The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HP-UX

computer vulnerability bulletin CVE-2015-0253 CVE-2015-3183 CVE-2015-3185

Apache httpd: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache httpd.
Impacted products: Apache httpd, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Tivoli System Automation, WebSphere AS, Domino, openSUSE, Solaris, Puppet, RHEL, Red Hat JBoss EAP, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Creation date: 15/07/2015.
Identifiers: 1963361, 1965444, 1967197, 1969062, bulletinoct2015, c04832246, c04926789, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185, DSA-3325-1, DSA-3325-2, FEDORA-2015-11689, FEDORA-2015-11792, HPSBUX03435, HPSBUX03512, openSUSE-SU-2015:1684-1, RHSA-2015:1666-01, RHSA-2015:1667-01, RHSA-2015:1668-01, RHSA-2015:2659-01, RHSA-2015:2660-01, RHSA-2015:2661-01, RHSA-2016:0062-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SOL17251, SSA:2015-198-01, SSRT102254, SSRT102977, USN-2686-1, VIGILANCE-VUL-17378.

Description of the vulnerability

Several vulnerabilities were announced in Apache httpd.

An attacker can generate an error during the analysis of the HTTP Chunk header, in order to trigger a denial of service, and possibly to run code. Technical details are unknown. [severity:3/4; CVE-2015-3183]

The ap_some_auth_required directive is not honored, so an attacker can access to the service with no authentication. [severity:2/4; CVE-2015-3185]

When the configuration of "ErrorDocument 400" points to a local url/file, and when the INCLUDES filter is enabled, an attacker can trigger a denial of service. [severity:2/4; CVE-2015-0253]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-1793

OpenSSL: X.509 certification chain forgery

Synthesis of the vulnerability

An attacker can force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, ASA, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Clearswift Email Gateway, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, HPE Switch, HP-UX, IRAD, Juniper J-Series, JUNOS, McAfee Email Gateway, McAfee NGFW, OpenSSL, Solaris, Slackware, Splunk Enterprise, stunnel, Synology DSM, Synology DS***, Synology RS***, Nessus, Websense Web Security, X2Go Client.
Severity: 3/4.
Creation date: 09/07/2015.
Identifiers: 1962398, 1963151, BSA-2015-009, bulletinjul2015, c04760669, c05184351, CERTFR-2015-AVI-285, CERTFR-2015-AVI-431, cisco-sa-20150710-openssl, CVE-2015-1793, FEDORA-2015-11414, FEDORA-2015-11475, FreeBSD-SA-15:12.openssl, HPSBHF03613, HPSBUX03388, JSA10694, SB10125, SOL16937, SPL-10304, SSA:2015-190-01, SSRT102180, VIGILANCE-VUL-17337.

Description of the vulnerability

A certificate validation begins with the creation of a certificate chain, where each certificate provides the public key used to check the signature of the next certificate.

The creation of this chain may be non deterministic, especially when some identification X.509v3 extensions like "Authority Key Identifier" are not provided. When a candidate chain does not allow to validate a given certificate, OpenSSL 1.0.1 and 1.0.2 attempt to find another candidate chain. However, during these attempts, some required checks on the chain are not performed anymore. As a consequence, an attacker can make OpenSSL use its own certificate as a CA certificate, even if it includes the "basicConstraint" extension stating "CA: no". So it can create certificates for any name.

This vulnerability impacts clients checking a server certificate, and TLS servers checking a client certificate.

An attacker can therefore force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-1788 CVE-2015-1789 CVE-2015-1790

OpenSSL: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: ProxyAV, ProxySG, SGOS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HPE Switch, HP-UX, AIX, DB2 UDB, IRAD, Security Directory Server, SPSS Modeler, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, JUNOS, Junos Pulse, Juniper Network Connect, Juniper SBR, McAfee Email and Web Security, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP, Snap Creator Framework, SnapManager, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, Puppet, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu.
Severity: 2/4.
Creation date: 12/06/2015.
Identifiers: 1450666, 1647054, 1961111, 1961569, 1964113, 1964766, 1966038, 1970103, 1972125, 9010038, 9010039, BSA-2015-006, bulletinjul2015, c04760669, c05184351, CERTFR-2015-AVI-257, CERTFR-2015-AVI-431, CERTFR-2016-AVI-128, CERTFR-2016-AVI-303, cisco-sa-20150612-openssl, CTX216642, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, DSA-3287-1, FEDORA-2015-10047, FEDORA-2015-10108, FreeBSD-SA-15:10.openssl, HPSBHF03613, HPSBUX03388, JSA10694, JSA10733, NetBSD-SA2015-008, NTAP-20150616-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0640-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1115-01, RHSA-2015:1197-01, SA40002, SA98, SB10122, SOL16898, SOL16913, SOL16915, SOL16938, SSA:2015-162-01, SSRT102180, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1181-1, SUSE-SU-2015:1181-2, SUSE-SU-2015:1182-2, SUSE-SU-2015:1183-1, SUSE-SU-2015:1183-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, TNS-2015-07, TSB16728, USN-2639-1, VIGILANCE-VUL-17117.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can generate an infinite loop via ECParameters, in order to trigger a denial of service. [severity:2/4; CVE-2015-1788]

An attacker can force a read at an invalid address in X509_cmp_time(), in order to trigger a denial of service. [severity:2/4; CVE-2015-1789]

An attacker can force a NULL pointer to be dereferenced via EnvelopedContent, in order to trigger a denial of service. [severity:2/4; CVE-2015-1790]

An attacker can generate an infinite loop via CMS signedData, in order to trigger a denial of service. [severity:2/4; CVE-2015-1792]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-1791

OpenSSL: use after free via NewSessionTicket

Synthesis of the vulnerability

An attacker, who own a malicious TLS server, can send the NewSessionTicket message, to force the usage of a freed memory area in a client linked to OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Impacted products: ProxyAV, ProxySG, SGOS, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HPE Switch, HP-UX, AIX, IRAD, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, JUNOS, Junos Pulse, Juniper Network Connect, Juniper SBR, McAfee Email and Web Security, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP, Snap Creator Framework, SnapManager, NetBSD, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, Puppet, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 04/06/2015.
Identifiers: 1961569, 1964113, 1970103, 9010038, 9010039, bulletinjul2015, c04760669, c05184351, CERTFR-2015-AVI-431, CERTFR-2016-AVI-128, CERTFR-2016-AVI-303, cisco-sa-20150612-openssl, cpuoct2016, CTX216642, CVE-2015-1791, DSA-3287-1, FEDORA-2015-10047, FEDORA-2015-10108, FreeBSD-SA-15:10.openssl, HPSBHF03613, HPSBUX03388, JSA10694, JSA10733, NetBSD-SA2015-008, NTAP-20150616-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2016:0640-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1115-01, SA40002, SA98, SB10122, SOL16914, SSA:2015-162-01, SSRT102180, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1182-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, TSB16728, USN-2639-1, VIGILANCE-VUL-17062.

Description of the vulnerability

The TLS protocol uses the NewSessionTicket message to obtain a new session ticket (RFC 5077).

The ssl3_get_new_session_ticket() function of the ssl/s3_clnt.c file implements NewSessionTicket in an OpenSSL client. However, if the client is multi-threaded, this function frees a memory area before reusing it.

An attacker, who own a malicious TLS server, can therefore send the NewSessionTicket message, to force the usage of a freed memory area in a client linked to OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-4000

TLS: weakening Diffie-Hellman via Logjam

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Impacted products: Apache httpd, Blue Coat CAS, ProxyAV, ProxySG, SGOS, DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Clearswift Email Gateway, Debian, Summit, Fedora, FileZilla Server, FreeBSD, HP BSM, HP NNMi, HP Operations, HP-UX, AIX, DB2 UDB, IRAD, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS, WebSphere MQ, Juniper J-Series, JUNOS, Junos Pulse, Juniper Network Connect, Juniper SBR, lighttpd, ePO, Firefox, NSS, MySQL Community, MySQL Enterprise, Data ONTAP, Snap Creator Framework, SnapManager, NetBSD, nginx, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraDB Cluster, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, Polycom VBP, Postfix, SSL protocol, Pulse Connect Secure, Puppet, RHEL, Red Hat JBoss EAP, Sendmail, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 20/05/2015.
Revision date: 20/05/2015.
Identifiers: 1647054, 1957980, 1958984, 1959033, 1959539, 1959745, 1960194, 1960418, 1960862, 1962398, 1962694, 1963151, 9010038, 9010039, 9010041, 9010044, BSA-2015-005, bulletinjan2016, bulletinjul2015, c04725401, c04760669, c04767175, c04770140, c04773119, c04773241, c04774058, c04778650, c04832246, c04918839, c04926789, CERTFR-2016-AVI-303, CTX216642, CVE-2015-4000, DLA-507-1, DSA-3287-1, DSA-3300-1, DSA-3688-1, FEDORA-2015-10047, FEDORA-2015-10108, FEDORA-2015-9048, FEDORA-2015-9130, FEDORA-2015-9161, FreeBSD-EN-15:08.sendmail, FreeBSD-SA-15:10.openssl, HPSBGN03399, HPSBGN03407, HPSBGN03411, HPSBGN03417, HPSBHF03433, HPSBMU03345, HPSBMU03401, HPSBUX03363, HPSBUX03388, HPSBUX03435, HPSBUX03512, JSA10681, Logjam, NetBSD-SA2015-008, NTAP-20150616-0001, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2015:1209-1, openSUSE-SU-2015:1216-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2016:0226-1, openSUSE-SU-2016:0255-1, openSUSE-SU-2016:0261-1, openSUSE-SU-2016:2267-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1072-01, RHSA-2015:1185-01, RHSA-2015:1197-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA111, SA40002, SA98, SB10122, SSA:2015-219-02, SSRT102180, SSRT102254, SSRT102964, SSRT102977, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1177-1, SUSE-SU-2015:1177-2, SUSE-SU-2015:1181-1, SUSE-SU-2015:1181-2, SUSE-SU-2015:1182-2, SUSE-SU-2015:1183-1, SUSE-SU-2015:1183-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, SUSE-SU-2015:1268-1, SUSE-SU-2015:1268-2, SUSE-SU-2015:1269-1, SUSE-SU-2015:1581-1, SUSE-SU-2016:0224-1, TSB16728, USN-2624-1, USN-2625-1, USN-2656-1, USN-2656-2, VIGILANCE-VUL-16950, VN-2015-007.

Description of the vulnerability

The Diffie-Hellman algorithm is used to exchange cryptographic keys. The DHE_EXPORT suite uses prime numbers smaller than 512 bits.

The Diffie-Hellman algorithm is used by TLS. However, during the negotiation, an attacker, located as a Man-in-the-Middle, can force TLS to use DHE_EXPORT (event if stronger suites are available).

This vulnerability can then be combined with VIGILANCE-VUL-16951.

An attacker, located as a Man-in-the-Middle, can therefore force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-7810

Apache Tomcat: privilege escalation via Web Application

Synthesis of the vulnerability

An attacker can create a malicious application, and invite the administrator to install it on Apache Tomcat, in order to escalate his privileges.
Impacted products: Tomcat, Debian, HP-UX, Solaris, RHEL.
Severity: 2/4.
Creation date: 18/05/2015.
Identifiers: bulletinoct2015, c05054964, CVE-2014-7810, DSA-3428-1, DSA-3447-1, DSA-3530-1, HPSBUX03561, RHSA-2015:1621-01, RHSA-2015:1622-01, RHSA-2016:0492-01, VIGILANCE-VUL-16917.

Description of the vulnerability

The Apache Tomcat administrator can accept to install web applications from untrusted sources.

However, these applications can use the Expression Language to bypass the Security Manager.

An attacker can therefore create a malicious application, and invite the administrator to install it on Apache Tomcat, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-2783 CVE-2015-3329 CVE-2015-3330

PHP 5.6: eleven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.6.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, openSUSE, Solaris, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 17/04/2015.
Revisions dates: 17/04/2015, 30/04/2015.
Identifiers: 66550, 68819, 69152, 69218, 69227, 69316, 69324, 69337, 69353, 69441, bulletinjul2015, c04686230, CVE-2015-2783, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, CVE-2015-4604, CVE-2015-4605, DSA-3280-1, FEDORA-2015-6407, HPSBUX03337, openSUSE-SU-2015:0855-1, openSUSE-SU-2015:1197-1, RHSA-2015:1135-01, RHSA-2015:1187-01, RHSA-2015:1218-01, SOL17028, SOL17061, SSRT102066, SUSE-SU-2015:0868-1, SUSE-SU-2016:1638-1, USN-2658-1, VIGILANCE-VUL-16647.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.6.

An attacker can use a type error in exception::getTraceAsString, in order to obtain sensitive information. [severity:2/4; 69152, CVE-2015-4599]

An attacker can generate a memory corruption in php_stream_url_wrap_http_ex, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69337]

An attacker can use the null character, in order to access to other files. [severity:2/4; 69353, CVE-2015-3411, CVE-2015-3412]

An attacker can use apache2handler, in order to execute code. [severity:3/4; 69218, CVE-2015-3330]

An attacker can force the usage of a freed memory area in php_curl, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69316]

An attacker can force a read at an invalid address in Phar, in order to trigger a denial of service. [severity:2/4; 69324, CVE-2015-2783]

An attacker can generate a buffer overflow in phar_set_inode, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69441, CVE-2015-3329]

An attacker can force the usage of a freed memory area in zval_scan, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69227]

An attacker can force the usage of a freed memory area in SQLite, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 66550]

An attacker can use a type error in SoapFault unserialize(), in order to obtain sensitive information. [severity:2/4; CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603]

An attacker can trigger a fatal error in Fileinfo, in order to trigger a denial of service. [severity:2/4; 68819, CVE-2015-4604, CVE-2015-4605]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-2783 CVE-2015-3329 CVE-2015-3330

PHP 5.5: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.5.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, MBS, Solaris, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 17/04/2015.
Revision date: 17/04/2015.
Identifiers: 69152, 69218, 69227, 69316, 69324, 69337, 69353, 69441, bulletinjul2015, c04686230, CERTFR-2015-AVI-187, CVE-2015-2783, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, DSA-3280-1, FEDORA-2015-6399, HPSBUX03337, MDVSA-2015:209, RHSA-2015:1135-01, RHSA-2015:1186-01, RHSA-2015:1218-01, SOL17028, SOL17061, SSRT102066, SUSE-SU-2015:0868-1, SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2016:1638-1, USN-2572-1, USN-2658-1, VIGILANCE-VUL-16646.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.5.

An attacker can use apache2handler, in order to execute code. [severity:3/4; 69218, CVE-2015-3330]

An attacker can use a type error in exception::getTraceAsString, in order to obtain sensitive information. [severity:2/4; 69152, CVE-2015-4599]

An attacker can generate a memory corruption in php_stream_url_wrap_http_ex, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69337]

An attacker can use the null character, in order to access to other files. [severity:2/4; 69353, CVE-2015-3411, CVE-2015-3412]

An attacker can force the usage of a freed memory area in php_curl, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69316]

An attacker can force a read at an invalid address in Phar, in order to trigger a denial of service. [severity:2/4; 69324, CVE-2015-2783]

An attacker can generate a buffer overflow in phar_set_inode, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69441, CVE-2015-3329]

An attacker can force the usage of a freed memory area in zval_scan, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69227]

An attacker can use a type error in SoapFault unserialize(), in order to obtain sensitive information. [severity:2/4; CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-2301 CVE-2015-2783 CVE-2015-3329

PHP 5.4: eleven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.4.
Impacted products: Debian, BIG-IP Hardware, TMOS, HP-UX, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 17/04/2015.
Revision date: 17/04/2015.
Identifiers: 66550, 68901, 69152, 69218, 69316, 69324, 69337, 69353, 69441, bulletinjul2015, c04686230, CERTFR-2015-AVI-187, CVE-2015-2301, CVE-2015-2783, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, DSA-3280-1, HPSBUX03337, openSUSE-SU-2015:0855-1, openSUSE-SU-2015:1197-1, RHSA-2015:1053-01, RHSA-2015:1066-01, RHSA-2015:1135-01, RHSA-2015:1218-01, SOL17028, SOL17061, SSA:2015-111-10, SSRT102066, SUSE-SU-2015:0868-1, SUSE-SU-2015:1265-1, SUSE-SU-2016:1638-1, USN-2572-1, VIGILANCE-VUL-16645.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.4.

An attacker can use apache2handler, in order to execute code. [severity:3/4; 69218, CVE-2015-3330]

An attacker can use a type error in exception::getTraceAsString, in order to obtain sensitive information. [severity:2/4; 69152, CVE-2015-4599]

An attacker can generate a memory corruption in php_stream_url_wrap_http_ex, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69337]

An attacker can use the null character, in order to access to other files. [severity:2/4; 69353, CVE-2015-3411, CVE-2015-3412]

An attacker can force the usage of a freed memory area in php_curl, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69316]

An attacker can force the usage of a freed memory area in phar_object.c, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 68901, CVE-2015-2301]

An attacker can force a read at an invalid address in Phar, in order to trigger a denial of service. [severity:2/4; 69324, CVE-2015-2783]

An attacker can generate a buffer overflow in phar_set_inode, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69441, CVE-2015-3329]

An attacker can generate a memory corruption in SoapFault unserialize(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69152]

An attacker can force the usage of a freed memory area in SQLite, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 66550]

An attacker can use a type error in SoapFault unserialize(), in order to obtain sensitive information. [severity:2/4; CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-0240

Samba: use after free via NetLogon

Synthesis of the vulnerability

An unauthenticated attacker can force the usage of a freed memory area in NetLogon of Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Impacted products: Debian, Fedora, HP-UX, MBS, OES, openSUSE, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Creation date: 23/02/2015.
Revision date: 15/04/2015.
Identifiers: 7014420, bulletinjan2015, c04636672, CERTFR-2015-AVI-078, CVE-2015-0240, DSA-3171-1, FEDORA-2015-2519, FEDORA-2015-2538, HPSBUX03320, MDVSA-2015:081, MDVSA-2015:082, MDVSA-2015:083, openSUSE-SU-2015:0375-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2015:0249-01, RHSA-2015:0250-01, RHSA-2015:0251-01, RHSA-2015:0252-01, RHSA-2015:0253-01, RHSA-2015:0254-01, RHSA-2015:0255-01, RHSA-2015:0256-01, RHSA-2015:0257-01, SSA:2015-064-01, SSRT101952, SUSE-SU-2015:0353-1, SUSE-SU-2015:0371-1, SUSE-SU-2015:0386-1, USN-2508-1, VIGILANCE-VUL-16242.

Description of the vulnerability

The Samba product implements the NetLogon service.

An unauthenticated attacker (NULL session over IPC) can use the RPC ServerPasswordSet() of NetLogon. However, the _netr_ServerPasswordSet() function frees a memory area before reusing it.

An unauthenticated attacker can therefore force the usage of a freed memory area in NetLogon of Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HP-UX: