The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM System x Server

computer vulnerability note CVE-2018-9068

System x: information disclosure via IMM2 FFDC

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via IMM2 FFDC of System x, in order to obtain sensitive information.
Impacted products: IBM System x Server.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 27/07/2018.
Identifiers: CVE-2018-9068, LEN-20227, VIGILANCE-VUL-26859.

Description of the vulnerability

An attacker can bypass access restrictions to data via IMM2 FFDC of System x, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3768

IBM System x Server: denial of service via IMM2

Synthesis of the vulnerability

An attacker can generate a fatal error via IMM2 of IBM System x Server, in order to trigger a denial of service.
Impacted products: IBM System x Server.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 29/01/2018.
Identifiers: CVE-2017-3768, LEN-14450, VIGILANCE-VUL-25171.

Description of the vulnerability

An attacker can generate a fatal error via IMM2 of IBM System x Server, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3744

IBM System x Server: information disclosure via IMM2 FFDC Logs

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via IMM2 FFDC Logs of IBM System x Server, in order to obtain sensitive information.
Impacted products: IBM System x Server.
Severity: 1/4.
Consequences: data reading.
Provenance: physical access.
Creation date: 20/06/2017.
Identifiers: CVE-2017-3744, LEN-14054, VIGILANCE-VUL-23037.

Description of the vulnerability

An attacker can bypass access restrictions to data via IMM2 FFDC Logs of IBM System x Server, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-8615 CVE-2016-8616 CVE-2016-8617

Curl: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Curl.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, curl, Debian, BIG-IP Hardware, TMOS, Fedora, IBM System x Server, Tivoli Workload Scheduler, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Shibboleth SP, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 11.
Creation date: 02/11/2016.
Identifiers: 2001818, 2009692, bulletinapr2018, cpuoct2018, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, DLA-711-1, DSA-3705-1, FEDORA-2016-e8e8cdb4ed, HT207423, JSA10874, K01006862, K10196624, K26899353, K44503763, K46123931, K52828640, MIGR-5099570, openSUSE-SU-2016:2768-1, RHSA-2018:3558-01, SSA:2016-308-01, STORM-2019-002, SUSE-SU-2016:2699-1, SUSE-SU-2016:2714-1, USN-3123-1, VIGILANCE-VUL-20989.

Description of the vulnerability

Several vulnerabilities were announced in Curl.

An attacker can bypass access restrictions via Cookie Injection, in order to read or alter data. [severity:2/4; CVE-2016-8615]

An attacker can bypass security features via Case Insensitive Password Comparison, in order to escalate his privileges. [severity:2/4; CVE-2016-8616]

An attacker can generate a memory corruption via Multiplication, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8617]

An attacker can force the usage of a freed memory area via curl_maprintf(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8618]

An attacker can force the usage of a freed memory area via krb5, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8619]

An attacker can generate a buffer overflow via Glob Parser, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8620]

An attacker can force a read at an invalid address via Curl_getdate, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-8621]

An attacker can generate an integer overflow via URL Unescape, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8622]

An attacker can force the usage of a freed memory area via Shared Cookies, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8623]

An attacker can bypass security features via URL Parsing, in order to obtain sensitive information. [severity:2/4; CVE-2016-8624]

An attacker can bypass security features via IDNA 2003, in order to obtain sensitive information. [severity:2/4; CVE-2016-8625]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-6515

OpenSSH: denial of service via crypt

Synthesis of the vulnerability

An attacker can send a long password, which is hashed by crypt() via OpenSSH, in order to trigger a denial of service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Brocade vTM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, IBM System x Server, Junos Space, McAfee Email Gateway, Data ONTAP, OpenSSH, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 01/08/2016.
Identifiers: BSA-2016-204, BSA-2016-207, BSA-2016-210, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2017-247, CERTFR-2017-AVI-012, CVE-2016-6515, DLA-1500-1, DLA-1500-2, DLA-594-1, FEDORA-2016-4a3debc3a6, FreeBSD-SA-17:06.openssh, JSA10770, K31510510, MIGR-5099595, MIGR-5099597, NTAP-20171130-0003, openSUSE-SU-2016:2339-1, RHSA-2017:2029-01, SA136, SOL31510510, SSA-181018, USN-3061-1, VIGILANCE-VUL-20279.

Description of the vulnerability

The OpenSSH product uses the crypt() function to hash passwords provided by users.

However, if the sent password is too long, the crypt() function consumes numerous resources.

An attacker can therefore send a long password, which is hashed by crypt() via OpenSSH, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-2105 CVE-2016-2106 CVE-2016-2107

OpenSSL: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Tomcat, Mac OS X, StormShield, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, Android OS, HP Operations, HP Switch, AIX, IRAD, QRadar SIEM, IBM System x Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee NSM, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, pfSense, Pulse Connect Secure, Puppet, Python, RHEL, JBoss EAP by Red Hat, SAS Management Console, Shibboleth SP, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, VxWorks, X2GoClient.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 03/05/2016.
Identifiers: 1982949, 1985850, 1987779, 1993215, 1995099, 1998797, 2003480, 2003620, 2003673, 510853, 9010083, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-151, CERTFR-2016-AVI-153, CERTFR-2018-AVI-160, cisco-sa-20160504-openssl, cpuapr2017, cpujan2018, cpujul2016, cpujul2017, cpujul2018, cpuoct2016, cpuoct2017, cpuoct2018, CTX212736, CTX233832, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, DLA-456-1, DSA-3566-1, ESA-2017-142, FEDORA-2016-05c567df1a, FEDORA-2016-1e39d934ed, FEDORA-2016-e1234b65a2, FG-IR-16-026, FreeBSD-SA-16:17.openssl, HPESBGN03728, HPESBHF03756, HT206903, JSA10759, K23230229, K36488941, K51920288, K75152412, K93600123, MBGSA-1603, MIGR-5099595, MIGR-5099597, NTAP-20160504-0001, openSUSE-SU-2016:1237-1, openSUSE-SU-2016:1238-1, openSUSE-SU-2016:1239-1, openSUSE-SU-2016:1240-1, openSUSE-SU-2016:1241-1, openSUSE-SU-2016:1242-1, openSUSE-SU-2016:1243-1, openSUSE-SU-2016:1273-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:0487-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2016:0722-01, RHSA-2016:0996-01, RHSA-2016:1137-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, RHSA-2016:2073-01, SA123, SA40202, SB10160, SOL23230229, SOL36488941, SOL51920288, SOL75152412, SP-CAAAPPQ, SPL-119440, SPL-121159, SPL-123095, SSA:2016-124-01, STORM-2016-002, SUSE-SU-2016:1206-1, SUSE-SU-2016:1228-1, SUSE-SU-2016:1231-1, SUSE-SU-2016:1233-1, SUSE-SU-2016:1267-1, SUSE-SU-2016:1290-1, SUSE-SU-2016:1360-1, SUSE-SU-2018:0112-1, TNS-2016-10, USN-2959-1, VIGILANCE-VUL-19512, VN-2016-006, VN-2016-007.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. This vulnerability was initially fixed in versions 1.0.1o and 1.0.2c, but it was not disclosed at that time. [severity:3/4; CVE-2016-2108]

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. [severity:3/4; CVE-2016-2107]

An attacker can generate a buffer overflow in EVP_EncodeUpdate(), which is mainly used by command line applications, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2105]

An attacker can generate a buffer overflow in EVP_EncryptUpdate(), which is difficult to reach, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2106]

An attacker can trigger an excessive memory usage in d2i_CMS_bio(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2109]

An attacker can force a read at an invalid address in applications using X509_NAME_oneline(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-2176]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-5185

sblim-sfcb: NULL pointer dereference via lookupProviders

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in lookupProviders of sblim-sfcb, in order to trigger a denial of service.
Impacted products: Fedora, IBM System x Server, openSUSE.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/09/2015.
Identifiers: CVE-2015-5185, FEDORA-2015-14197, FEDORA-2015-14199, FEDORA-2015-14200, MIGR-5099487, MIGR-5099488, openSUSE-SU-2015:1571-1, VIGILANCE-VUL-17929.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced in lookupProviders of sblim-sfcb, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-8710

libxml2: unreachable memory reading via Comment

Synthesis of the vulnerability

An attacker can use a partial comment, to force a read at an invalid address in libxml2, in order to trigger a denial of service.
Impacted products: Brocade Network Advisor, Brocade vTM, BIG-IP Hardware, TMOS, IBM System x Server, libxml, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/04/2015.
Identifiers: 1980816, 746048, BSA-2016-004, CVE-2015-8710, K45439210, MIGR-5099487, MIGR-5099488, openSUSE-SU-2016:0188-1, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, USN-2875-1, VIGILANCE-VUL-16651.

Description of the vulnerability

An XML document can contain a comment starting with "<!-- " and ending with "-->".

However, if a comment does not end, libxml2 tries to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore use a partial comment, to force a read at an invalid address in libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-7041

pam_userdb: brute force facilitated by strncasecmp

Synthesis of the vulnerability

An attacker can more easily use a brute force attack against pam_userdb, in order to access to the account of a user.
Impacted products: Fedora, IBM System x Server, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 09/12/2013.
Identifiers: 731368, CVE-2013-7041, FEDORA-2014-16350, USN-2935-1, USN-2935-2, USN-2935-3, VIGILANCE-VUL-13888.

Description of the vulnerability

The PAM pam_userdb module is used to authenticate a user from a Berkeley database.

This module computes the hash of a user's password, and then compares it with the one stored in the database. If these hashes are equal, user is authenticated.

However, the comparison is performed with no case checking, with the strncasecmp() function. The "abc" and "aBc" hashes are thus considered as equal, which means that several passwords are accepted as valid.

An attacker can therefore more easily use a brute force attack against pam_userdb, in order to access to the account of a user.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.