The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Kubernetes

computer vulnerability CVE-2017-13704 CVE-2017-14491 CVE-2017-14492

Dnsmasq: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Dnsmasq.
Impacted products: ArubaOS, Debian, Dnsmasq, Fedora, Android OS, Kubernetes, openSUSE Leap, pfSense, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 02/10/2017.
Identifiers: ARUBA-PSA-2017-005, CERTFR-2017-AVI-329, CVE-2017-13704, CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, DLA-1124-1, DSA-3989-1, FEDORA-2017-24f067299e, FEDORA-2017-515264ae24, openSUSE-SU-2017:2633-1, OSSN/OSSN-0082, RHSA-2017:2836-01, RHSA-2017:2837-01, RHSA-2017:2838-01, RHSA-2017:2839-01, RHSA-2017:2840-01, RHSA-2017:2841-01, SSA:2017-275-01, SUSE-SU-2017:2616-1, SUSE-SU-2017:2617-1, SUSE-SU-2017:2619-1, Synology-SA-17:59, USN-3430-1, USN-3430-2, USN-3430-3, VIGILANCE-VUL-24005, VU#973527.

Description of the vulnerability

An attacker can use several vulnerabilities of Dnsmasq.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-1000117

Git: code execution via ssh

Synthesis of the vulnerability

An attacker can use a vulnerability via ssh of Git, in order to run code.
Impacted products: Debian, Fedora, Kubernetes, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 11/08/2017.
Identifiers: bulletinjul2017, CVE-2017-1000117, DLA-1068-1, DSA-3934-1, FEDORA-2017-8ba7572cfd, FEDORA-2017-b1b3ae6666, openSUSE-SU-2017:2182-1, openSUSE-SU-2017:2331-1, RHSA-2017:2484-01, RHSA-2017:2485-01, RHSA-2017:2491-01, SSA:2017-223-01, SUSE-SU-2017:2225-1, SUSE-SU-2017:2320-1, Synology-SA-17:41, USN-3387-1, VIGILANCE-VUL-23503.

Description of the vulnerability

An attacker can use a vulnerability via ssh of Git, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-1000366

glibc: privilege escalation via Setuid Stack

Synthesis of the vulnerability

An attacker can bypass restrictions via Setuid Stack of glibc, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, Kubernetes, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 20/06/2017.
Revision date: 29/06/2017.
Identifiers: CERTFR-2017-AVI-238, CERTFR-2017-AVI-365, CVE-2017-1000366, DLA-992-1, DSA-3887-1, FEDORA-2017-698daef73c, FEDORA-2017-79414fefa1, FEDORA-2017-d80ab96e61, JSA10824, JSA10826, JSA10917, K20486351, openSUSE-SU-2017:1629-1, RHSA-2017:1479-01, RHSA-2017:1480-01, RHSA-2017:1481-01, SB10205, SSA:2017-181-01, SUSE-SU-2017:1611-1, SUSE-SU-2017:1614-1, SUSE-SU-2017:1619-1, SUSE-SU-2017:1621-1, Synology-SA-17:22, USN-3323-1, USN-3323-2, VIGILANCE-VUL-23005.

Description of the vulnerability

An attacker can bypass restrictions via Setuid Stack of glibc, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-7507

GnuTLS: denial of service via TLS

Synthesis of the vulnerability

An attacker can send malicious TLS packets to GnuTLS, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Kubernetes, openSUSE Leap, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: document.
Creation date: 12/06/2017.
Identifiers: bulletinjul2017, CVE-2017-7507, DSA-3884-1, FEDORA-2017-7936341c80, FEDORA-2017-f0d48eabe6, FEDORA-2017-f646217583, openSUSE-SU-2017:1875-1, RHSA-2017:2292-01, USN-3318-1, VIGILANCE-VUL-22944.

Description of the vulnerability

An attacker can send malicious TLS packets to GnuTLS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-6512

Perl File-Path: permission tampering

Synthesis of the vulnerability

A local attacker can create a symbolic link, in order to change the access rights assigned to the pointed file, with the privileges of the process using the Perl module File::Path.
Impacted products: Debian, Fedora, Kubernetes, OpenBSD, openSUSE Leap, Solaris, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user shell.
Creation date: 06/06/2017.
Identifiers: bulletinjan2019, CVE-2017-6512, DLA-978-1, DSA-3873-1, FEDORA-2017-212f07c853, FEDORA-2017-4e981a51e6, FEDORA-2017-dd42592f9a, openSUSE-SU-2017:3101-1, USN-3625-1, USN-3625-2, VIGILANCE-VUL-22899.

Description of the vulnerability

A local attacker can create a symbolic link, in order to change the access rights assigned to the pointed file, with the privileges of the process using the Perl module File::Path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-8270 CVE-2015-8271 CVE-2015-8272

rtmpdump: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of rtmpdump.
Impacted products: Debian, Kubernetes, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 26/04/2017.
Identifiers: CVE-2015-8270, CVE-2015-8271, CVE-2015-8272, DLA-917-1, DSA-3850-1, USN-3283-1, USN-3283-2, VIGILANCE-VUL-22555.

Description of the vulnerability

Several vulnerabilities were announced in rtmpdump.

An attacker can trigger a fatal error via AMF3ReadString, in order to trigger a denial of service. [severity:2/4; CVE-2015-8270]

An attacker can use a vulnerability via AMF3_Decode(), in order to run code. [severity:2/4; CVE-2015-8271]

An attacker can trigger a fatal error via rtmpsrv, in order to trigger a denial of service. [severity:2/4; CVE-2015-8272]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-1000056

Kubernetes: privilege escalation via PodSecurityPolicy

Synthesis of the vulnerability

An attacker can bypass restrictions via PodSecurityPolicy of Kubernetes, in order to escalate his privileges.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: privileged access/rights, data reading, data creation/edition.
Provenance: user account.
Creation date: 22/03/2017.
Identifiers: CVE-2017-1000056, VIGILANCE-VUL-22210.

Description of the vulnerability

An attacker can bypass restrictions via PodSecurityPolicy of Kubernetes, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-2616

util-linux: denial of service via su PAM SIGKILL

Synthesis of the vulnerability

An attacker can generate a fatal error via su PAM SIGKILL of util-linux, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Kubernetes, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 23/02/2017.
Identifiers: CVE-2017-2616, DLA-838-1, DSA-3793-1, DSA-3793-2, FEDORA-2017-20710607f5, FEDORA-2017-b11b460865, openSUSE-SU-2017:0589-1, openSUSE-SU-2017:0590-1, RHSA-2017:0654-01, RHSA-2017:0907-01, SUSE-SU-2017:0553-1, SUSE-SU-2017:0554-1, SUSE-SU-2017:0555-1, SUSE-SU-2018:0866-1, USN-3276-1, USN-3276-2, VIGILANCE-VUL-21951.

Description of the vulnerability

An attacker can generate a fatal error via su PAM SIGKILL of util-linux, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-9962

Docker Engine: privilege escalation via file descriptors

Synthesis of the vulnerability

An attacker, inside a guest system, can use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Impacted products: Docker CE, Fedora, Kubernetes, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 11/01/2017.
Identifiers: CVE-2016-9962, FEDORA-2017-0200646669, FEDORA-2017-20cdb2063a, FEDORA-2017-c2c2d1be16, FEDORA-2017-dbc2b618eb, FEDORA-2017-fcd02e2c2d, openSUSE-SU-2017:1966-1, RHSA-2017:0116-01, RHSA-2017:0123-01, RHSA-2017:0127-01, SUSE-SU-2019:0573-1, SUSE-SU-2019:1264-1, VIGILANCE-VUL-21551.

Description of the vulnerability

The Docker Engine product offers cross container debugging support.

However, file descriptors inherited by new processes are not filtered, so an attacker can access files opened by a process in another container.

An attacker, inside a guest system, can therefore use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-9840 CVE-2016-9841 CVE-2016-9842

zlib: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of zlib.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, AIX, DB2 UDB, Domino, MQSeries, Notes, Security Directory Server, SPSS Statistics, Kubernetes, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, Oracle OIT, Solaris, Percona Server, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, zlib.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 05/12/2016.
Identifiers: 1997877, 2001520, 2003212, 2004735, 2005160, 2005255, 2006014, 2006017, 2007242, 2010282, 2011648, 2014202, APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinapr2017, bulletinoct2018, CERTFR-2018-AVI-288, cpujul2018, cpuoct2017, cpuoct2018, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, DLA-1725-1, FEDORA-2018-242f6c1a41, FEDORA-2018-55b875c1ac, HT208144, ibm10718843, openSUSE-SU-2016:3202-1, openSUSE-SU-2017:0077-1, openSUSE-SU-2017:0080-1, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, openSUSE-SU-2018:3478-1, openSUSE-SU-2019:0327-1, RHSA-2017:1220-01, RHSA-2017:1221-01, RHSA-2017:1222-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, SSA:2018-309-01, SUSE-SU-2017:1384-1, SUSE-SU-2017:1386-1, SUSE-SU-2017:1387-1, SUSE-SU-2017:1444-1, SUSE-SU-2017:2989-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:3542-1, SUSE-SU-2018:3972-1, SUSE-SU-2018:4211-1, SUSE-SU-2019:0119-1, SUSE-SU-2019:0555-1, TNS-2018-08, VIGILANCE-VUL-21262.

Description of the vulnerability

Several vulnerabilities were announced in zlib.

An attacker can generate a memory corruption via Deflate External Linkage, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

A pointer error may have a consequence. [severity:1/4]

An attacker can force a read at an invalid address via inftrees.c, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9840, CVE-2016-9841]

A negative number shift is undefined. [severity:1/4; CVE-2016-9842]

An attacker can force a read at an invalid address via Big-endian Pointer, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9843]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Kubernetes: