The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Hewlett-Packard Switch

computer weakness note CVE-2013-0149

OSPF: corrupting the routing database

Synthesis of the vulnerability

An attacker can spoof OSPF messages, in order to corrupt the routing database.
Severity: 3/4.
Creation date: 02/08/2013.
Revisions dates: 01/08/2014, 14/02/2017.
Identifiers: BID-61566, c03880910, CERTA-2013-AVI-458, CERTA-2013-AVI-487, CERTA-2013-AVI-508, cisco-sa-20130801-lsaospf, CQ95773, CSCug34469, CSCug34485, CSCug39762, CSCug39795, CSCug63304, CVE-2013-0149, HPSBHF02912, JSA10575, JSA10580, JSA10582, PR 878639, PR 895456, sk94490, SUSE-SU-2014:0879-1, VIGILANCE-VUL-13192, VU#229804.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The RFC 2328 defines the OSPF protocol (Open Shortest Path First) which established IP routes, using LSA (Link State Advertisement) messages.

The LSA Type 1 Update (LSU, Link-State Update) message is used to update the routing database. However, the RFC does not request to check the "Link State ID" and "Advertising Router" fields of LSU messages. Several implementations (Cisco, Juniper, etc.) therefore do not perform this check.

An attacker can thus spoof a LSU message if he knows:
 - the IP address of the target router
 - LSA DB sequence numbers
 - the router ID of the OSPF Designated Router

An attacker can therefore spoof OSPF messages, in order to corrupt the routing database.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2016-7426 CVE-2016-7427 CVE-2016-7428

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 21/11/2016.
Identifiers: 2009389, bulletinoct2016, CERTFR-2017-AVI-090, cisco-sa-20161123-ntpd, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312, FEDORA-2016-7209ab4e02, FEDORA-2016-c198d15316, FEDORA-2016-e8a8561ee7, FreeBSD-SA-16:39.ntp, HPESBHF03883, HPESBUX03706, HPESBUX03885, JSA10776, JSA10796, K51444934, K55405388, K87922456, MBGSA-1605, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2016:3280-1, pfSense-SA-17_03.webgui, RHSA-2017:0252-01, SA139, SSA:2016-326-01, TALOS-2016-0130, TALOS-2016-0131, TALOS-2016-0203, TALOS-2016-0204, USN-3349-1, VIGILANCE-VUL-21170, VU#633847.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can force an assertion error, in order to trigger a denial of service. [severity:2/4; CVE-2016-9311, TALOS-2016-0204]

An attacker can bypass security features via Mode 6, in order to obtain sensitive information. [severity:2/4; CVE-2016-9310, TALOS-2016-0203]

An attacker can trigger a fatal error via Broadcast Mode Replay, in order to trigger a denial of service. [severity:2/4; CVE-2016-7427, TALOS-2016-0131]

An attacker can trigger a fatal error via Broadcast Mode Poll Interval, in order to trigger a denial of service. [severity:2/4; CVE-2016-7428, TALOS-2016-0130]

An attacker can send malicious UDP packets, in order to trigger a denial of service on Windows. [severity:2/4; CVE-2016-9312]

An unknown vulnerability was announced via Zero Origin Timestamp. [severity:2/4; CVE-2016-7431]

An attacker can force a NULL pointer to be dereferenced via _IO_str_init_static_internal(), in order to trigger a denial of service. [severity:2/4; CVE-2016-7434]

An unknown vulnerability was announced via Interface selection. [severity:2/4; CVE-2016-7429]

An attacker can trigger a fatal error via Client Rate Limiting, in order to trigger a denial of service. [severity:2/4; CVE-2016-7426]

An unknown vulnerability was announced via Reboot Sync. [severity:2/4; CVE-2016-7433]
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2016-8610

OpenSSL: denial of service via SSL3_AL_WARNING

Synthesis of the vulnerability

An attacker can send SSL3_AL_WARNING packets to an SSLv3 application linked to OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 24/10/2016.
Identifiers: 1996096, 2000095, 2003480, 2003620, 2003673, 2004940, 2009389, bulletinoct2016, cpujul2019, CVE-2016-8610, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FreeBSD-SA-16:35.openssl, HPESBHF03897, JSA10808, JSA10809, JSA10810, JSA10811, JSA10813, JSA10814, JSA10816, JSA10817, JSA10818, JSA10820, JSA10821, JSA10822, JSA10825, openSUSE-SU-2017:0386-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2018:4104-1, PAN-SA-2017-0017, pfSense-SA-17_03.webgui, RHSA-2017:0286-01, RHSA-2017:0574-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA40886, SP-CAAAPUE, SPL-129207, SUSE-SU-2017:0304-1, SUSE-SU-2017:0348-1, SUSE-SU-2018:0112-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3964-1, SUSE-SU-2018:3994-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:1553-1, USN-3181-1, USN-3183-1, USN-3183-2, VIGILANCE-VUL-20941.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL product implements the SSL version 3 protocol.

The SSL3_AL_WARNING message is used to send an alert of level Warning. However, when these packets are received during the handshake, the library consumes 100% of CPU.

An attacker can therefore send SSL3_AL_WARNING packets to an SSLv3 application linked to OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2016-5195

Linux kernel: privilege escalation via Copy On Write, Dirty COW

Synthesis of the vulnerability

A local attacker can generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 20/10/2016.
Identifiers: 1384344, 494072, c05341463, CERTFR-2016-AVI-353, CERTFR-2016-AVI-356, CERTFR-2016-AVI-357, CERTFR-2016-AVI-370, CERTFR-2017-AVI-001, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20161026-linux, cpujul2018, CVE-2016-5195, Dirty COW, DLA-670-1, DSA-3696-1, ESA-2016-170, FEDORA-2016-c3558808cd, FEDORA-2016-db4b75b352, HPESBGN03742, HPSBHF03682, JSA10770, JSA10774, K10558632, openSUSE-SU-2016:2583-1, openSUSE-SU-2016:2584-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:2649-1, PAN-SA-2017-0003, PAN-SA-2017-0013, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2016:2098-01, RHSA-2016:2105-01, RHSA-2016:2106-01, RHSA-2016:2110-01, RHSA-2016:2118-01, RHSA-2016:2120-01, RHSA-2016:2124-01, RHSA-2016:2126-01, RHSA-2016:2127-01, RHSA-2016:2128-01, RHSA-2016:2132-01, RHSA-2016:2133-01, RHSA-2018:0180-01, SB10177, SB10178, SSA:2016-305-01, STORM-2016-006, SUSE-SU-2016:2585-1, SUSE-SU-2016:2592-1, SUSE-SU-2016:2593-1, SUSE-SU-2016:2596-1, SUSE-SU-2016:2614-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, USN-3104-1, USN-3104-2, USN-3105-1, USN-3105-2, USN-3106-1, USN-3106-2, USN-3106-3, USN-3106-4, USN-3107-1, USN-3107-2, VIGILANCE-VUL-20923, VU#243144.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Linux kernel supports the Copy On Write operation, which is used to copy memory only when it is modified.

However, a local attacker can manipulate the memory, so the COW operation writes in Read Only memory.

A local attacker can therefore generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2016-7052

OpenSSL 1.0.2i: NULL pointer dereference via CRL

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 26/09/2016.
Identifiers: 1996096, 2000095, 2000209, 2003480, 2003620, 2003673, 2008828, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-7052, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FreeBSD-SA-16:27.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2496-1, openSUSE-SU-2018:0458-1, SA132, SB10171, SP-CAAAPUE, SPL-129207, SSA:2016-270-01, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, VIGILANCE-VUL-20701.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL version 1.0.2i product fixed a bug in CRL management.

However, this fix does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-6309

OpenSSL 1.1.0a: use after free via TLS

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via TLS on an application linked to OpenSSL 1.1.0a, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 26/09/2016.
Identifiers: 1996096, 2000095, 2000209, 2003480, 2003620, 2003673, 2008828, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, CVE-2016-6309, HPESBHF03856, JSA10759, SA132, TNS-2016-16, VIGILANCE-VUL-20700.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL version 1.1.0a product fixed the CVE-2016-6307 vulnerability.

However, the reception of a TLS message of 16kb frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via TLS on an application linked to OpenSSL 1.1.0a, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2016-6302 CVE-2016-6303 CVE-2016-6304

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 22/09/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2000209, 2000544, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2017, bulletinjul2016, bulletinoct2016, CERTFR-2016-AVI-320, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, HT207423, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2016:2802-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA132, SA40312, SB10171, SB10215, SOL54211024, SOL90492697, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, STORM-2016-005, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20678.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can create a memory over consumption via an OCSP request, in order to trigger a denial of service. [severity:3/4; CVE-2016-6304]

An attacker can make a process block itself via SSL_peek, in order to trigger a denial of service. [severity:2/4; CVE-2016-6305]

An attacker can generate a buffer overflow via MDC2_Update, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-6303]

An attacker can generate a read only buffer overflow, in order to trigger a denial of service. [severity:1/4; CVE-2016-6302]

An attacker can generate a read only buffer overflow via the parsing of an X.509 certificate, in order to trigger a denial of service. [severity:1/4; CVE-2016-6306]

An attacker can make the server allocates a large amount of memory to process TLS packets. [severity:1/4; CVE-2016-6307]

An attacker can make the server allocates a large amount of memory to process DTLS packets. [severity:1/4; CVE-2016-6308]
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/08/2016.
Identifiers: 1610582, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1994375, 1995099, 1995922, 1998797, 1999054, 1999421, 2000209, 2000212, 2000370, 2000544, 2001608, 2002021, 2002335, 2002336, 2002479, 2002537, 2002870, 2002897, 2002991, 2003145, 2003480, 2003620, 2003673, 2004036, 2008828, 523628, 9010102, bulletinapr2017, c05349499, c05369403, c05369415, c05390849, CERTFR-2017-AVI-012, CERTFR-2019-AVI-049, CERTFR-2019-AVI-311, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-2183, CVE-2016-6329, DSA-2018-124, DSA-2019-131, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FG-IR-17-173, HPESBGN03697, HPESBGN03765, HPESBUX03725, HPSBGN03690, HPSBGN03694, HPSBHF03674, ibm10718843, java_jan2017_advisory, JSA10770, KM03060544, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2017:1638-1, openSUSE-SU-2018:0458-1, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, RHSA-2018:2123-01, SA133, SA40312, SB10171, SB10186, SB10197, SB10215, SOL13167034, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SSA:2016-363-01, SSA-556833, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2017:1444-1, SUSE-SU-2017:2838-1, SUSE-SU-2017:3177-1, SWEET32, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3270-1, USN-3339-1, USN-3339-2, USN-3372-1, VIGILANCE-VUL-20473.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2016-2182

OpenSSL: memory corruption via BN_bn2dec

Synthesis of the vulnerability

An attacker can generate a memory corruption via BN_bn2dec() of OpenSSL, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 24/08/2016.
Identifiers: 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2000209, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2182, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, K01276005, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SA40312, SB10171, SB10215, SOL01276005, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20460.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL library works on large numbers to perform operations such are RSA.

The BN_bn2dec() function converts a large number to its decimal representation. However, a special number forces BN_div_word() to return a limit value, then data are written after the end of the memory area.

An attacker can therefore generate a memory corruption via BN_bn2dec() of OpenSSL, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2016-2179

OpenSSL: denial of service via DTLS Reassembly

Synthesis of the vulnerability

An attacker can send DTLS packets in the wrong order with missing packets to an application compiled with OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 24/08/2016.
Identifiers: 1996096, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2003480, 2003620, 2003673, bulletinapr2017, bulletinjul2016, bulletinjul2018, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2179, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SB10215, SOL23512141, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20457.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL library implements DTLS (Datagram Transport Layer Security, for example on UDP).

DTLS packets can be in the wrong order. OpenSSL has to keep them in memory, in order to reassemble them. However, in two cases, message queues are not cleared.

An attacker can therefore send DTLS packets in the wrong order with missing packets to an application compiled with OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Hewlett-Packard Switch: