| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Juniper Steel-Belted Radius
OpenSSL: use after free via PSK Identify Hint
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Impacted products: FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, McAfee Email Gateway, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1981612, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3196, DSA-3413-1, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, RHSA-2015:2617-01, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18437.
Description of the vulnerability
The OpenSSL library can be used by a multi-threaded client.
However, in this case, the SSL_CTX structure does not contain an updated PSK Identify Hint. OpenSSL can thus free twice the same memory area.
An attacker can therefore force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: information disclosure via X509_ATTRIBUTE
Synthesis of the vulnerability
An attacker can read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Impacted products: OpenOffice, Tomcat, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, MariaDB ~ precise, McAfee Email Gateway, MySQL Enterprise, Data ONTAP, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1985739, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, CERTFR-2016-AVI-128, cisco-sa-20151204-openssl, cpuapr2017, cpuoct2016, cpuoct2017, CVE-2015-3195, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10733, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2015:2349-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1327-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:2616-01, RHSA-2015:2617-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, SUSE-SU-2016:0678-1, USN-2830-1, VIGILANCE-VUL-18436.
Description of the vulnerability
The OpenSSL library supports the PKCS#7 and CMS formats.
However, if an X509_ATTRIBUTE structure is malformed, OpenSSL does not initialize a memory area before returning it to the user reading PKCS#7 or CMS data.
It can be noted that SSL/TLS is not impacted.
An attacker can therefore read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: NULL pointer dereference via Certificate Verification
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Impacted products: SES, SNS, Tomcat, Mac OS X, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, WebSphere MQ, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, MariaDB ~ precise, McAfee Email Gateway, MySQL Enterprise, Data ONTAP, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, Slackware, stunnel, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1985739, 1986593, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3194, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, HT209139, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:1327-1, RHSA-2015:2617-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, STORM-2015-017, USN-2830-1, VIGILANCE-VUL-18435.
Description of the vulnerability
The OpenSSL library can use the RSA PSS algorithm to check the validity of X.509 certificates.
However, if the "mask generation" parameter is missing during the verification of a signature in ASN.1 format, OpenSSL does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: disclosure of DH private key via BN_mod_exp
Synthesis of the vulnerability
An attacker, with a significant amount of resources, can attack the DH algorithm, in some OpenSSL usages, in order to compute the private key.
Impacted products: Tomcat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, HP Switch, IRAD, Tivoli Storage Manager, BIND, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, McAfee Email Gateway, Data ONTAP, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, Oracle Communications, Solaris, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, Slackware, stunnel, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 03/12/2015.
Identifiers: 1972951, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2018, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3193, FEDORA-2015-605de37b7f, HPESBHF03709, JSA10759, NTAP-20151207-0001, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18434.
Description of the vulnerability
The OpenSSL library uses the BN_mod_exp() function to perform a modular exponentiation on large numbers.
However, on an x86_64 processor, the BN_mod_exp() function can generate an incorrect result during the Montgomery Squaring procedure.
An attacker, with a significant amount of resources, can therefore attack the DH algorithm, in some OpenSSL usages, in order to compute the private key.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: four vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of OpenSSL.
Impacted products: ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Operations, HP Switch, HP-UX, AIX, DB2 UDB, IRAD, Security Directory Server, SPSS Modeler, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SBR, McAfee Email and Web Security, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP, Snap Creator Framework, SnapManager, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, Puppet, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/06/2015.
Identifiers: 1450666, 1610582, 1647054, 1961111, 1961569, 1964113, 1964766, 1966038, 1970103, 1972125, 9010038, 9010039, BSA-2015-006, bulletinjul2015, c04760669, c05184351, c05353965, CERTFR-2015-AVI-257, CERTFR-2015-AVI-431, CERTFR-2016-AVI-128, CERTFR-2016-AVI-303, cisco-sa-20150612-openssl, cpuapr2017, cpuoct2017, CTX216642, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, DSA-3287-1, FEDORA-2015-10047, FEDORA-2015-10108, FreeBSD-SA-15:10.openssl, HPSBGN03678, HPSBHF03613, HPSBUX03388, JSA10694, JSA10733, NetBSD-SA2015-008, NTAP-20150616-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0640-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1115-01, RHSA-2015:1197-01, SA40002, SA98, SB10122, SOL16898, SOL16913, SOL16915, SOL16938, SSA:2015-162-01, SSRT102180, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1181-1, SUSE-SU-2015:1181-2, SUSE-SU-2015:1182-2, SUSE-SU-2015:1183-1, SUSE-SU-2015:1183-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, TNS-2015-07, TSB16728, USN-2639-1, VIGILANCE-VUL-17117.
Description of the vulnerability
Several vulnerabilities were announced in OpenSSL.
An attacker can generate an infinite loop via ECParameters, in order to trigger a denial of service. [severity:2/4; CVE-2015-1788]
An attacker can force a read at an invalid address in X509_cmp_time(), in order to trigger a denial of service. [severity:2/4; CVE-2015-1789]
An attacker can force a NULL pointer to be dereferenced via EnvelopedContent, in order to trigger a denial of service. [severity:2/4; CVE-2015-1790]
An attacker can generate an infinite loop via CMS signedData, in order to trigger a denial of service. [severity:2/4; CVE-2015-1792]
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: use after free via NewSessionTicket
Synthesis of the vulnerability
An attacker, who own a malicious TLS server, can send the NewSessionTicket message, to force the usage of a freed memory area in a client linked to OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Impacted products: ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Operations, HP Switch, HP-UX, AIX, IRAD, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SBR, McAfee Email and Web Security, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP, Snap Creator Framework, SnapManager, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, Puppet, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet client.
Creation date: 04/06/2015.
Identifiers: 1961569, 1964113, 1970103, 2003480, 2003620, 2003673, 9010038, 9010039, bulletinjul2015, c04760669, c05184351, c05353965, CERTFR-2015-AVI-431, CERTFR-2016-AVI-128, CERTFR-2016-AVI-303, cisco-sa-20150612-openssl, cpuapr2017, cpuoct2016, cpuoct2017, CTX216642, CVE-2015-1791, DSA-3287-1, FEDORA-2015-10047, FEDORA-2015-10108, FreeBSD-SA-15:10.openssl, HPSBGN03678, HPSBHF03613, HPSBUX03388, JSA10694, JSA10733, NetBSD-SA2015-008, NTAP-20150616-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2016:0640-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1115-01, SA40002, SA98, SB10122, SOL16914, SSA:2015-162-01, SSRT102180, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1182-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, TSB16728, USN-2639-1, VIGILANCE-VUL-17062.
Description of the vulnerability
The TLS protocol uses the NewSessionTicket message to obtain a new session ticket (RFC 5077).
The ssl3_get_new_session_ticket() function of the ssl/s3_clnt.c file implements NewSessionTicket in an OpenSSL client. However, if the client is multi-threaded, this function frees a memory area before reusing it.
An attacker, who own a malicious TLS server, can therefore send the NewSessionTicket message, to force the usage of a freed memory area in a client linked to OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial) |
TLS: weakening Diffie-Hellman via Logjam
Synthesis of the vulnerability
An attacker, located as a Man-in-the-Middle, can force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Impacted products: Apache httpd, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Clearswift Email Gateway, Debian, Summit, Fedora, FileZilla Server, FreeBSD, HPE BSM, HPE NNMi, HP Operations, HP-UX, AIX, DB2 UDB, IRAD, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SBR, lighttpd, ePO, Firefox, NSS, MySQL Community, MySQL Enterprise, Data ONTAP, Snap Creator Framework, SnapManager, NetBSD, nginx, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Percona Server, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, Polycom VBP, Postfix, SSL protocol, Pulse Connect Secure, Puppet, RHEL, JBoss EAP by Red Hat, Sendmail, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 20/05/2015.
Revision date: 20/05/2015.
Identifiers: 1610582, 1647054, 1957980, 1958984, 1959033, 1959539, 1959745, 1960194, 1960418, 1960862, 1962398, 1962694, 1963151, 9010038, 9010039, 9010041, 9010044, BSA-2015-005, bulletinjan2016, bulletinjul2015, c04725401, c04760669, c04767175, c04770140, c04773119, c04773241, c04774058, c04778650, c04832246, c04918839, c04926789, CERTFR-2016-AVI-303, CTX216642, CVE-2015-4000, DLA-507-1, DSA-3287-1, DSA-3300-1, DSA-3688-1, FEDORA-2015-10047, FEDORA-2015-10108, FEDORA-2015-9048, FEDORA-2015-9130, FEDORA-2015-9161, FreeBSD-EN-15:08.sendmail, FreeBSD-SA-15:10.openssl, HPSBGN03399, HPSBGN03407, HPSBGN03411, HPSBGN03417, HPSBHF03433, HPSBMU03345, HPSBMU03401, HPSBUX03363, HPSBUX03388, HPSBUX03435, HPSBUX03512, JSA10681, Logjam, NetBSD-SA2015-008, NTAP-20150616-0001, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2015:1209-1, openSUSE-SU-2015:1216-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2016:0226-1, openSUSE-SU-2016:0255-1, openSUSE-SU-2016:0261-1, openSUSE-SU-2016:2267-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1072-01, RHSA-2015:1185-01, RHSA-2015:1197-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA111, SA40002, SA98, SB10122, SSA:2015-219-02, SSRT102180, SSRT102254, SSRT102964, SSRT102977, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1177-1, SUSE-SU-2015:1177-2, SUSE-SU-2015:1181-1, SUSE-SU-2015:1181-2, SUSE-SU-2015:1182-2, SUSE-SU-2015:1183-1, SUSE-SU-2015:1183-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, SUSE-SU-2015:1268-1, SUSE-SU-2015:1268-2, SUSE-SU-2015:1269-1, SUSE-SU-2015:1581-1, SUSE-SU-2016:0224-1, SUSE-SU-2018:1768-1, TSB16728, USN-2624-1, USN-2625-1, USN-2656-1, USN-2656-2, VIGILANCE-VUL-16950, VN-2015-007.
Description of the vulnerability
The Diffie-Hellman algorithm is used to exchange cryptographic keys. The DHE_EXPORT suite uses prime numbers smaller than 512 bits.
The Diffie-Hellman algorithm is used by TLS. However, during the negotiation, an attacker, located as a Man-in-the-Middle, can force TLS to use DHE_EXPORT (event if stronger suites are available).
This vulnerability can then be combined with VIGILANCE-VUL-16951.
An attacker, located as a Man-in-the-Middle, can therefore force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL 0.9/1.0.0/1.0.1: five vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of OpenSSL 0.9/1.0.0/1.0.1.
Impacted products: Arkoon FAST360, ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ASR, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS XE Cisco, Cisco IPS, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, WebNS, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, hMailServer, HP-UX, AIX, IRAD, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, McAfee Email Gateway, ePO, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Puppet, RHEL, JBoss EAP by Red Hat, Base SAS Software, SAS SAS/CONNECT, Slackware, Splunk Enterprise, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, Unix (platform) ~ not comprehensive, WinSCP.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 19/03/2015.
Identifiers: 1701334, 1902519, 1960491, 1964410, 1975397, 55767, 7043086, 9010031, ARUBA-PSA-2015-007, bulletinapr2015, c04679334, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-169, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, CERTFR-2016-AVI-303, cisco-sa-20150320-openssl, cisco-sa-20150408-ntpd, cpuapr2017, cpuoct2016, cpuoct2017, CTX216642, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, DSA-3197-1, DSA-3197-2, FEDORA-2015-4300, FEDORA-2015-4303, FG-IR-15-008, FreeBSD-SA-15:06.openssl, HPSBUX03334, JSA10680, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2015:0554-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, RHSA-2015:0715-01, RHSA-2015:0716-01, RHSA-2015:0752-01, RHSA-2015:0800-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, SA40001, SA92, SB10110, SOL16301, SOL16302, SOL16317, SOL16319, SOL16320, SOL16321, SOL16323, SPL-98351, SPL-98531, SSA:2015-111-09, SSRT102000, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, SUSE-SU-2016:0678-1, TNS-2015-04, USN-2537-1, VIGILANCE-VUL-16429.
Description of the vulnerability
Several vulnerabilities were announced in OpenSSL 0.9/1.0.0/1.0.1.
An attacker can force a read at an invalid address in ASN1_TYPE_cmp, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]
An attacker can generate a memory corruption in ASN.1, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0287]
An attacker can force a NULL pointer to be dereferenced in PKCS#7, in order to trigger a denial of service. [severity:2/4; CVE-2015-0289]
An attacker can generate a memory corruption with base64 data, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0292]
An attacker can generate an OPENSSL_assert, in order to trigger a denial of service. [severity:2/4; CVE-2015-0293]
Full Vigil@nce bulletin... (Free trial) |
OpenSSL 1.0.2: nine vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of OpenSSL 1.0.2.
Impacted products: ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Fedora, AIX, IRAD, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Junos Pulse, Juniper Network Connect, Juniper SBR, Data ONTAP, NetBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 19/03/2015.
Identifiers: 1701038, 1701334, 1902519, 1960491, 1964410, 1975397, 7043086, 9010031, CERTFR-2015-AVI-117, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, CERTFR-2016-AVI-303, cisco-sa-20150408-ntpd, cpuapr2017, cpuoct2016, cpuoct2017, CTX216642, CVE-2015-0207, CVE-2015-0208, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0293, CVE-2015-1787, FEDORA-2015-6855, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2016:0640-1, RHSA-2015:0800-01, SA92, SSA:2015-111-09, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, SUSE-SU-2016:0678-1, TSB16661, VIGILANCE-VUL-16428.
Description of the vulnerability
Several vulnerabilities were announced in OpenSSL 1.0.2.
An attacker can connect to a SSL server, and renegotiate with an invalid signature algorithm, to force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:3/4; CVE-2015-0291]
An attacker can force a NULL pointer to be dereferenced in the Multiblock feature, in order to trigger a denial of service. [severity:2/4; CVE-2015-0290]
An attacker can force a read at an invalid address in DTLSv1_listen, in order to trigger a denial of service. [severity:2/4; CVE-2015-0207]
An attacker can force a read at an invalid address in ASN1_TYPE_cmp, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]
An attacker can force a NULL pointer to be dereferenced with an invalid PSS parameter, in order to trigger a denial of service. [severity:2/4; CVE-2015-0208]
An attacker can generate a memory corruption in ASN.1, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0287]
An attacker can force a NULL pointer to be dereferenced in PKCS#7, in order to trigger a denial of service. [severity:2/4; CVE-2015-0289]
An attacker can generate an OPENSSL_assert, in order to trigger a denial of service. [severity:2/4; CVE-2015-0293]
An attacker can use DHE and a zero lenght ClientKeyExchange message, in order to trigger a denial of service. [severity:2/4; CVE-2015-1787]
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: predictable random via ssl3_client_hello
Synthesis of the vulnerability
An attacker can potentially guess the random used by the TLS client of OpenSSL, in order to read sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, IRAD, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, Oracle Communications, Base SAS Software, SAS SAS/CONNECT.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 18/03/2015.
Identifiers: 1701334, 55767, 9010031, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-259, cpuoct2017, CVE-2015-0285, FG-IR-15-008, JSA10680, NTAP-20150323-0002, SA40001, VIGILANCE-VUL-16410.
Description of the vulnerability
The OpenSSL library implements a TLS client.
Usually, a PRNG random generator is seeded by the TLS client. However, the ssl3_client_hello() function does not seed the PRNG in some cases (if a specific version of the protocol was not requested, and an algorithm such as PSK-RC4-SHA is chosen).
An attacker can therefore potentially guess the random used by the TLS client of OpenSSL, in order to read sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
|