The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPUX

vulnerability announce CVE-2013-2266

ISC BIND: denial of service of regex

Synthesis of the vulnerability

An attacker can use a special DNS record, in order to force ISC BIND to consume large memory resources.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, BIND, MBS, MES, McAfee Email Gateway, openSUSE, RHEL.
Severity: 3/4.
Creation date: 26/03/2013.
Identifiers: AA-00871, AA-00879, BID-58736, c03750073, CERTA-2013-AVI-210, CERTA-2013-AVI-285, CVE-2013-2266, DSA-2656-1, FEDORA-2013-4525, FEDORA-2013-4533, FreeBSD-SA-13:04.bind, HPSBUX02876, MDVSA-2013:058, openSUSE-SU-2013:0605-1, openSUSE-SU-2013:0666-1, RHSA-2013:0689-01, RHSA-2013:0690-01, SB10052, sol14386, SSRT101148, VIGILANCE-VUL-12572.

Description of the vulnerability

When BIND is compiled on Unix, it uses regex.h to provide functions to process regular expressions.

The BIND libdns library uses these regular expressions, in order to check the syntax of RDATA records. The lib/dns/rdata/in_1/naptr_35.c function calls regcomp() and regfree() declared in regex.h.

However, some Unix implementation of regex consume useless memory. Technical details are unknown.

An attacker can therefore use a special DNS record, in order to force ISC BIND to consume large memory resources. Applications linked to libdns are also vulnerable, such as ISC DHCP (VIGILANCE-VUL-12573).
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2013-1667

Perl: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions in a Perl applications, in order to overload a service.
Impacted products: Debian, Fedora, HP-UX, AIX, MBS, openSUSE, Solaris, Perl Core, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 06/03/2013.
Identifiers: 912276, BID-58311, c03924247, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CVE-2013-1667, DSA-2641-1, DSA-2641-2, FEDORA-2013-3436, FEDORA-2013-3673, HPSBUX02928, IV43973, IV46765, MDVSA-2013:113, openSUSE-SU-2013:0497-1, openSUSE-SU-2013:0502-1, RHSA-2013:0685-01, SSA:2013-072-01, SSRT101274, SUSE-SU-2013:0441-1, SUSE-SU-2013:0442-1, VIGILANCE-VUL-12485.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

To solve this vulnerability, Perl periodically recomputes keys, in order to redistribute data. However, this algorithm is incorrect. Technical details are unknown.

An attacker can therefore send data generating storage collisions in a Perl applications, in order to overload a service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2013-0809

Oracle Java JRE: code execution via 2D

Synthesis of the vulnerability

An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer.
Impacted products: Fedora, HP-UX, Tivoli System Automation, WebSphere AS Traditional, WebSphere MQ, Domino, Notes, MBS, MES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 05/03/2013.
Identifiers: BID-58296, c03714148, c03725347, c03735640, CERTA-2013-AVI-163, CVE-2013-0809, FEDORA-2013-3467, FEDORA-2013-3468, HPSBUX02857, HPSBUX02864, HPSBUX02867, IC90659, KLYH95CMCJ, MDVSA-2013:021, MDVSA-2013:095, openSUSE-SU-2013:0430-1, openSUSE-SU-2013:0438-1, openSUSE-SU-2013:0509-1, RHSA-2013:0600-01, RHSA-2013:0601-01, RHSA-2013:0602-01, RHSA-2013:0603-01, RHSA-2013:0604-01, RHSA-2013:0605-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT101103, SSRT101156, SUSE-SU-2013:0434-1, SUSE-SU-2013:0701-1, SUSE-SU-2013:0701-2, SUSE-SU-2013:0710-1, swg21627634, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12481, VU#688246, ZDI-13-148.

Description of the vulnerability

An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer.

Technical details are unknown.

This vulnerability does not impact servers using Java.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2013-1493

Oracle Java JRE: code execution via 2D

Synthesis of the vulnerability

An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer.
Impacted products: Fedora, HP-UX, Tivoli System Automation, WebSphere AS Traditional, WebSphere MQ, Domino, Notes, MBS, MES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 04/03/2013.
Identifiers: BID-58238, c03714148, c03725347, c03735640, CERTA-2013-AVI-163, CVE-2013-1493, FEDORA-2013-3467, FEDORA-2013-3468, HPSBUX02857, HPSBUX02864, HPSBUX02867, IC90659, KLYH95CMCJ, MDVSA-2013:021, MDVSA-2013:095, openSUSE-SU-2013:0430-1, openSUSE-SU-2013:0438-1, openSUSE-SU-2013:0509-1, RHSA-2013:0600-01, RHSA-2013:0601-01, RHSA-2013:0602-01, RHSA-2013:0603-01, RHSA-2013:0604-01, RHSA-2013:0605-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT101103, SSRT101156, SUSE-SU-2013:0434-1, SUSE-SU-2013:0701-1, SUSE-SU-2013:0701-2, SUSE-SU-2013:0710-1, swg21627634, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12478, VU#688246, ZDI-13-142, ZDI-13-149.

Description of the vulnerability

An attacker can invite the victim to display a web page containing a Java applet (or Java Web Start) using the 2D component, in order to execute code on his computer.

Technical details are unknown. The vulnerability is located in Color Management classes.

This vulnerability does not impact servers using Java.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2012-3499

Apache httpd: Cross Site Scripting of modules

Synthesis of the vulnerability

An attacker can trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Impacted products: Apache httpd, Debian, Fedora, HP-UX, NSMXpress, MBS, MES, Mandriva Linux, openSUSE, Solaris, Trusted Solaris, RHEL, JBoss EAP by Red Hat, Slackware.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: BID-58165, c03734195, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2012-3499, DSA-2637-1, FEDORA-2013-4541, HPSBUX02866, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, SSRT101139, VIGILANCE-VUL-12457.

Description of the vulnerability

The Apache httpd service can use several modules.

However, the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules do not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger several Cross Site Scripting in the mod_info, mod_status, mod_imagemap, mod_ldap and mod_proxy_ftp modules, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2013-0169 CVE-2013-1484 CVE-2013-1485

Oracle JRE, JDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Oracle JRE and JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HP-UX, IRAD, Tivoli System Automation, WebSphere AS Traditional, WebSphere MQ, Domino, Notes, MBS, MES, Mandriva Linux, ePO, Java OpenJDK, openSUSE, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 20/02/2013.
Identifiers: BID-57778, BID-58027, BID-58028, BID-58029, BID-58031, c03714148, c03735640, CERTA-2013-AVI-142, CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, FEDORA-2013-2764, FEDORA-2013-2813, HPSBUX02857, HPSBUX02867, IC90659, javacpufeb2013update, KLYH95CMCJ, MDVSA-2013:014, MDVSA-2013:095, openSUSE-SU-2013:0375-1, openSUSE-SU-2013:0378-1, RHSA-2013:0273-01, RHSA-2013:0274-01, RHSA-2013:0275-01, RHSA-2013:0531-01, RHSA-2013:0532-01, RHSA-2013:0624-01, RHSA-2013:0625-01, RHSA-2013:0626-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SB10041, SSRT101103, SUSE-SU-2013:0328-1, SUSE-SU-2013:0440-1, SUSE-SU-2013:0440-4, SUSE-SU-2013:0440-6, SUSE-SU-2013:0456-1, SUSE-SU-2013:0456-2, SUSE-SU-2013:0456-3, SUSE-SU-2013:0456-4, SUSE-SU-2013:0701-2, swg21627634, swg21633311, swg21633669, swg21633674, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12437, ZDI-13-040, ZDI-13-041, ZDI-13-042.

Description of the vulnerability

Several vulnerabilities were announced in Oracle JRE and JDK. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-58031, CVE-2013-1487]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-58029, CVE-2013-1486]

An attacker can use a vulnerability of Proxy.newProxyInstance and setUncaughtExceptionHandler, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-58027, CVE-2013-1484, ZDI-13-040, ZDI-13-042]

An attacker can use a vulnerability of doPrivilegedWithCombiner, in order to alter information. [severity:2/4; BID-58028, CVE-2013-1485, ZDI-13-041]

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session (VIGILANCE-VUL-12374). [severity:1/4; BID-57778, CVE-2013-0169]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2013-0169

OpenSSL: information disclosure in CBC mode, Lucky 13

Synthesis of the vulnerability

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Impacted products: Debian, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MBS, MES, ePO, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, JBoss EAP by Red Hat, Slackware, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Creation date: 12/02/2013.
Identifiers: 1643316, c03710522, c03883001, CERTA-2013-AVI-454, CVE-2013-0169, DSA-2621-1, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESXi410-201307001, ESXi410-201307401-SG, FEDORA-2013-2793, FEDORA-2013-2834, FEDORA-2013-4403, FreeBSD-SA-13:03.openssl, HPSBUX02856, HPSBUX02909, JSA10575, JSA10759, Lucky 13, MDVSA-2013:018, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2016:0640-1, RHSA-2013:0587-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, RHSA-2013:1455-01, RHSA-2013:1456-01, RHSA-2014:0416-01, SB10041, SSA:2013-042-01, SSRT101104, SSRT101289, SUSE-SU-2014:0320-1, VIGILANCE-VUL-12394, VMSA-2013-0009.

Description of the vulnerability

The bulletin VIGILANCE-VUL-12374 describes a vulnerability of TLS/DTLS.

For OpenSSL, the solution VIGILANCE-SOL-28668 corrected this vulnerability. However, this solution was not complete.

An attacker can therefore still inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2010-5107

OpenSSH: denial of service via MaxStartups

Synthesis of the vulnerability

An unauthenticated attacker can open ten connections to OpenSSH, in order to forbid the access to legitimate users.
Impacted products: BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, NSM Central Manager, NSMXpress, MBS, MES, OpenSSH, Solaris, RHEL.
Severity: 1/4.
Creation date: 02/01/2012.
Revision date: 07/02/2013.
Identifiers: BID-58162, c03804371, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CERTFR-2014-AVI-480, CVE-2010-5107, FEDORA-2013-2206, FEDORA-2013-2212, JSA10661, K14741, MDVSA-2013:022, MDVSA-2013:051, RHSA-2013:1527-01, RHSA-2013:1591-02, SOL14741, VIGILANCE-VUL-11256.

Description of the vulnerability

The sshd_config configuration file indicates connection limits:
 - MaxStartups: maximal number of unauthenticated connections (default : 10)
 - LoginGraceTime: expiration duration of unauthenticated connections (default : 2 minutes)

However, in this default configuration, an attacker can open 10 TCP sessions on port 22/tcp, and then reopen them every 2 minutes, in order to limit the probability of a legitimate client to access to the service.

Note: MaxStartups supports the "random early drop" feature, which protects against this type of attack, but it is not enabled by default.

An unauthenticated attacker can therefore open ten connections to OpenSSH, in order to forbid the access to legitimate users.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2013-0166

OpenSSL: denial of service via OCSP

Synthesis of the vulnerability

An attacker can setup a malicious OCSP server, in order to stop OpenSSL applications which connect.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, MBS, MES, McAfee Email and Web Security, ePO, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, JBoss EAP by Red Hat, Slackware, ESX, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Creation date: 05/02/2013.
Identifiers: 1643316, BID-57755, BID-60268, c03710522, c03883001, CERTA-2013-AVI-099, CERTA-2013-AVI-387, CERTA-2013-AVI-454, CERTFR-2014-AVI-112, CVE-2013-0166, DSA-2621-1, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, ESXi410-201307001, ESXi410-201307401-SG, FEDORA-2013-2793, FEDORA-2013-2834, FreeBSD-SA-13:03.openssl, HPSBUX02856, HPSBUX02909, JSA10575, JSA10580, MDVSA-2013:018, MDVSA-2013:052, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, openSUSE-SU-2016:0640-1, RHSA-2013:0587-01, RHSA-2013:0636-01, RHSA-2013:0782-01, RHSA-2013:0783-01, RHSA-2013:0833-01, RHSA-2013:0834-02, RHSA-2013:0839-02, sol14261, SSA:2013-040-01, SSRT101104, SSRT101289, VIGILANCE-VUL-12378, VMSA-2013-0006.1, VMSA-2013-0009, VMSA-2013-0009.1, VMSA-2013-0009.2.

Description of the vulnerability

The OCSP (Online Certificate Status Protocol) extension checks the validity of certificates.

The OCSP_basic_verify() function of the crypto/ocsp/ocsp_vfy.c file decodes the received OCSP reply. However, if the key is empty, a NULL pointer is dereferenced.

An attacker can therefore setup a malicious OCSP server, in order to stop OpenSSL applications which connect.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2012-2686

OpenSSL: denial of service via CBC and AES-NI

Synthesis of the vulnerability

When an application linked to OpenSSL runs on a processor with AES-NI, an attacker can stop TLS sessions in CBC mode.
Impacted products: HP-UX, Tivoli Workload Scheduler, OpenSSL, openSUSE, Slackware.
Severity: 2/4.
Creation date: 05/02/2013.
Identifiers: 1643316, BID-57755, c03883001, CERTA-2013-AVI-099, CVE-2012-2686, HPSBUX02909, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, SSA:2013-040-01, SSRT101289, VIGILANCE-VUL-12377.

Description of the vulnerability

Since 2008, some x86 processors implement AES-NI assembler instructions. They are used to request the processor to do AES computations with only one instruction.

When an application linked to OpenSSL runs on a processor with AES-NI, an attacker can stop TLS sessions in CBC mode.

Technical details are unknown. The error could be located in the aesni_cbc_hmac_sha1_cipher() function of the crypto/evp/e_aes_cbc_hmac_sha1.c file.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HPUX: