The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPUX

cybersecurity bulletin CVE-2014-3956

Sendmail: privilege escalation via File Descriptors

Synthesis of the vulnerability

A local attacker can access to file descriptors of Sendmail, in order to escalate his privileges.
Severity: 2/4.
Creation date: 21/05/2014.
Identifiers: c05216368, CVE-2014-3956, FEDORA-2014-7093, FEDORA-2014-7095, FreeBSD-SA-14:11.sendmail, HPSBUX03632, MDVSA-2014:147, MDVSA-2015:128, openSUSE-SU-2014:0804-1, openSUSE-SU-2014:0805-1, SSA:2014-156-04, SSRT110194, VIGILANCE-VUL-14780.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Sendmail product allows a local user to define a program to be executed when he receives an email (for example with procmail).

However, before executing this external program, Sendmail does not close its file descriptors. This program can thus for example access to the file descriptor of the SMTP session.

A local attacker can therefore access to file descriptors of Sendmail, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2013-4039 CVE-2013-6323 CVE-2013-6325

WebSphere AS 8.5: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebSphere AS 8.5.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 14.
Creation date: 30/04/2014.
Identifiers: 1669554, BID-64249, BID-65096, BID-65099, BID-65400, c04483248, CERTFR-2014-AVI-131, CVE-2013-4039, CVE-2013-6323, CVE-2013-6325, CVE-2013-6329, CVE-2013-6438, CVE-2013-6725, CVE-2013-6738, CVE-2013-6747, CVE-2014-0050, CVE-2014-0823, CVE-2014-0857, CVE-2014-0859, CVE-2014-0892, CVE-2014-0896, HPSBUX03150, PI04777, PI04880, PI05309, PI05324, PI05661, PI07808, PI08892, PI09345, PI09443, PI09786, PI10134, PI12648, PI12926, PI13162, PM84760, PM98132, PM99450, SSRT101681, VIGILANCE-VUL-14684.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in WebSphere AS 8.5.

An attacker can use Compute Grid, in order to obtain sensitive information. [severity:2/4; CVE-2013-4039, PM84760]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-65099, CVE-2013-6725, PM98132]

An attacker can send malicious XML data to the XML Parser, in order to trigger a denial of service. [severity:2/4; BID-65096, CVE-2013-6325, PM99450]

An attacker can trigger a Cross Site Scripting in Administration Console, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-6323, PI04777, PI04880]

An attacker can send malicious SSLv2 messages to applications using IBM GSKit, in order to trigger a denial of service (VIGILANCE-VUL-14155). [severity:2/4; BID-64249, CVE-2013-6329, PI05309]

An attacker can use Full/Liberty Profile, in order to obtain sensitive information. [severity:2/4; CVE-2014-0823, PI05324]

An attacker can trigger a Cross Site Scripting in Oauth, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-6738, PI05661]

An attacker can use the Administrative Console, in order to escalate his privileges. [severity:2/4; CVE-2014-0857, PI07808]

An attacker can use POST queries, in order to trigger a denial of service. [severity:2/4; CVE-2014-0859, PI08892]

An attacker can send a DAV WRITE query starting by spaces, in order to trigger a denial of service in mod_dav of Apache HTTP Server (VIGILANCE-VUL-14439). [severity:2/4; CERTFR-2014-AVI-131, CVE-2013-6438, PI09345]

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service (VIGILANCE-VUL-14158). [severity:2/4; CVE-2013-6747, PI09443]

An attacker can use Proxy and ODR, in order to obtain sensitive information. [severity:1/4; CVE-2014-0892, PI09786]

An attacker can use Liberty Profile, in order to obtain sensitive information. [severity:2/4; CVE-2014-0896, PI10134]

An attacker can use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service (VIGILANCE-VUL-14183). [severity:2/4; BID-65400, CVE-2014-0050, PI12648, PI12926, PI13162]
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2013-6219

HP-UX: write access with WLI

Synthesis of the vulnerability

An attacker can bypass access restrictions of HP-UX Whitelisting, in order to alter data.
Severity: 2/4.
Creation date: 22/04/2014.
Identifiers: c04227671, CVE-2013-6219, HPSBUX03001, SSRT101382, VIGILANCE-VUL-14623.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HP-UX WLI (Whitelisting) product can be installed on HP-UX to protect file systems.

However, an attacker can bypass access restrictions to data.

An attacker can therefore bypass access restrictions of HP-UX Whitelisting, in order to alter data.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2013-6629 CVE-2013-6954 CVE-2014-0429

Oracle Java: multiple vulnerabilities of April 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 37.
Creation date: 16/04/2014.
Identifiers: 1680562, 1681114, 7014224, BID-64493, c04398922, c04398943, CERTFR-2014-AVI-185, CERTFR-2014-AVI-382, CERTFR-2014-AVI-480, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, cpuapr2014, CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428, DSA-2912-1, DSA-2923-1, ESA-2014-044, FEDORA-2014-5277, FEDORA-2014-5280, FEDORA-2014-5290, FEDORA-2014-5336, HPSBUX03091, HPSBUX03092, JSA10659, JSA10698, MDVSA-2014:100, openSUSE-SU-2014:1638-1, openSUSE-SU-2014:1645-1, RHSA-2014:0406-01, RHSA-2014:0407-01, RHSA-2014:0408-01, RHSA-2014:0412-01, RHSA-2014:0413-02, RHSA-2014:0414-01, RHSA-2014:0486-01, RHSA-2014:0508-01, RHSA-2014:0509-01, RHSA-2014:0675-01, RHSA-2014:0685-01, RHSA-2014:0982-01, SB10072, SSRT101667, SSRT101668, SUSE-SU-2014:0639-1, SUSE-SU-2014:0728-1, SUSE-SU-2014:0728-2, SUSE-SU-2014:0728-3, SUSE-SU-2014:0733-1, SUSE-SU-2014:0733-2, USN-2187-1, USN-2191-1, VIGILANCE-VUL-14599, VMSA-2014-0008, VU#650142, ZDI-14-102, ZDI-14-103, ZDI-14-104, ZDI-14-105, ZDI-14-114.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0429]

An attacker can use a vulnerability of Libraries ScriptEngineManager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0457, ZDI-14-105]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0456, ZDI-14-114]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2421, ZDI-14-102]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2410]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2397]

An attacker can use a vulnerability of Libraries permuteArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0432, ZDI-14-104]

An attacker can use a vulnerability of Libraries DropArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0455, ZDI-14-103]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0461]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0448]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2428]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2412]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0451]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0458]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2423]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0452]

An attacker can use a vulnerability of JAXB, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2414]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2402]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0446]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0454]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2427]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2422]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2014-2409]

An attacker can use a vulnerability of JNDI, in order to obtain or alter information. [severity:2/4; CVE-2014-0460]

An attacker can create a malicious image, to dereference a NULL pointer in the png_do_expand_palette() function of libpng, in order to trigger a denial of service. (VIGILANCE-VUL-13989). [severity:2/4; BID-64493, CVE-2013-6954, VU#650142]

An attacker can use a vulnerability of AWT, in order to obtain information (VIGILANCE-VUL-18980). [severity:2/4; CVE-2013-6629]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; CVE-2014-0449]

An attacker can use a vulnerability of JAXP, in order to obtain information. [severity:2/4; CVE-2014-2403]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2014-2401]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0463]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0464]

An attacker can use a vulnerability of 2D, in order to trigger a denial of service. [severity:2/4; CVE-2014-0459]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; CVE-2014-2413]

An attacker can use a vulnerability of Security, in order to obtain or alter information. [severity:2/4; CVE-2014-0453]

An attacker can use a vulnerability of Javadoc, in order to alter information. [severity:1/4; CVE-2014-2398]

A local attacker can create a symbolic link named /tmp/unpack.log, in order to alter the pointed file, with privileges of unpack200 (VIGILANCE-VUL-14196). [severity:1/4; CVE-2014-1876]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:1/4; CVE-2014-2420]
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2013-5704

Apache httpd: bypassing mod_headers unset

Synthesis of the vulnerability

An attacker can use HTTP Chunked data, in order to bypass the "RequestHeader unset" directive of Apache httpd mod_headers.
Severity: 2/4.
Creation date: 01/04/2014.
Identifiers: 1690185, 1695392, 7036319, bulletinjan2015, c04686230, c04832246, CVE-2013-5704, FEDORA-2014-17153, FEDORA-2014-17195, HPSBUX03337, HPSBUX03512, MDVSA-2014:174, openSUSE-SU-2014:1726-1, RHSA-2014:1972-01, RHSA-2015:0325-02, RHSA-2015:1249-02, RHSA-2015:2659-01, RHSA-2015:2660-01, RHSA-2015:2661-01, RHSA-2016:0062-01, SOL16863, SSA:2015-111-03, SSRT102066, SSRT102254, USN-2523-1, VIGILANCE-VUL-14503.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The HTTP Transfer-Encoding header can use the "chunked" type, to indicate that data is split in chunks before being transmitted.

The "RequestHeader unset Abc" directive of the mod_headers module of Apache httpd indicates to remove the HTTP Abc header. However, if an attacker puts the HTTP Abc header in a chunked part, mod_headers does not remove it.

An attacker can therefore use HTTP Chunked data, in order to bypass the "RequestHeader unset" directive of Apache httpd mod_headers.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-6438

Apache HTTP Server: denial of service via mod_dav

Synthesis of the vulnerability

An attacker can send a DAV WRITE query starting by spaces, in order to trigger a denial of service in mod_dav of Apache HTTP Server.
Severity: 2/4.
Creation date: 18/03/2014.
Identifiers: c04223376, c04483248, CERTFR-2014-AVI-131, CERTFR-2014-AVI-244, CERTFR-2014-AVI-250, CERTFR-2015-AVI-286, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, CVE-2013-6438, FEDORA-2014-5004, HPSBUX03102, HPSBUX03150, JSA10685, JSA10698, MDVSA-2014:065, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0369-01, RHSA-2014:0370-01, RHSA-2014:0783-01, RHSA-2014:0784-01, RHSA-2014:0825-01, RHSA-2014:0826-01, SOL15300, SSA:2014-086-02, SSRT101681, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2152-1, VIGILANCE-VUL-14439.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The mod_dav module can be enabled on Apache HTTP Server, to edit documents online.

When data starts by a space, they are removed. However, the size of data is not updated, so the '\0' terminator is written outside the array, which leads to a fatal error.

An attacker can therefore send a DAV WRITE query starting by spaces, in order to trigger a denial of service in mod_dav of Apache HTTP Server.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2014-0098

Apache HTTP Server: denial of service via mod_log_config

Synthesis of the vulnerability

An attacker can use a truncated cookie, in order to trigger a denial of service in mod_log_config of Apache HTTP Server.
Severity: 2/4.
Creation date: 18/03/2014.
Identifiers: c04223376, c04483248, CERTFR-2014-AVI-131, CERTFR-2014-AVI-244, CERTFR-2015-AVI-286, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, CVE-2014-0098, FEDORA-2014-4555, FEDORA-2014-5004, HPSBUX03102, HPSBUX03150, JSA10685, JSA10698, MDVSA-2014:065, MDVSA-2015:093, openSUSE-SU-2014:0969-1, openSUSE-SU-2014:1044-1, openSUSE-SU-2014:1045-1, openSUSE-SU-2014:1647-1, RHSA-2014:0369-01, RHSA-2014:0370-01, RHSA-2014:0783-01, RHSA-2014:0784-01, RHSA-2014:0825-01, RHSA-2014:0826-01, SSA:2014-086-02, SSRT101681, SUSE-SU-2014:0967-1, SUSE-SU-2014:1080-1, SUSE-SU-2014:1081-1, SUSE-SU-2014:1082-1, USN-2152-1, VIGILANCE-VUL-14438.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

To define cookies, web clients use an HTTP header like:
  Cookie: name=value; name2=value2

The mod_log_config module logs HTTP queries received by Apache httpd. However, if a cookie has no value, a fatal error occurs in the log_cookie() function of the modules/loggers/mod_log_config.c file.

An attacker can therefore use a truncated cookie, in order to trigger a denial of service in mod_log_config of Apache HTTP Server.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-4496

Samba: brute force via SAMR

Synthesis of the vulnerability

An attacker can use SAMR to exploit a brute force, in order to guess the password of a Samba user.
Severity: 2/4.
Creation date: 12/03/2014.
Identifiers: c05115993, CERTFR-2014-AVI-244, CVE-2013-4496, FEDORA-2014-3796, FEDORA-2014-3815, HPSBUX03574, MDVSA-2015:082, openSUSE-SU-2014:0404-1, openSUSE-SU-2014:0405-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, RHSA-2014:0330-01, RHSA-2014:0383-01, SSA:2014-072-01, SUSE-SU-2014:0497-1, USN-2156-1, VIGILANCE-VUL-14408.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The SAMR (Security Account Manager Remote) protocol is used to manipulate the user database.

An unauthenticated user can call the ChangePasswordUser2 function to change his password. He then has to enter his current password.

However, the account lockout is not managed. An attacker can thus call the function an infinite number of times, until he find the current victim's password.

An attacker can therefore use SAMR to exploit a brute force, in order to guess the password of a Samba user.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2013-6209

HP-UX: denial of service via NFS rpc.lockd

Synthesis of the vulnerability

An attacker can send a malicious query to the NFS rpc.lockd daemon of HP-UX, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 11/03/2014.
Identifiers: c04174142, CVE-2013-6209, HPSBUX02976, SSRT101236, VIGILANCE-VUL-14394.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The NFS service of HP-UX uses the rpc.lockd daemon, to manage locks

However, a remote attacker can stop it.

An attacker can therefore send a malicious query to the NFS rpc.lockd daemon of HP-UX, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2013-6200

HP-UX: privilege escalation via m4

Synthesis of the vulnerability

A local attacker can use m4 on HP-UX, in order to escalate his privileges.
Severity: 2/4.
Creation date: 07/03/2014.
Identifiers: c04103553, CVE-2013-6200, HPSBUX02963, SSRT101297, VIGILANCE-VUL-14373.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The m4 program generates files from macros.

However, a local attacker can use it to gain an unauthorized access.

A local attacker can therefore use m4 on HP-UX, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about HPUX: