The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Juniper SBR

computer vulnerability alert CVE-2018-1000613

Bouncy Castle Java Cryptography Extension: vulnerability via XMSS Private Keys Deserialization

Synthesis of the vulnerability

A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Impacted products: Bouncy Castle JCE, Fedora, Juniper SBR, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Tuxedo, WebLogic.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 02/07/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000613, FEDORA-2018-e6894349c9, JSA10939, openSUSE-SU-2018:2131-1, openSUSE-SU-2018:2180-1, VIGILANCE-VUL-26596.

Description of the vulnerability

A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1000180

Bouncy Castle: vulnerability via RSA Digital Signature Prime Generation

Synthesis of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Impacted products: Bouncy Castle JCE, Debian, Fedora, Juniper SBR, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Tuxedo, WebLogic, JBoss EAP by Red Hat.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 06/06/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000180, DSA-4233-1, FEDORA-2018-ceced55c5e, FEDORA-2018-da9fe79871, JSA10939, openSUSE-SU-2018:2820-1, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:2669-01, VIGILANCE-VUL-26323.

Description of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2080

Eclipse Jetty: information disclosure

Synthesis of the vulnerability

A local attacker can read a memory fragment of Eclipse Jetty, in order to obtain sensitive information.
Impacted products: Juniper SBR, Snap Creator Framework.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 12/04/2018.
Identifiers: CVE-2015-2080, JSA10849, NTAP-20190307-0005, VIGILANCE-VUL-25851.

Description of the vulnerability

A local attacker can read a memory fragment of Eclipse Jetty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5382

Bouncy Castle: information disclosure via BKS-V1

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via BKS-V1 of Bouncy Castle, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, Juniper SBR.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 19/03/2018.
Identifiers: CERTFR-2019-AVI-325, CVE-2018-5382, JSA10939, VIGILANCE-VUL-25597, VU#306792.

Description of the vulnerability

An attacker can bypass access restrictions to data via BKS-V1 of Bouncy Castle, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000340

Bouncy Castle: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Bouncy Castle.
Impacted products: Bouncy Castle JCE, Debian, Juniper SBR, openSUSE Leap, Ubuntu.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 22/12/2016.
Identifiers: CERTFR-2019-AVI-325, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, DLA-1418-1, JSA10939, openSUSE-SU-2018:1689-1, RHSA-2018:2669-01, USN-3727-1, VIGILANCE-VUL-21455.

Description of the vulnerability

Several vulnerabilities were announced in Bouncy Castle.

An attacker can tamper with DSA/ECDSA signed data, without failure of the signature check. [severity:3/4; CVE-2016-1000338, CVE-2016-1000342]

A local attacker can measure the AES implementation speed, in order to get information about the secret key. [severity:1/4; CVE-2016-1000339]

The ECDH implementation of arithmetic for large integers includes carry propagation bugs. [severity:1/4; CVE-2016-1000340]

An attacker can time a DSA signature in order to get information about the private key. [severity:1/4; CVE-2016-1000341]

The default size of DSA keys is too small. [severity:1/4; CVE-2016-1000343]

The ECIES and DHIES algorithm accept the ECB mode. [severity:1/4; CVE-2016-1000344, CVE-2016-1000352]

An attacker can time decryption of blindly modified ciphertext, in order to get information about the corresponding plain text. [severity:1/4; CVE-2016-1000345]

An attacker can make use invalid DH public keys, in order to get information about the related private keys. [severity:1/4; CVE-2016-1000346]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1951

NSPR: buffer overflow via GrowStuff

Synthesis of the vulnerability

An attacker can generate a buffer overflow in GrowStuff of NSPR, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Juniper SBR, NSPR, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 13/06/2016.
Identifiers: 1174015, CERTFR-2019-AVI-325, CVE-2016-1951, DLA-513-1, DSA-3687-1, JSA10939, USN-3023-1, USN-3028-1, VIGILANCE-VUL-19876.

Description of the vulnerability

The NSPR library provides functions for memory management.

The routine GrowStuff reallocates a buffer. However, on 32 bits platform, an arithmetic overflow may occur, which leads to a buffer overflow because the actually allocated size is too small.

An attacker can therefore generate a buffer overflow in GrowStuff of NSPR, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-1938

Mozilla NSS: invalid result of mp_div/mp_exptmod

Synthesis of the vulnerability

An attacker can use an error of NSS mp_div and mp_exptmod, in order to bypass some security feature.
Impacted products: Debian, Juniper SBR, NSS, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 27/01/2016.
Identifiers: CERTFR-2019-AVI-325, CVE-2016-1938, DLA-480-1, DSA-3688-1, JSA10939, MFSA-2016-07, openSUSE-SU-2016:0306-1, openSUSE-SU-2016:0309-1, SUSE-SU-2016:0334-1, SUSE-SU-2016:0338-1, USN-2903-1, USN-2903-2, VIGILANCE-VUL-18824.

Description of the vulnerability

The Mozilla NSS library provides Multi-Precision computation functions:
 - mp_div : division
 - mp_exptmod : modular exponentiation
They are used by public key algorithms.

However, these functions are incorrectly implemented, and sometimes generate invalid results.

An attacker can therefore use an error of NSS mp_div and mp_exptmod, in order to bypass some security feature.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3196

OpenSSL: use after free via PSK Identify Hint

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Impacted products: FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, McAfee Email Gateway, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1981612, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3196, DSA-3413-1, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, RHSA-2015:2617-01, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18437.

Description of the vulnerability

The OpenSSL library can be used by a multi-threaded client.

However, in this case, the SSL_CTX structure does not contain an updated PSK Identify Hint. OpenSSL can thus free twice the same memory area.

An attacker can therefore force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-3195

OpenSSL: information disclosure via X509_ATTRIBUTE

Synthesis of the vulnerability

An attacker can read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Impacted products: OpenOffice, Tomcat, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, MariaDB ~ precise, McAfee Email Gateway, MySQL Enterprise, Data ONTAP, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1985739, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, CERTFR-2016-AVI-128, cisco-sa-20151204-openssl, cpuapr2017, cpuoct2016, cpuoct2017, CVE-2015-3195, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10733, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2015:2349-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1327-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:2616-01, RHSA-2015:2617-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, SUSE-SU-2016:0678-1, USN-2830-1, VIGILANCE-VUL-18436.

Description of the vulnerability

The OpenSSL library supports the PKCS#7 and CMS formats.

However, if an X509_ATTRIBUTE structure is malformed, OpenSSL does not initialize a memory area before returning it to the user reading PKCS#7 or CMS data.

It can be noted that SSL/TLS is not impacted.

An attacker can therefore read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-3194

OpenSSL: NULL pointer dereference via Certificate Verification

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Impacted products: SES, SNS, Tomcat, Mac OS X, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, MariaDB ~ precise, McAfee Email Gateway, MySQL Enterprise, Data ONTAP, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, Slackware, stunnel, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1985739, 1986593, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3194, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, HT209139, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:1327-1, RHSA-2015:2617-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, STORM-2015-017, USN-2830-1, VIGILANCE-VUL-18435.

Description of the vulnerability

The OpenSSL library can use the RSA PSS algorithm to check the validity of X.509 certificates.

However, if the "mask generation" parameter is missing during the verification of a signature in ASN.1 format, OpenSSL does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.