The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPUX

vulnerability CVE-2013-4248

PHP: bypassing of X.509 subjectAltName check

Synthesis of the vulnerability

An attacker can send an X.509 certificate containing a null byte to a client written in PHP in order to spoof another server.
Impacted products: Debian, Fedora, HP-UX, MBS, MES, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 14/08/2013.
Identifiers: BID-61776, c04483248, CERTFR-2014-AVI-244, CVE-2013-4248, DSA-2742-1, FEDORA-2013-14985, FEDORA-2013-14998, HPSBUX03150, MDVSA-2013:221, MDVSA-2014:014, openSUSE-SU-2013:1963-1, openSUSE-SU-2013:1964-1, RHSA-2013:1307-01, RHSA-2013:1615-02, SSA:2013-242-02, SSRT101681, SUSE-SU-2014:0873-1, SUSE-SU-2014:0873-2, VIGILANCE-VUL-13280.

Description of the vulnerability

An SSL client must check that the host name included in the certificate received from the server is the one of the targeted server.

The openssl_x509_parse() function of the OpenSSL extension of PHP performs this check, by calling the OpenSSL library. However, OpenSSL uses functions like sprintf(), which uses the null byte as a string terminator, which is the C convention. The X.509 subjectAltName comparison is thus restricted to the left substring before the null byte.

An attacker can therefore send an X.509 certificate containing a null byte to a client written in PHP in order to spoof another server.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-4124

Samba: infinite loop of EA List

Synthesis of the vulnerability

An attacker can generate an infinite loop in the EA List processing by Samba, in order to trigger a denial of service.
Impacted products: Fedora, HP-UX, MBS, MES, openSUSE, Solaris, RHEL, Samba, Slackware.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 05/08/2013.
Identifiers: BID-61597, c04396638, c04401461, CERTA-2013-AVI-469, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2013-4124, FEDORA-2013-14312, FEDORA-2013-14355, HPSBUX03087, HPSBUX03093, MDVSA-2013:207, openSUSE-SU-2013:1339-1, openSUSE-SU-2013:1349-1, RHSA-2013:1310-01, RHSA-2013:1542-02, RHSA-2013:1543-02, RHSA-2014:0305-01, SSA:2013-218-03, SSRT101009, SSRT101413, VIGILANCE-VUL-13202.

Description of the vulnerability

The NTTRANS command of the SMB/CIFS protocol can indicate a list of extended attributes (EA List).

The read_nttrans_ea_list() function of the source3/smbd/nttrans.c file, and the ea_pull_list_chained() function of the source4/libcli/raw/raweas.c file, process this EA List. However, if the offset indicated in the packet is too large, an integer overflows, and Samba continues to loop allocating memory.

An attacker can therefore generate an infinite loop in the EA List processing by Samba, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-4854

ISC BIND: denial of service via KeyData

Synthesis of the vulnerability

A remote attacker can send a malicious query to ISC BIND, in order to stop it.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, BIND, MBS, MES, McAfee Email and Web Security, McAfee Email Gateway, McAfee Web Gateway, NetBSD, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 29/07/2013.
Identifiers: AA-01015, AA-01016, BID-61479, c03922396, CERTA-2013-AVI-443, CVE-2013-4854, DSA-2728-1, FEDORA-2013-13831, FEDORA-2013-13863, FreeBSD-SA-13:07.bind, HPSBUX02926, MDVSA-2013:202, NetBSD-SA2013-005, openSUSE-SU-2013:1353-1, openSUSE-SU-2013:1354-1, openSUSE-SU-2013:1362-1, RHSA-2013:1114-01, RHSA-2013:1115-01, SB10052, sol14613, SSA:2013-218-01, SSRT101281, SUSE-SU-2013:1310-1, VIGILANCE-VUL-13173, ZDI-13-210.

Description of the vulnerability

The DNS KeyData (identifier 65533) record type is implemented in the rdata/generic/keydata_65533.c file of BIND.

The fromwire_keydata() function decodes data. However, if they are too large, this function does not manage the case, then an assertion error ("REQUIRE(region->length >= 4) failed") occurs in the rdata.c file.

A remote attacker can therefore send a malicious query to ISC BIND (authoritative or recursive), in order to stop it.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-1896

Apache HTTP Server: denial of service via mod_dav

Synthesis of the vulnerability

An attacker can send a MERGE query for mod_dav of Apache HTTP Server, in order to trigger a denial of service.
Impacted products: Apache httpd, Fedora, HP-UX, Junos Space, Junos Space Network Management Platform, NSMXpress, MBS, MES, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 15/07/2013.
Identifiers: BID-61129, c03922406, CERTA-2013-AVI-435, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CVE-2013-1896, FEDORA-2013-13922, FEDORA-2013-13994, HPSBUX02927, JSA10685, MDVSA-2013:193, openSUSE-SU-2013:1337-1, openSUSE-SU-2013:1340-1, openSUSE-SU-2013:1341-1, openSUSE-SU-2014:1647-1, RHSA-2013:1133-01, RHSA-2013:1134-01, RHSA-2013:1156-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-218-02, SSRT101288, SUSE-SU-2014:1082-1, VIGILANCE-VUL-13117.

Description of the vulnerability

The mod_dav (DAV, Distributed Authoring and Versioning) module can be installed in Apache HTTP Server.

The MERGE command of mod_dav_svn applies differences between two Subversion information sources. However, if this command indicates an URI which is not configured for DAV, a segmentation fault occurs in mod_dav.

An attacker can therefore send a MERGE query for mod_dav of Apache HTTP Server, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-1571

Javadoc: Frame injection via Relative URI

Synthesis of the vulnerability

An attacker can use a relative URI, to inject an HTML page in web sites generated with Javadoc, in order to trigger a phishing attack on victims connecting on the web site.
Impacted products: Tomcat, Debian, Fedora, HP-UX, Tivoli System Automation, MBS, MES, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: document.
Creation date: 15/07/2013.
Identifiers: 1650599, BID-60634, c03868911, c03874547, CERTFR-2014-AVI-244, CVE-2013-1571, DSA-2722-1, DSA-2727-1, FEDORA-2013-11281, FEDORA-2013-11285, HPSBUX02907, HPSBUX02908, javacpujun2013, MDVSA-2013:183, MDVSA-2013:196, MDVSA-2014:042, openSUSE-SU-2013:1247-1, openSUSE-SU-2013:1288-1, RHSA-2013:0957-01, RHSA-2013:0958-01, RHSA-2013:0963-01, RHSA-2013:1014-01, RHSA-2013:1059-01, RHSA-2013:1060-01, RHSA-2013:1081-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SUSE-SU-2013:1238-1, SUSE-SU-2013:1254-1, SUSE-SU-2013:1255-1, SUSE-SU-2013:1255-2, SUSE-SU-2013:1255-3, SUSE-SU-2013:1256-1, SUSE-SU-2013:1257-1, SUSE-SU-2013:1263-1, SUSE-SU-2013:1263-2, SUSE-SU-2013:1305-1, VIGILANCE-VUL-13106, VU#225657.

Description of the vulnerability

The Javadoc tool generates the documentation of applications written in Java language.

Index files (index.htm[l]) and table of contents files (toc.htm[l]) are dynamically generated. However, they contain JavaScript code which does not correctly filter relative URI. An HTML Frame can then be replaced by a malicious Frame.

An attacker can therefore use a relative URI, to inject an HTML page in web sites generated with Javadoc, in order to trigger a phishing attack on victims connecting on the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1500 CVE-2013-1571 CVE-2013-2400

Oracle JRE, JDK, JavaFX: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle JRE, JDK, JavaFX.
Impacted products: Debian, Fedora, HP-UX, Domino, Notes, Tivoli System Automation, WebSphere MQ, MBS, MES, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 40.
Creation date: 19/06/2013.
Identifiers: 1648416, 1650599, 1657132, BID-60617, BID-60618, BID-60619, BID-60620, BID-60621, BID-60622, BID-60623, BID-60624, BID-60625, BID-60626, BID-60627, BID-60629, BID-60630, BID-60631, BID-60632, BID-60633, BID-60634, BID-60635, BID-60636, BID-60637, BID-60638, BID-60639, BID-60640, BID-60641, BID-60643, BID-60644, BID-60645, BID-60646, BID-60647, BID-60649, BID-60650, BID-60651, BID-60652, BID-60653, BID-60654, BID-60655, BID-60656, BID-60657, BID-60658, BID-60659, c03868911, c03874547, c03898880, CERTA-2013-AVI-361, CERTFR-2014-AVI-244, CVE-2013-1500, CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2467, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3744, DSA-2722-1, DSA-2727-1, FEDORA-2013-11281, FEDORA-2013-11285, HPSBUX02907, HPSBUX02908, HPSBUX02922, IC94453, javacpujun2013, KLYH95CMCJ, MDVSA-2013:183, MDVSA-2013:196, openSUSE-SU-2013:1247-1, openSUSE-SU-2013:1288-1, PSA-2013-0811-1, PSA-2013-0813-1, PSA-2013-0819-1, PSA-2013-0827-1, RHSA-2013:0957-01, RHSA-2013:0958-01, RHSA-2013:0963-01, RHSA-2013:1014-01, RHSA-2013:1059-01, RHSA-2013:1060-01, RHSA-2013:1081-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT101305, SUSE-SU-2013:1238-1, SUSE-SU-2013:1254-1, SUSE-SU-2013:1255-1, SUSE-SU-2013:1255-2, SUSE-SU-2013:1255-3, SUSE-SU-2013:1256-1, SUSE-SU-2013:1257-1, SUSE-SU-2013:1263-1, SUSE-SU-2013:1263-2, SUSE-SU-2013:1264-1, SUSE-SU-2013:1293-2, SUSE-SU-2013:1305-1, swg21641098, swg21644918, VIGILANCE-VUL-12992, VMSA-2013-0006.1, VMSA-2013-0009.1, VMSA-2013-0012.1, VU#225657, ZDI-13-132, ZDI-13-151, ZDI-13-152, ZDI-13-153, ZDI-13-154, ZDI-13-155, ZDI-13-156, ZDI-13-157, ZDI-13-158, ZDI-13-159, ZDI-13-160.

Description of the vulnerability

Several vulnerabilities were announced in Oracle JRE, JDK, JavaFX.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60651, CVE-2013-2470, ZDI-13-158]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60659, CVE-2013-2471, ZDI-13-152]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60656, CVE-2013-2472, ZDI-13-151]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60623, CVE-2013-2473, ZDI-13-154]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60655, CVE-2013-2463, ZDI-13-156]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60631, CVE-2013-2464, ZDI-13-157]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60657, CVE-2013-2465, ZDI-13-153]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60658, CVE-2013-2469, ZDI-13-155]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60647, CVE-2013-2459, PSA-2013-0811-1]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60637, CVE-2013-2468]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60624, CVE-2013-2466]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-60626, CVE-2013-3743]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60630, CVE-2013-2462]

An attacker can use a vulnerability of Serviceability, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-60635, CVE-2013-2460]

An attacker can use a vulnerability of Hotspot, in order to create a denial of service. [severity:2/4; BID-60639, CVE-2013-2445]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60640, CVE-2013-2448, ZDI-13-160]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60643, CVE-2013-2442]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60645, CVE-2013-2461]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-60649, CVE-2013-2467]

An attacker can use a vulnerability of Libraries, in order to obtain information, or to create a denial of service. [severity:3/4; BID-60653, CVE-2013-2407]

An attacker can use a vulnerability of JDBC, in order to obtain or alter information. [severity:2/4; BID-60650, CVE-2013-2454]

An attacker can use a vulnerability of Libraries, in order to obtain or alter information. [severity:2/4; BID-60652, CVE-2013-2458]

An attacker can use a vulnerability of AWT, in order to create a denial of service. [severity:2/4; BID-60633, CVE-2013-2444]

An attacker can use a vulnerability of CORBA, in order to obtain information. [severity:2/4; BID-60620, CVE-2013-2446]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-60636, CVE-2013-2437]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-60621, CVE-2013-2400]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-60654, CVE-2013-3744]

An attacker can use a vulnerability of JMX, in order to alter information. [severity:2/4; BID-60632, CVE-2013-2457]

An attacker can use a vulnerability of JMX, in order to alter information. [severity:2/4; BID-60644, CVE-2013-2453]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60646, CVE-2013-2443]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60617, CVE-2013-2452]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60619, CVE-2013-2455, ZDI-13-159]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-60629, CVE-2013-2447]

An attacker can use a vulnerability of Serialization, in order to create a denial of service. [severity:2/4; BID-60638, CVE-2013-2450]

An attacker can use a vulnerability of Serialization, in order to obtain information. [severity:2/4; BID-60641, CVE-2013-2456]

An attacker can use a vulnerability of Serviceability, in order to obtain information. [severity:2/4; BID-60618, CVE-2013-2412]

An attacker can use a vulnerability of Libraries, in order to obtain information. [severity:2/4; BID-60622, CVE-2013-2449]

An attacker can use a vulnerability of Javadoc, in order to alter information (VIGILANCE-VUL-13106). [severity:2/4; BID-60634, CVE-2013-1571, swg21641098, VU#225657]

An attacker can use a vulnerability of Networking, in order to alter information. [severity:2/4; BID-60625, CVE-2013-2451]

An attacker can use a vulnerability of 2D, in order to obtain or alter information. [severity:1/4; BID-60627, CVE-2013-1500]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-1981 CVE-2013-1982 CVE-2013-1983

X.Org: multiple vulnerabilities of libraries

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libraries of X.Org.
Impacted products: Debian, Fedora, HP-UX, MBS, MES, NetBSD, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, XOrg Bundle ~ not comprehensive, libX11.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 30.
Creation date: 23/05/2013.
Identifiers: BID-60120, BID-60121, BID-60122, BID-60123, BID-60124, BID-60125, BID-60126, BID-60127, BID-60128, BID-60129, BID-60130, BID-60131, BID-60132, BID-60133, BID-60134, BID-60135, BID-60136, BID-60137, BID-60138, BID-60139, BID-60141, BID-60142, BID-60143, BID-60144, BID-60145, BID-60146, BID-60148, BID-60149, c04341797, CERTA-2013-AVI-362, CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-1992, CVE-2013-1993, CVE-2013-1994, CVE-2013-1995, CVE-2013-1996, CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2003, CVE-2013-2004, CVE-2013-2005, CVE-2013-2062, CVE-2013-2063, CVE-2013-2064, CVE-2013-2066, DSA-2673-1, DSA-2674-1, DSA-2675-1, DSA-2675-2, DSA-2676-1, DSA-2677-1, DSA-2678-1, DSA-2679-1, DSA-2680-1, DSA-2681-1, DSA-2682-1, DSA-2683-1, DSA-2684-1, DSA-2685-1, DSA-2686-1, DSA-2687-1, DSA-2688-1, DSA-2689-1, DSA-2690-1, DSA-2691-1, DSA-2692-1, DSA-2693-1, FEDORA-2013-11734, FEDORA-2013-12083, FEDORA-2013-12593, FEDORA-2013-5967, FEDORA-2013-9151, HPSBUX03049, MDVSA-2013:181, MDVSA-2013:182, NetBSD-SA2013-007, openSUSE-SU-2013:0865-1, openSUSE-SU-2013:1007-1, openSUSE-SU-2013:1008-1, openSUSE-SU-2013:1009-1, openSUSE-SU-2013:1010-1, openSUSE-SU-2013:1011-1, openSUSE-SU-2013:1014-1, openSUSE-SU-2013:1025-1, openSUSE-SU-2013:1026-1, openSUSE-SU-2013:1027-1, openSUSE-SU-2013:1028-1, openSUSE-SU-2013:1029-1, openSUSE-SU-2013:1030-1, openSUSE-SU-2013:1031-1, openSUSE-SU-2013:1032-1, openSUSE-SU-2013:1033-1, openSUSE-SU-2013:1034-1, openSUSE-SU-2013:1041-1, openSUSE-SU-2013:1046-1, openSUSE-SU-2013:1047-1, RHSA-2013:0897-01, RHSA-2013:0898-01, RHSA-2014:1436-02, SSA:2017-291-01, SSRT101240, SUSE-SU-2014:0881-1, SUSE-SU-2014:0882-1, SUSE-SU-2014:0883-1, SUSE-SU-2014:0893-1, SUSE-SU-2014:0898-1, SUSE-SU-2014:0900-1, SUSE-SU-2014:0915-1, SUSE-SU-2014:0916-1, SUSE-SU-2014:0919-1, VIGILANCE-VUL-12858.

Description of the vulnerability

Several vulnerabilities were announced in X.Org.

An attacker can generate an integer overflow in libX11, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60120, CVE-2013-1981]

An attacker can generate an integer overflow in libXext, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60126, CVE-2013-1982]

An attacker can generate an integer overflow in libXfixes, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60125, CVE-2013-1983]

An attacker can generate an integer overflow in libXi, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60123, CVE-2013-1984]

An attacker can generate an integer overflow in libXinerama, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60128, CVE-2013-1985]

An attacker can generate an integer overflow in libXp, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60131, CVE-2013-2062]

An attacker can generate an integer overflow in libXrandr, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60129, CVE-2013-1986]

An attacker can generate an integer overflow in libXrender, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60132, CVE-2013-1987]

An attacker can generate an integer overflow in libXRes, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60134, CVE-2013-1988]

An attacker can generate an integer overflow in libXtst, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60141, CVE-2013-2063]

An attacker can generate an integer overflow in libXv, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60135, CVE-2013-1989]

An attacker can generate an integer overflow in libXvMC, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60136, CVE-2013-1990]

An attacker can generate an integer overflow in libXxf86dga, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60138, CVE-2013-1991]

An attacker can generate an integer overflow in libdmx, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60142, CVE-2013-1992]

An attacker can generate an integer overflow in libxcb, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60148, CVE-2013-2064]

An attacker can generate an integer overflow in libGLX, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60149, CVE-2013-1993]

An attacker can generate an integer overflow in libchromeXvMC, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2013-1994]

An attacker can generate a memory corruption in libXi, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60124, CVE-2013-1995]

An attacker can generate a memory corruption in libFS, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60130, CVE-2013-1996]

An attacker can generate a buffer overflow in libX11, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60122, CVE-2013-1997]

An attacker can generate a buffer overflow in libXi, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60127, CVE-2013-1998]

An attacker can generate a buffer overflow in libXv, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60143, CVE-2013-2066]

An attacker can generate a buffer overflow in libXvMC, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60144, CVE-2013-1999]

An attacker can generate a buffer overflow in libXxf86dga, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60139, CVE-2013-2000]

An attacker can generate a buffer overflow in libXxf86vm, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60145, CVE-2013-2001]

An attacker can generate a buffer overflow in libXt, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60137, CVE-2013-2002]

An attacker can generate an integer overflow in libX11, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2013-1981]

An attacker can generate an integer overflow in libXcursor, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60121, CVE-2013-2003]

An attacker can trigger a denial of service in libX11. [severity:2/4; BID-60146, CVE-2013-2004]

An attacker can generate a memory corruption in libXt, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; BID-60133, CVE-2013-2005]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-1862

Apache httpd 2.2: character injection via mod_rewrite

Synthesis of the vulnerability

An attacker can use special characters, which are not filtered by mod_rewrite of Apache httpd 2.2, in order to inject them in the log file.
Impacted products: Apache httpd, BIG-IP Hardware, TMOS, HP-UX, Junos Space, Junos Space Network Management Platform, NSMXpress, MBS, MES, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SLES.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 14/05/2013.
Identifiers: BID-59826, c03922406, CERTA-2013-AVI-332, CERTA-2013-AVI-543, CERTA-2013-AVI-590, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CERTFR-2014-AVI-502, CERTFR-2015-AVI-286, CVE-2013-1862, HPSBUX02927, JSA10685, MDVSA-2013:174, openSUSE-SU-2013:1337-1, openSUSE-SU-2013:1340-1, openSUSE-SU-2013:1341-1, openSUSE-SU-2014:1647-1, RHSA-2013:0815-01, RHSA-2013:1133-01, RHSA-2013:1134-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SOL15877, SSRT101288, SUSE-SU-2014:1082-1, VIGILANCE-VUL-12790.

Description of the vulnerability

The mod_rewrite module of Apache httpd is used to edit queries. The RewriteLog directive of Apache 2.2 indicates the filename where to log performed modifications.

However, special characters contained in the client name, the username and the free text are not filtered.

An attacker can therefore use special characters, which are not filtered by mod_rewrite of Apache httpd 2.2, in order to inject them in the log file.

If the attacker injects ANSI escape sequences, they are then interpreted when the administrator displays log files in a shell terminal.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-0401 CVE-2013-0402 CVE-2013-1488

Oracle JRE, JDK, JavaFX: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Oracle JRE, JDK and JavaFX can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HP-UX, Domino, Notes, Tivoli System Automation, Junos Space, Junos Space Network Management Platform, MBS, MES, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 42.
Creation date: 17/04/2013.
Identifiers: BID-59088, BID-59089, BID-59124, BID-59128, BID-59131, BID-59137, BID-59141, BID-59145, BID-59149, BID-59153, BID-59154, BID-59159, BID-59162, BID-59165, BID-59166, BID-59167, BID-59170, BID-59172, BID-59175, BID-59178, BID-59179, BID-59184, BID-59185, BID-59187, BID-59190, BID-59191, BID-59194, BID-59195, BID-59203, BID-59206, BID-59208, BID-59212, BID-59213, BID-59219, BID-59220, BID-59228, BID-59234, BID-59243, bulletinoct2015, c03874547, c03898880, CERTA-2013-AVI-256, CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440, FEDORA-2013-5922, FEDORA-2013-5958, HPSBUX02908, HPSBUX02922, javacpuapr2013, KLYH95CMCJ, MDVSA-2013:145, MDVSA-2013:161, openSUSE-SU-2013:0745-1, openSUSE-SU-2013:0777-1, openSUSE-SU-2013:0964-1, openSUSE-SU-2013:0993-1, RHSA-2013:0751-01, RHSA-2013:0752-01, RHSA-2013:0757-01, RHSA-2013:0758-01, RHSA-2013:0770-01, RHSA-2013:0822-01, RHSA-2013:0823-01, RHSA-2013:0855-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SA-20130417-1, SE-2012-01, SSRT101305, SUSE-SU-2013:0814-1, SUSE-SU-2013:0835-1, SUSE-SU-2013:0835-2, SUSE-SU-2013:0835-3, SUSE-SU-2013:0871-1, SUSE-SU-2013:0871-2, SUSE-SU-2013:0934-1, swg21644918, swg21645096, swg21645100, VIGILANCE-VUL-12678, ZDI-13-068, ZDI-13-069, ZDI-13-070, ZDI-13-071, ZDI-13-072, ZDI-13-073, ZDI-13-074, ZDI-13-075, ZDI-13-076, ZDI-13-077, ZDI-13-078, ZDI-13-079, ZDI-13-089.

Description of the vulnerability

Several vulnerabilities were announced in Oracle JRE, JDK and JavaFX. The most severe vulnerabilities lead to code execution.

An attacker can use a vulnerability of ICU 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59190, CVE-2013-2383, ZDI-13-070]

An attacker can use a vulnerability of ICU 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59179, CVE-2013-2384, ZDI-13-068]

An attacker can use a vulnerability of ICU 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59166, CVE-2013-1569, ZDI-13-069]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59137, CVE-2013-2434, ZDI-13-071]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59154, CVE-2013-2432]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59167, CVE-2013-2420, ZDI-13-073]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2013-1491, ZDI-13-078]

An attacker can use a vulnerability of Beans, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59219, CVE-2013-1558]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59124, CVE-2013-2440]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59089, CVE-2013-2435]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59165, CVE-2013-2431]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59191, CVE-2013-2425]

An attacker can use a vulnerability of JAXP, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59141, CVE-2013-1518]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59234, CVE-2013-2414]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59175, CVE-2013-2428, ZDI-13-074]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59128, CVE-2013-2427]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59228, CVE-2013-2422]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59194, CVE-2013-1537]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59170, CVE-2013-1557]

An attacker can use a vulnerability of HotSpot, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59153, CVE-2013-2421]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2013-0402, ZDI-13-077]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59206, CVE-2013-2426, ZDI-13-075]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59213, CVE-2013-2436, ZDI-13-079]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; CVE-2013-1488, ZDI-13-076]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59172, CVE-2013-2394, ZDI-13-072]

An attacker can use a vulnerability of ImageIO, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59243, CVE-2013-2430]

An attacker can use a vulnerability of ImageIO, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59184, CVE-2013-2429]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59208, CVE-2013-1563]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-59178, CVE-2013-2439]

An attacker can use a vulnerability of AWT, in order to obtain or alter information. [severity:3/4; CVE-2013-0401, ZDI-13-089]

An attacker can use a vulnerability of ICU 2D, in order to create a denial of service. [severity:2/4; BID-59131, CVE-2013-2419]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; BID-59159, CVE-2013-2424]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; BID-59203, CVE-2013-1561]

An attacker can use a vulnerability of JavaFX, in order to alter information. [severity:2/4; BID-59195, CVE-2013-1564]

An attacker can use a vulnerability of JavaFX, in order to alter information. [severity:2/4; BID-59185, CVE-2013-2438]

An attacker can use a vulnerability of Networking, in order to create a denial of service. [severity:2/4; BID-59187, CVE-2013-2417]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-59145, CVE-2013-2418]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-59088, CVE-2013-2416, SA-20130417-1]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-59220, CVE-2013-2433]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:2/4; BID-59149, CVE-2013-1540]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; BID-59162, CVE-2013-2423]

An attacker can use a vulnerability of JAX-WS, in order to obtain information. [severity:1/4; BID-59212, CVE-2013-2415]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-2266

ISC BIND: denial of service of regex

Synthesis of the vulnerability

An attacker can use a special DNS record, in order to force ISC BIND to consume large memory resources.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, BIND, MBS, MES, McAfee Email Gateway, openSUSE, RHEL.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 26/03/2013.
Identifiers: AA-00871, AA-00879, BID-58736, c03750073, CERTA-2013-AVI-210, CERTA-2013-AVI-285, CVE-2013-2266, DSA-2656-1, FEDORA-2013-4525, FEDORA-2013-4533, FreeBSD-SA-13:04.bind, HPSBUX02876, MDVSA-2013:058, openSUSE-SU-2013:0605-1, openSUSE-SU-2013:0666-1, RHSA-2013:0689-01, RHSA-2013:0690-01, SB10052, sol14386, SSRT101148, VIGILANCE-VUL-12572.

Description of the vulnerability

When BIND is compiled on Unix, it uses regex.h to provide functions to process regular expressions.

The BIND libdns library uses these regular expressions, in order to check the syntax of RDATA records. The lib/dns/rdata/in_1/naptr_35.c function calls regcomp() and regfree() declared in regex.h.

However, some Unix implementation of regex consume useless memory.

An attacker can therefore use a special DNS record, in order to force ISC BIND to consume large memory resources. Applications linked to libdns are also vulnerable, such as ISC DHCP (VIGILANCE-VUL-12573).
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HPUX: