The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Hewlett-Packard HP-UX

vulnerability bulletin CVE-2017-15275

Samba: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, openSUSE Leap, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 21/11/2017.
Identifiers: CERTFR-2017-AVI-425, CVE-2017-15275, DLA-1183-1, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24503.

Description of the vulnerability

A local attacker can read a memory fragment of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-14746

Samba: memory corruption via SMB1

Synthesis of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, HP-UX, openSUSE Leap, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 21/11/2017.
Identifiers: bulletinapr2018, CERTFR-2017-AVI-425, CVE-2017-14746, DSA-4043-1, FEDORA-2017-366046c758, FEDORA-2017-791c5d52be, HPESBUX03817, openSUSE-SU-2017:3141-1, openSUSE-SU-2017:3143-1, RHSA-2017:3260-01, RHSA-2017:3278-01, SSA:2017-332-01, SUSE-SU-2017:3086-1, SUSE-SU-2017:3104-1, SUSE-SU-2018:2321-1, Synology-SA-17:72, USN-3486-1, USN-3486-2, VIGILANCE-VUL-24502.

Description of the vulnerability

An attacker can generate a memory corruption via SMB1 of Samba, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12163

Samba: information disclosure via Share Write Access

Synthesis of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12163, DLA-1110-1, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2789-01, RHSA-2017:2790-01, RHSA-2017:2791-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23882.

Description of the vulnerability

A local attacker can read a memory fragment via Share Write Access of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-12151

Samba: information disclosure via SMB3 DFS Redirects

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12151, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2790-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23881.

Description of the vulnerability

An attacker can bypass access restrictions to data via SMB3 DFS Redirects of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-12150

Samba: information disclosure via Missing Signature

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Missing Signature of Samba, in order to obtain sensitive information.
Impacted products: Debian, Fedora, HP-UX, QRadar SIEM, openSUSE Leap, Solaris, RHEL, Samba, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 20/09/2017.
Identifiers: 2015237, bulletinoct2017, CERTFR-2017-AVI-316, CVE-2017-12150, DLA-1110-1, DSA-3983-1, FEDORA-2017-581be259ef, FEDORA-2017-5a0a31c04e, HPESBUX03817, openSUSE-SU-2017:2706-1, openSUSE-SU-2017:2713-1, openSUSE-SU-2017:3143-1, RHSA-2017:2789-01, RHSA-2017:2790-01, RHSA-2017:2791-01, SSA:2017-263-01, Synology-SA-17:57, USN-3426-1, USN-3426-2, VIGILANCE-VUL-23880.

Description of the vulnerability

An attacker can bypass access restrictions to data via Missing Signature of Samba, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-7674

Apache Tomcat: information disclosure via Cache Poisoning

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Impacted products: Tomcat, Debian, Fedora, HP-UX, openSUSE Leap, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 11/08/2017.
Identifiers: bulletinoct2017, cpuapr2018, CVE-2017-7674, DLA-1400-1, DLA-1400-2, DSA-3974-1, FEDORA-2017-a00a087fd4, FEDORA-2017-ab0def38cd, HPESBUX03828, openSUSE-SU-2017:3069-1, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3519-1, VIGILANCE-VUL-23500.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Junos OS, Junos Space, SRX-Series, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, JSA10917, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-3140 CVE-2017-3141

ISC BIND: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Impacted products: Fedora, HP-UX, BIND, Data ONTAP, Solaris, Slackware.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/06/2017.
Identifiers: bulletinjul2018, CERTFR-2017-AVI-184, CVE-2017-3140, CVE-2017-3141, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, SSA:2017-165-01, VIGILANCE-VUL-22980.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can trigger an endless loop when Response Policy Zones are used, in order to trigger a denial of service. [severity:3/4; CVE-2017-3140]

On MS-Windows, an attacker can make Windows run his own program as the BIND service, thanks to a mishandling of spaces in paths. [severity:2/4; CVE-2017-3141]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-5664

Apache Tomcat: error page tampering

Synthesis of the vulnerability

An attacker can trigger an HTTP error in Apache Tomcat, in order to corrupt the error page documents.
Impacted products: Tomcat, Blue Coat CAS, Debian, Fedora, HPE NNMi, HP-UX, Junos Space, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Percona Server, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data creation/edition.
Provenance: internet client.
Creation date: 06/06/2017.
Identifiers: bulletinjul2017, cpuapr2018, cpuapr2019, CVE-2017-5664, DLA-996-1, DSA-3891-1, DSA-3892-1, FEDORA-2017-63789c8c29, FEDORA-2017-e4638a345c, HPESBUX03828, JSA10838, KM03302206, openSUSE-SU-2017:3069-1, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:1809-01, RHSA-2017:2493-01, RHSA-2017:2494-01, RHSA-2017:2633-01, RHSA-2017:2635-01, RHSA-2017:2636-01, RHSA-2017:2637-01, RHSA-2017:2638-01, RHSA-2017:3080-01, RHSA-2017:3081-01, SA156, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, SUSE-SU-2018:1847-1, USN-3519-1, VIGILANCE-VUL-22907.

Description of the vulnerability

The Apache Tomcat product offers a web service.

HTTP error pages may be customized. However, when the page content is provided by a static document instead of a servlet output, Tomcat allows to tamper with this source document.

An attacker can therefore trigger an HTTP error in Apache Tomcat, in order to corrupt the error page documents.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-7494

Samba: code execution

Synthesis of the vulnerability

An attacker can put a shared library into a folder exported with Samba, in order to make it run arbitrary machine code.
Impacted products: Debian, Fedora, HP-UX, Junos Space, openSUSE Leap, Solaris, RHEL, Samba, Slackware, Sonus SBC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 24/05/2017.
Revision date: 29/05/2017.
Identifiers: 1450347, bulletinapr2017, CERTFR-2017-AVI-165, CERTFR-2017-AVI-365, CVE-2017-7494, DLA-951-1, DSA-3860-1, FEDORA-2017-570c0071c4, FEDORA-2017-642a0eca75, FEDORA-2017-c729c6123c, HPESBUX03759, JSA10824, JSA10826, openSUSE-SU-2017:1401-1, openSUSE-SU-2017:1415-1, RHSA-2017:1270-01, RHSA-2017:1271-01, RHSA-2017:1272-01, RHSA-2017:1390-01, SSA:2017-144-01, SUSE-SU-2017:1391-1, SUSE-SU-2017:1392-1, SUSE-SU-2017:1393-1, USN-3296-1, VIGILANCE-VUL-22808.

Description of the vulnerability

An attacker can put a shared library into a folder exported with Samba, in order to make it run arbitrary machine code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Hewlett-Packard HP-UX: