The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Juniper Junos Space Route Insight

computer vulnerability CVE-2015-5600

OpenSSH: bypassing MaxAuthTries via KbdInteractiveDevices

Synthesis of the vulnerability

An attacker can bypass the MaxAuthTries directive of OpenSSH, in order to perform a brute force attack.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee NSP, McAfee Web Gateway, Data ONTAP 7-Mode, OpenSSH, Oracle Communications, Solaris, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 20/07/2015.
Identifiers: 9010048, bulletinoct2015, CERTFR-2015-AVI-431, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cpujul2018, CVE-2015-5600, DLA-1500-1, DLA-1500-2, FEDORA-2015-11981, FEDORA-2015-13469, FreeBSD-SA-15:16.openssh, JSA10697, JSA10774, JSA10840, K17113, NTAP-20151106-0001, RHSA-2015:2088-06, RHSA-2016:0466-01, SB10157, SB10164, SOL17113, SUSE-SU-2015:1581-1, SYMSA1337, USN-2710-1, USN-2710-2, VIGILANCE-VUL-17455.

Description of the vulnerability

The OpenSSH server uses the MaxAuthTries configuration directive to define the maximal number of authentication trials during a session.

The OpenSSH client uses the KbdInteractiveDevices option to define the list of authentication methods.

However, if the client uses "KbdInteractiveDevices=pam,pam,pam,etc.", the number of MaxAuthTries is multiplied. The limit thus becomes LoginGraceTime (10 minutes by default).

An attacker can therefore bypass the MaxAuthTries directive of OpenSSH, in order to perform a brute force attack.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-2582 CVE-2015-2611 CVE-2015-2617

Oracle MySQL: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle MySQL were announced in July 2015.
Impacted products: Debian, Fedora, Junos Space, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, Solaris, Percona Server, RHEL, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 18.
Creation date: 15/07/2015.
Identifiers: bulletinapr2016, bulletinapr2017, bulletinjul2016, CERTFR-2015-AVI-304, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, cpujul2015, CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772, DSA-3308-1, FEDORA-2015-12544, FEDORA-2015-12570, FEDORA-2015-13482, JSA10698, openSUSE-SU-2015:1629-1, RHSA-2015:1628-01, RHSA-2015:1629-01, RHSA-2015:1630-01, RHSA-2015:1646-01, RHSA-2015:1647-01, RHSA-2015:1665-01, USN-2674-1, VIGILANCE-VUL-17375.

Description of the vulnerability

Several vulnerabilities were announced in Oracle MySQL.

An attacker can use a vulnerability of Server : Partition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-2617]

An attacker can use a vulnerability of Server : DML, in order to trigger a denial of service. [severity:2/4; CVE-2015-2648]

An attacker can use a vulnerability of Server : DML, in order to trigger a denial of service. [severity:2/4; CVE-2015-2611]

An attacker can use a vulnerability of Server : GIS, in order to trigger a denial of service. [severity:2/4; CVE-2015-2582]

An attacker can use a vulnerability of Server : I_S, in order to trigger a denial of service. [severity:2/4; CVE-2015-4752]

An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-4756]

An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-2643]

An attacker can use a vulnerability of Server : Partition, in order to trigger a denial of service. [severity:2/4; CVE-2015-4772]

An attacker can use a vulnerability of Server : Memcached, in order to trigger a denial of service. [severity:2/4; CVE-2015-4761]

An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-4757]

An attacker can use a vulnerability of Server : Pluggable Auth, in order to obtain information. [severity:2/4; CVE-2015-4737]

An attacker can use a vulnerability of Server : RBR, in order to trigger a denial of service. [severity:2/4; CVE-2015-4771]

An attacker can use a vulnerability of Server : Security : Firewall, in order to trigger a denial of service. [severity:2/4; CVE-2015-4769]

An attacker can use a vulnerability of Server : Security : Firewall, in order to alter information. [severity:2/4; CVE-2015-2639]

An attacker can use a vulnerability of Server : Security : Privileges, in order to obtain information. [severity:2/4; CVE-2015-2620]

An attacker can use a vulnerability of Server : Security : Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2015-2641]

An attacker can use a vulnerability of Client, in order to trigger a denial of service. [severity:1/4; CVE-2015-2661]

An attacker can use a vulnerability of Server : Security : Firewall, in order to trigger a denial of service. [severity:1/4; CVE-2015-4767]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2590 CVE-2015-2596 CVE-2015-2597

Oracle Java: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Java were announced in July 2015.
Impacted products: DCFM Enterprise, FabricOS, Brocade Network Advisor, Brocade vTM, Debian, Avamar, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, Domino, Notes, IRAD, SPSS Data Collection, SPSS Modeler, SPSS Statistics, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, ePO, SnapManager, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 25.
Creation date: 15/07/2015.
Identifiers: 1963330, 1963331, 1963812, 1964236, 1966040, 1966536, 1967222, 1967498, 1967893, 1968485, 1972455, 206954, 9010041, 9010044, BSA-2016-002, CERTFR-2015-ALE-007, CERTFR-2015-AVI-305, CERTFR-2016-AVI-128, cpujul2015, CVE-2015-2590, CVE-2015-2596, CVE-2015-2597, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760, DSA-3316-1, DSA-3339-1, ESA-2015-134, FEDORA-2015-11859, FEDORA-2015-11860, JSA10727, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1288-1, openSUSE-SU-2015:1289-1, RHSA-2015:1228-01, RHSA-2015:1229-01, RHSA-2015:1230-01, RHSA-2015:1241-01, RHSA-2015:1242-01, RHSA-2015:1243-01, RHSA-2015:1485-01, RHSA-2015:1486-01, RHSA-2015:1488-01, RHSA-2015:1526-01, RHSA-2015:1544-01, SB10139, SOL17079, SOL17169, SOL17170, SOL17171, SOL17173, SUSE-SU-2015:1319-1, SUSE-SU-2015:1320-1, SUSE-SU-2015:1329-1, SUSE-SU-2015:1331-1, SUSE-SU-2015:1345-1, SUSE-SU-2015:1375-1, SUSE-SU-2015:1509-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2192-1, USN-2696-1, USN-2706-1, VIGILANCE-VUL-17371.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-17558). [severity:3/4; CVE-2015-4760]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2628]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4731]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2590]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4732]

An attacker can use a vulnerability of RMI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4733]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2638]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4736]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4748]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2597]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2664]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2632]

An attacker can use a vulnerability of JCE, in order to obtain information. [severity:2/4; CVE-2015-2601]

An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-18168). [severity:2/4; CVE-2015-2613]

An attacker can use a vulnerability of JMX, in order to obtain information. [severity:2/4; CVE-2015-2621]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2015-2659]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2015-2619]

An attacker can bypass security features in 2D, in order to obtain sensitive information. [severity:2/4; CVE-2015-2637]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-2596]

An attacker can use a vulnerability of JNDI, in order to trigger a denial of service. [severity:2/4; CVE-2015-4749]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2015-4729]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-4000]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; CVE-2015-2808]

An attacker can use a vulnerability of Install, in order to obtain information. [severity:1/4; CVE-2015-2627]

An attacker can use a vulnerability of JSSE, in order to obtain information. [severity:1/4; CVE-2015-2625]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-5364 CVE-2015-5366

Linux kernel: denial of service via UDP

Synthesis of the vulnerability

An attacker can flood a Linux host with UDP packet with wrong checksum, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Android OS, Junos Space, Linux, openSUSE, Palo Alto Firewall PA***, PAN-OS, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/07/2015.
Identifiers: CERTFR-2015-AVI-311, CERTFR-2015-AVI-318, CERTFR-2015-AVI-331, CERTFR-2015-AVI-352, CERTFR-2015-AVI-357, CERTFR-2015-AVI-391, CERTFR-2017-AVI-012, CVE-2015-5364, CVE-2015-5366, DSA-3313-1, DSA-3329-1, JSA10770, K17307, K17309, openSUSE-SU-2015:1382-1, openSUSE-SU-2016:0301-1, PAN-SA-2016-0025, RHSA-2015:1623-01, RHSA-2015:1778-01, RHSA-2015:1787-01, RHSA-2015:1788-01, RHSA-2016:0045-01, RHSA-2016:1096-01, RHSA-2016:1100-01, RHSA-2016:1225-01, SOL17307, SOL17309, SUSE-SU-2015:1224-1, SUSE-SU-2015:1324-1, SUSE-SU-2015:1478-1, SUSE-SU-2015:1592-1, SUSE-SU-2015:1611-1, USN-2678-1, USN-2680-1, USN-2681-1, USN-2682-1, USN-2683-1, USN-2684-1, USN-2685-1, USN-2713-1, USN-2714-1, VIGILANCE-VUL-17284.

Description of the vulnerability

UDP packets carry a checksum to check whether the packet has been corrupted in transit.

However, the check occurs quite late in the packet processing process. So, when the incoming packet rate is hight, the kernel spends too much time handling packet queue and other internal data structures, which prevent resuming the user processes.

An attacker can therefore flood a Linux host with UDP packet with wrong checksum, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3209

QEMU, Xen: privilege escalation via the PCNET emulation

Synthesis of the vulnerability

An attacker can trigger a buffer overflow in the heap of the QEMU's driver for PCNET cards, in order to escalate his privileges in the host system.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, openSUSE, oVirt, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user console.
Creation date: 11/06/2015.
Identifiers: CERTFR-2015-AVI-252, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, CVE-2015-3209, DSA-3284-1, DSA-3285-1, DSA-3286-1, FEDORA-2015-10001, FEDORA-2015-13402, FEDORA-2015-13404, FEDORA-2015-9965, FEDORA-2015-9978, JSA10698, openSUSE-SU-2015:1092-1, openSUSE-SU-2015:1094-1, RHSA-2015:1087-01, RHSA-2015:1088-01, RHSA-2015:1089-01, RHSA-2015:1189-01, SOL63519101, SUSE-SU-2015:1042-1, SUSE-SU-2015:1045-1, SUSE-SU-2015:1152-1, SUSE-SU-2015:1156-1, SUSE-SU-2015:1157-1, SUSE-SU-2015:1206-1, SUSE-SU-2015:1426-1, SUSE-SU-2015:1519-1, USN-2630-1, VIGILANCE-VUL-17107, XSA-135.

Description of the vulnerability

The Xen product uses QEMU to provide hardware emulation of virtual machines.

QEMU includes a driver for the Ethernet device PCNET. This driver allows frame chaining. However, this function allows the guest kernel to trigger a buffer overflow in the qemu process' heap. It can then overwrite a function pointer in the data structure that describes the frame to be sent, and so run arbitrary code in the host system with the qemu privileges, typically the administration privileges.

An attacker can therefore trigger a buffer overflow in the heap of the QEMU's driver for PCNET cards, in order to escalate his privileges in the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-1159

CUPS: Cross Site Scripting of templating engine

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in the templating engine of CUPS, in order to execute JavaScript code in the context of the web site.
Impacted products: Debian, Fedora, Junos Space, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 10/06/2015.
Identifiers: CERTFR-2015-AVI-431, CVE-2015-1159, DSA-3283-1, FEDORA-2015-9726, FEDORA-2015-9801, JSA10702, openSUSE-SU-2015:1056-1, RHSA-2015:1123-01, SUSE-SU-2015:1041-1, SUSE-SU-2015:1044-1, SUSE-SU-2015:1044-2, USN-2629-1, VIGILANCE-VUL-17100, VU#810572.

Description of the vulnerability

The CUPS product offers a web interface for monitoring and print jobs submission.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in the templating engine of CUPS, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-1158

CUPS: privilege escalation via the dynamic linker

Synthesis of the vulnerability

An attacker can bypass access restrictions to administrative functions of CUPS, in order to escalate his privileges.
Impacted products: CUPS, Debian, Fedora, Junos Space, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 08/06/2015.
Revision date: 09/06/2015.
Identifiers: 4609, CERTFR-2015-AVI-431, CVE-2015-1158, DSA-3283-1, FEDORA-2015-9726, FEDORA-2015-9801, JSA10702, openSUSE-SU-2015:1056-1, RHSA-2015:1123-01, SSA:2015-188-01, SUSE-SU-2015:1011-1, SUSE-SU-2015:1041-1, SUSE-SU-2015:1044-1, SUSE-SU-2015:1044-2, USN-2629-1, VIGILANCE-VUL-17079, VU#810572.

Description of the vulnerability

CUPS us a printing management system for Unix platforms.

It includes a Web interface, used for instance to submit print jobs. However, ill formed requests with more than one "nameWithLanguage" attributes lead to the ability to override a configuration file. This allows the attacker to modify the environment of launched programs with SetEnv commands, and so, via LD_PRELOAD variables, to make launched programs load and run external code compiled as shared object.

An attacker can therefore bypass access restrictions to administrative functions of CUPS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0112 CVE-2014-3569 CVE-2014-7809

Oracle MySQL: several vulnerabilities of April 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle MySQL were announced in April 2015.
Impacted products: Debian, Junos Space, MySQL Community, MySQL Enterprise, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Percona Server, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 26.
Creation date: 15/04/2015.
Identifiers: bulletinapr2016, bulletinapr2017, bulletinoct2015, CERTFR-2015-AVI-173, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, cpuapr2015, cpuoct2016, CVE-2014-0112, CVE-2014-3569, CVE-2014-7809, CVE-2015-0405, CVE-2015-0423, CVE-2015-0433, CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0498, CVE-2015-0499, CVE-2015-0500, CVE-2015-0501, CVE-2015-0503, CVE-2015-0505, CVE-2015-0506, CVE-2015-0507, CVE-2015-0508, CVE-2015-0511, CVE-2015-2566, CVE-2015-2567, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2575, CVE-2015-2576, DLA-526-1, DSA-3229-1, DSA-3311-1, DSA-3621-1, JSA10698, MDVSA-2015:227, openSUSE-SU-2015:0967-1, openSUSE-SU-2015:1216-1, openSUSE-SU-2016:2304-1, RHSA-2015:1628-01, RHSA-2015:1629-01, RHSA-2015:1647-01, RHSA-2015:1665-01, SSA:2015-132-01, SSA:2015-132-02, SUSE-SU-2015:0946-1, SUSE-SU-2015:1273-1, USN-2575-1, VIGILANCE-VUL-16614.

Description of the vulnerability

Several vulnerabilities were announced in Oracle MySQL.

An attacker can use a vulnerability of Service Manager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0112]

An attacker can use a vulnerability of Service Manager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-7809]

An attacker can use a vulnerability of Server : Compiling, in order to trigger a denial of service. [severity:2/4; CVE-2015-0501]

An attacker can use a vulnerability of Server : Security : Encryption, in order to trigger a denial of service. [severity:2/4; CVE-2014-3569]

An attacker can use a vulnerability of Server : Security : Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2015-2568]

An attacker can use a vulnerability of Connector/J, in order to obtain or alter information. [severity:2/4; CVE-2015-2575]

An attacker can use a vulnerability of Server : DDL, in order to trigger a denial of service. [severity:2/4; CVE-2015-2573]

An attacker can use a vulnerability of Server : Information Schema, in order to trigger a denial of service. [severity:2/4; CVE-2015-0500]

An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-0439]

An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-0508]

An attacker can use a vulnerability of Server : InnoDB : DML, in order to trigger a denial of service. [severity:2/4; CVE-2015-0433]

An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-0423]

An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-2571]

An attacker can use a vulnerability of Server : Partition, in order to trigger a denial of service. [severity:2/4; CVE-2015-0438]

An attacker can use a vulnerability of Server : Partition, in order to trigger a denial of service. [severity:2/4; CVE-2015-0503]

An attacker can use a vulnerability of Server : Security : Encryption, in order to trigger a denial of service. [severity:2/4; CVE-2015-0441]

An attacker can use a vulnerability of Server : XA, in order to trigger a denial of service. [severity:2/4; CVE-2015-0405]

An attacker can use a vulnerability of Server : DDL, in order to trigger a denial of service. [severity:2/4; CVE-2015-0505]

An attacker can use a vulnerability of Server : Federated, in order to trigger a denial of service. [severity:2/4; CVE-2015-0499]

An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-0506]

An attacker can use a vulnerability of Server : Memcached, in order to trigger a denial of service. [severity:2/4; CVE-2015-0507]

An attacker can use a vulnerability of Server : Security : Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2015-2567]

An attacker can use a vulnerability of Server : DML, in order to trigger a denial of service. [severity:1/4; CVE-2015-2566]

An attacker can use a vulnerability of Server : SP, in order to trigger a denial of service. [severity:2/4; CVE-2015-0511]

An attacker can use a vulnerability of Installation, in order to alter information. [severity:1/4; CVE-2015-2576]

An attacker can use a vulnerability of Server : Replication, in order to trigger a denial of service. [severity:1/4; CVE-2015-0498]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-0286 CVE-2015-0287 CVE-2015-0289

OpenSSL 0.9/1.0.0/1.0.1: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 0.9/1.0.0/1.0.1.
Impacted products: Arkoon FAST360, ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ASR, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS XE Cisco, Cisco IPS, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, WebNS, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, hMailServer, HP-UX, AIX, IRAD, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, McAfee Email Gateway, ePO, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, Data ONTAP 7-Mode, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Puppet, RHEL, JBoss EAP by Red Hat, Base SAS Software, SAS SAS/CONNECT, Slackware, Splunk Enterprise, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, Unix (platform) ~ not comprehensive, WinSCP.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 19/03/2015.
Identifiers: 1701334, 1902519, 1960491, 1964410, 1975397, 55767, 7043086, 9010031, ARUBA-PSA-2015-007, bulletinapr2015, c04679334, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-169, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, CERTFR-2016-AVI-303, cisco-sa-20150320-openssl, cisco-sa-20150408-ntpd, cpuapr2017, cpuoct2016, cpuoct2017, CTX216642, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, DSA-3197-1, DSA-3197-2, FEDORA-2015-4300, FEDORA-2015-4303, FG-IR-15-008, FreeBSD-SA-15:06.openssl, HPSBUX03334, JSA10680, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2015:0554-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, RHSA-2015:0715-01, RHSA-2015:0716-01, RHSA-2015:0752-01, RHSA-2015:0800-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, SA40001, SA92, SB10110, SOL16301, SOL16302, SOL16317, SOL16319, SOL16320, SOL16321, SOL16323, SPL-98351, SPL-98531, SSA:2015-111-09, SSRT102000, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, SUSE-SU-2016:0678-1, TNS-2015-04, USN-2537-1, VIGILANCE-VUL-16429.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 0.9/1.0.0/1.0.1.

An attacker can force a read at an invalid address in ASN1_TYPE_cmp, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can generate a memory corruption in ASN.1, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0287]

An attacker can force a NULL pointer to be dereferenced in PKCS#7, in order to trigger a denial of service. [severity:2/4; CVE-2015-0289]

An attacker can generate a memory corruption with base64 data, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0292]

An attacker can generate an OPENSSL_assert, in order to trigger a denial of service. [severity:2/4; CVE-2015-0293]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-0285

OpenSSL: predictable random via ssl3_client_hello

Synthesis of the vulnerability

An attacker can potentially guess the random used by the TLS client of OpenSSL, in order to read sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, IRAD, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, Data ONTAP 7-Mode, NetScreen Firewall, ScreenOS, OpenSSL, Oracle Communications, Base SAS Software, SAS SAS/CONNECT.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 18/03/2015.
Identifiers: 1701334, 55767, 9010031, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-259, cpuoct2017, CVE-2015-0285, FG-IR-15-008, JSA10680, NTAP-20150323-0002, SA40001, VIGILANCE-VUL-16410.

Description of the vulnerability

The OpenSSL library implements a TLS client.

Usually, a PRNG random generator is seeded by the TLS client. However, the ssl3_client_hello() function does not seed the PRNG in some cases (if a specific version of the protocol was not requested, and an algorithm such as PSK-RC4-SHA is chosen).

An attacker can therefore potentially guess the random used by the TLS client of OpenSSL, in order to read sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Juniper Junos Space Route Insight: