The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM DB2 LUW

computer vulnerability alert CVE-2016-5995

IBM DB2: privilege escalation via Loading Libraries

Synthesis of the vulnerability

An attacker can load a malicious library during the execution of IBM DB2, in order to escalate his privileges.
Impacted products: DB2 UDB, Tivoli Storage Manager.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 16/09/2016.
Identifiers: 1610582, 1990061, 1998885, CVE-2016-5995, VIGILANCE-VUL-20626.

Description of the vulnerability

An attacker can load a malicious library during the execution of IBM DB2, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Impacted products: Avaya Ethernet Routing Switch, Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, Avamar, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeRADIUS, hMailServer, HPE BSM, LoadRunner, HP Operations, Performance Center, Real User Monitoring, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Informix Server, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, McAfee Email Gateway, ePO, Data ONTAP, Snap Creator Framework, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/08/2016.
Identifiers: 1610582, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1994375, 1995099, 1995922, 1998797, 1999054, 1999421, 2000209, 2000212, 2000370, 2000544, 2001608, 2002021, 2002335, 2002336, 2002479, 2002537, 2002870, 2002897, 2002991, 2003145, 2003480, 2003620, 2003673, 2004036, 2008828, 523628, 9010102, bulletinapr2017, c05349499, c05369403, c05369415, c05390849, CERTFR-2017-AVI-012, CERTFR-2019-AVI-049, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpujul2017, cpuoct2017, CVE-2016-2183, CVE-2016-6329, DSA-2018-124, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FG-IR-17-173, HPESBGN03697, HPESBGN03765, HPESBUX03725, HPSBGN03690, HPSBGN03694, HPSBHF03674, ibm10718843, java_jan2017_advisory, JSA10770, KM03060544, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2017:1638-1, openSUSE-SU-2018:0458-1, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, RHSA-2018:2123-01, SA133, SA40312, SB10171, SB10186, SB10197, SB10215, SOL13167034, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SSA:2016-363-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2017:1444-1, SUSE-SU-2017:2838-1, SUSE-SU-2017:3177-1, SWEET32, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3270-1, USN-3339-1, USN-3339-2, USN-3372-1, VIGILANCE-VUL-20473.

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-2182

OpenSSL: memory corruption via BN_bn2dec

Synthesis of the vulnerability

An attacker can generate a memory corruption via BN_bn2dec() of OpenSSL, in order to trigger a denial of service, and possibly to run code.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, Android OS, hMailServer, HP Switch, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, ePO, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/08/2016.
Identifiers: 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2000209, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2182, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, K01276005, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SA40312, SB10171, SB10215, SOL01276005, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20460.

Description of the vulnerability

The OpenSSL library works on large numbers to perform operations such are RSA.

The BN_bn2dec() function converts a large number to its decimal representation. However, a special number forces BN_div_word() to return a limit value, then data are written after the end of the memory area.

An attacker can therefore generate a memory corruption via BN_bn2dec() of OpenSSL, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-0263 CVE-2016-0361 CVE-2016-0392

IBM DB2: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM DB2.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 3.
Creation date: 28/07/2016.
Identifiers: 1986595, CVE-2016-0263, CVE-2016-0361, CVE-2016-0392, VIGILANCE-VUL-20243.

Description of the vulnerability

Several vulnerabilities were announced in IBM DB2.

An attacker can bypass security features via IBM General Parallel File System, in order to escalate his privileges or cause a denial of service. [severity:2/4; CVE-2016-0263]

An attacker can use a vulnerability via Setuid File Parameters, in order to run code. [severity:2/4; CVE-2016-0392]

An attacker can bypass security features via Spectrum Scale GUI, in order to escalate his privileges. [severity:2/4; CVE-2016-0361]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-2119

Samba: disabling signature

Synthesis of the vulnerability

An attacker can make a connection request with inconsistent fields related to user identity to Samba, in order to spoof user identity and so get its access rights.
Impacted products: Debian, Fedora, DB2 UDB, openSUSE, Solaris, RHEL, Samba, Slackware, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 07/07/2016.
Identifiers: 1994093, bulletinoct2016, CERTFR-2016-AVI-226, CVE-2016-2119, DLA-776-1, DSA-3740-1, FEDORA-2016-0acec022f4, FEDORA-2016-48b53757a9, openSUSE-SU-2016:1830-1, RHSA-2016:1486-01, RHSA-2016:1487-01, SSA:2016-189-01, USN-3092-1, VIGILANCE-VUL-20042.

Description of the vulnerability

The Samba product manages shared folders and printers. It can also act as a domain controller.

Recent versions of the protocol require client connection signing for client authentication. However, an attacker can submit a connection request as a standard user in some request fields and state that he is a guest in another field. The net result is that the signature requirement is disabled for this connection.

An attacker can therefore make a connection request with inconsistent fields related to user identity to Samba, in order to spoof user identity and so get its access rights.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-2542

Flexera InstallShield, JRSoft Inno Setup: code execution via DLL-planting

Synthesis of the vulnerability

An attacker can create a malicious DLL for Flexera InstallShield or JRSoft Inno Setup, in order to run code with administrator privileges.
Impacted products: NetWorker, FortiClient, DB2 UDB, Notes, Tivoli Storage Manager, WebSphere MQ, Notepad++, PuTTY, X2GoClient.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 09/05/2016.
Revisions dates: 02/06/2016, 06/07/2016.
Identifiers: 1610582, 1978168, 1978363, 1979808, 1980839, 1982467, 1982741, 1982809, 1983796, 1983797, 1983813, 1983814, 1983815, 1984184, 1984743, 1984863, 494999, CVE-2016-2542, ESA-2017-008, FG-IR-16-046, VIGILANCE-VUL-19558.

Description of the vulnerability

The products Flexera InstallShield and JRSoft Inno Setup are used to create installation program for software packages.

In some cases, the generated programs load extension modules the name and possible locations depend on the considered package. However, in some cases, the installer looks for these extension DLL in folders which are writeable by unprivileged users, while the installation program that loads and run this DLL is expected to be run by an administrator. A typical case of this is the download folder of a browser. One should note that these installers are expected to be run only a few times, so possibilities of exploit attempts are rare.

This bug has also been reported for other products in the bulletin VIGILANCE-VUL-18671.

An attacker can therefore create a malicious DLL for Flexera InstallShield or JRSoft Inno Setup, in order to run code with administrator privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-2177

OpenSSL: out-of-bounds memory reading

Synthesis of the vulnerability

An attacker can force a memory access at an invalid address in OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, ePO, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 09/06/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 1999724, 2000095, 2000209, 2000544, 2001805, 2002770, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2016, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2177, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03763, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, SA132, SA40312, SB10165, SB10215, SOL23873366, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3181-1, VIGILANCE-VUL-19855.

Description of the vulnerability

The source code of OpenSSL includes many loops where a pointer is used to go through a buffer.

The definition of the C language allows a pointer to be off by one byte after the buffer, but the behavior of any further access is undefined. Several end of loop tests follows the forme "pointer + current data length > end pointer" in such a way that these 2 expressions are not always defined according to the language specification. An attacker which can control dynamic memory allocations can trigger evaluation of undefined conditions and perhaps invalid memory access.

An attacker can therefore force a memory access at an invalid address in OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-0211

IBM DB2: denial of service via DRDA

Synthesis of the vulnerability

An attacker can send a malicious DRDA packet to IBM DB2, in order to trigger a denial of service.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 29/04/2016.
Identifiers: 1610582, 1979984, CVE-2016-0211, VIGILANCE-VUL-19484.

Description of the vulnerability

The IBM DB2 product has a service to manage received DRDA messages.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious DRDA packet to IBM DB2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-5370 CVE-2016-0128 CVE-2016-2110

Windows, Samba: code execution via Badlock

Synthesis of the vulnerability

An attacker can use the Badlock vulnerability of Windows or Samba, in order to run code.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, DB2 UDB, QRadar SIEM, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Data ONTAP, openSUSE, openSUSE Leap, Solaris, Pulse Connect Secure, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 23/03/2016.
Revision date: 12/04/2016.
Identifiers: 1986595, 1987766, 3148527, 9010080, bulletinjan2016, bulletinoct2016, c05162399, CVE-2015-5370, CVE-2016-0128, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, DLA-509-1, DSA-3548-1, DSA-3548-2, DSA-3548-3, FEDORA-2016-48b3761baa, FEDORA-2016-be53260726, HPSBUX03616, MS16-047, NTAP-20160412-0001, openSUSE-SU-2016:1025-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2016:0611-01, RHSA-2016:0612-01, RHSA-2016:0613-01, RHSA-2016:0618-01, RHSA-2016:0619-01, RHSA-2016:0620-01, RHSA-2016:0621-01, RHSA-2016:0623-01, RHSA-2016:0624-01, RHSA-2016:0625-01, SA122, SA40196, SOL37603172, SOL53313971, SSA:2016-106-02, SSRT110128, SUSE-SU-2016:1022-1, SUSE-SU-2016:1023-1, SUSE-SU-2016:1024-1, SUSE-SU-2016:1028-1, SUSE-SU-2016:1105-1, USN-2950-1, USN-2950-2, USN-2950-3, USN-2950-4, USN-2950-5, VIGILANCE-VUL-19207, VU#813296.

Description of the vulnerability

The Windows and Samba products implement authentication for CIFS.

However, several vulnerabilities in these implementations can be used by a Man-in-the-Middle, or to weaken the protocol.

An attacker can therefore use the Badlock vulnerability of Windows or Samba, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-7560 CVE-2016-0771

Samba: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, HP-UX, DB2 UDB, openSUSE, openSUSE Leap, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/03/2016.
Identifiers: 1986595, c05121842, CERTFR-2016-AVI-084, CVE-2015-7560, CVE-2016-0771, DSA-3514-1, FEDORA-2016-cad77a4576, FEDORA-2016-ed1587f6ba, HPSBUX03596, openSUSE-SU-2016:0813-1, openSUSE-SU-2016:0877-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2016:0448-01, RHSA-2016:0449-01, SSA:2016-068-02, SUSE-SU-2016:0814-1, SUSE-SU-2016:0816-1, SUSE-SU-2016:0837-1, SUSE-SU-2016:0905-1, USN-2922-1, VIGILANCE-VUL-19118.

Description of the vulnerability

Several vulnerabilities were announced in Samba.

An attacker can create a symbolic link, in order to alter ACLs. [severity:2/4; CVE-2015-7560]

An attacker can force a read at an invalid address with a DNS TXT record sent to the internal DNS server in AC DC mode, in order to trigger a denial of service. [severity:2/4; CVE-2016-0771]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM DB2 LUW: