to trigger a denial of service of the Linux kernel.
Impacted products: Fedora, HPE BSM, HP Operations, Performance Center, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 15/09/2014.
Identifiers: c04594684, CERTFR-2014-AVI-413, CERTFR-2014-AVI-532, CVE-2014-6410, FEDORA-2014-11008, HPSBGN03282, KM01411792, MDVSA-2014:201, openSUSE-SU-2014:1669-1, openSUSE-SU-2014:1677-1, RHSA-2014:1318-01, RHSA-2014:1971-01, RHSA-2014:1997-01, RHSA-2014:2009-01, RHSA-2014:2028-01, RHSA-2014:2030-01, SUSE-SU-2014:1316-1, SUSE-SU-2014:1319-1, USN-2374-1, USN-2375-1, USN-2376-1, USN-2377-1, USN-2378-1, USN-2379-1, VIGILANCE-VUL-15353.

Description of the vulnerability

The Linux kernel supports UDF file systems.

However, the __udf_read_inode() function of the fs/udf/inode.c file does not limit the number of ICB, which triggers an unlimited recursive call.

An attacker can therefore mount an UDF file system, to generate a large recursion in __udf_read_inode(), in order to trigger a denial of service of the Linux kernel.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-6657

Linux kernel: unreachable memory reading via SO_KEEPALIVE

Synthesis of the vulnerability

An attacker can force a read at an invalid address via SO_KEEPALIVE on the Linux kernel, in order to trigger a denial of service.
Impacted products: BIG-IP Hardware, TMOS, HPE BSM, HP Operations, Performance Center, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 15/09/2014.
Identifiers: c04594684, CERTFR-2014-AVI-532, CERTFR-2015-AVI-165, CVE-2012-6657, HPSBGN03282, KM01411792, RHSA-2014:1997-01, RHSA-2014:2009-01, RHSA-2014:2028-01, RHSA-2014:2030-01, SOL16011, SUSE-SU-2015:0652-1, SUSE-SU-2015:0812-1, VIGILANCE-VUL-15352.

Description of the vulnerability

The setsockopt() function defines options of a socket.

The SO_KEEPALIVE option is use to keep a session active. However, the net/core/sock.c file does not check if the socket if of type SOCK_STREAM, so the kernel tries to read a memory area which is not reachable, which triggers a fatal error.

An attacker can therefore force a read at an invalid address via SO_KEEPALIVE on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-5471 CVE-2014-5472

Linux kernel: denial of service via ISOFS

Synthesis of the vulnerability

A local attacker can mount a malicious ISOFS image on the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, HPE BSM, HP Operations, Performance Center, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/08/2014.
Identifiers: c04594684, CERTFR-2014-AVI-396, CERTFR-2014-AVI-532, CERTFR-2015-AVI-136, CERTFR-2015-AVI-164, CVE-2014-5471, CVE-2014-5472, FEDORA-2014-11008, FEDORA-2014-9959, HPSBGN03282, KM01411792, MDVSA-2014:201, openSUSE-SU-2014:1669-1, openSUSE-SU-2014:1677-1, openSUSE-SU-2015:0566-1, RHSA-2014:1318-01, RHSA-2014:1997-01, RHSA-2014:2009-01, RHSA-2014:2028-01, RHSA-2014:2030-01, RHSA-2015:0102-01, RHSA-2015:0695-01, RHSA-2015:0782-01, RHSA-2015:0803-01, SUSE-SU-2014:1316-1, SUSE-SU-2014:1319-1, SUSE-SU-2015:0481-1, SUSE-SU-2015:0812-1, USN-2354-1, USN-2355-1, USN-2356-1, USN-2357-1, USN-2358-1, USN-2359-1, VIGILANCE-VUL-15230.

Description of the vulnerability

An ISOFS image contains a filesystem, which can be mounted by the Linux kernel.

However, when the ISOFS image relocates a directory, an infinite recursion occurs in the parse_rock_ridge_inode_internal() function.

A local attacker can therefore mount a malicious ISOFS image on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-2561

HP Business Service Management: code execution via WAR

Synthesis of the vulnerability

A remote attacker can deploy a WAR application in HP Business Service Management, in order to execute code with system privileges.
Impacted products: HPE BSM.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 21/05/2012.
Identifiers: BID-53556, c03377648, CVE-2012-2561, HPSBMU02792, SSRT100820, VIGILANCE-VUL-11634, VU#859230.

Description of the vulnerability

The HP Business Service Management product uses the JBoss Application Server product.

However, the configuration of JBoss is not secured, and allows the deployment of WAR archives. An attacker can thus deploy a malicious jsp-shell on the server.

A remote attacker can therefore deploy a WAR application in HP Business Service Management, in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-0274

HP BAC, BSM: Cross Site Scripting

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in HP Business Availability Center and HP Business Service Management.
Impacted products: HPE BAC, HPE BSM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 21/01/2011.
Identifiers: BID-45944, c02678501, CERTA-2011-AVI-035, CVE-2011-0274, HPSBMA02622, SSRT100342, VIGILANCE-VUL-10289.

Description of the vulnerability

The HP BAC (Business Availability Center) and HP BSM (Business Service Management) products can be used to administer a service.

An attacker can generate a Cross Site Scripting in HP Business Availability Center and HP Business Service Management.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HP Business Service Management: