The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Mandriva Business Server

computer vulnerability note CVE-2015-2304

libarchive: directory traversal via cpio

Synthesis of the vulnerability

An attacker can invite the victim to extract a cpio archive with an application linked to libarchive, in order to create a file with victim's privileges.
Impacted products: FreeBSD, MBS, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 01/06/2016.
Identifiers: CVE-2015-2304, FreeBSD-SA-16:22.libarchive, MDVSA-2015:157, openSUSE-SU-2015:0568-1, openSUSE-SU-2016:3002-1, openSUSE-SU-2016:3005-1, SUSE-SU-2016:1939-1, USN-2549-1, VIGILANCE-VUL-19749.

Description of the vulnerability

The libarchive library is used by tools such as tar and cpio to extract files.

However, absolute file names handled by the cpio support of libarchive can be used to create a file outside the current directory.

An attacker can therefore invite the victim to extract a cpio archive with an application linked to libarchive, in order to create a file with victim's privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-9293 CVE-2014-9294 CVE-2014-9295

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, CheckPoint Power-1 Appliance, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco CUCM, Cisco Unified CCX, Clearswift Email Gateway, Debian, Black Diamond, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, HP-UX, AIX, Juniper J-Series, Junos OS, Junos Space, NSMXpress, MBS, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, Oracle Communications, Solaris, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 19/12/2014.
Revision date: 17/02/2016.
Identifiers: c04554677, c04574882, c04916783, CERTFR-2014-AVI-537, CERTFR-2014-AVI-538, CERTFR-2016-AVI-148, cisco-sa-20141222-ntpd, cpuoct2016, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, DSA-3108-1, FEDORA-2014-17361, FEDORA-2014-17367, FEDORA-2014-17395, FreeBSD-SA-14:31.ntp, HPSBHF03432, HPSBPV03266, HPSBUX03240, JSA10663, MBGSA-1405, MDVSA-2015:003, MDVSA-2015:140, NetBSD-SA2015-003, openSUSE-SU-2014:1670-1, openSUSE-SU-2014:1680-1, RHSA-2014:2024-01, RHSA-2014:2025-01, RHSA-2015:0104-01, sk103825, SOL15933, SOL15934, SOL15935, SOL15936, SSA:2014-356-01, SSA-671683, SSRT101872, SUSE-SU-2014:1686-1, SUSE-SU-2014:1686-2, SUSE-SU-2014:1686-3, SUSE-SU-2014:1690-1, SUSE-SU-2015:0259-1, SUSE-SU-2015:0259-2, SUSE-SU-2015:0259-3, SUSE-SU-2015:0274-1, SUSE-SU-2015:0322-1, USN-2449-1, VIGILANCE-VUL-15867, VN-2014-005, VU#852879.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can predict the default key generated by config_auth(), in order to bypass the authentication. [severity:2/4; CVE-2014-9293]

An attacker can predict the key generated by ntp-keygen, in order to decrypt sessions. [severity:2/4; CVE-2014-9294]

An attacker can generate a buffer overflow in crypto_recv(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can generate a buffer overflow in ctl_putdata(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can generate a buffer overflow in configure(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9295]

An attacker can trigger an error in receive(), which is not detected. [severity:1/4; CVE-2014-9296]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2013-2099

Python: denial of service via X.509 certificate with names including wildcards

Synthesis of the vulnerability

An attacker who controls an SSL server can use a certificate with many wildcards in the name, in order to trigger a denial of service against clients programmed in Python.
Impacted products: Debian, Fedora, MBS, openSUSE, RHEL.
Severity: 2/4.
Creation date: 12/02/2016.
Identifiers: 963260, CVE-2013-2099, DLA-1107-1, FEDORA-2013-12396, FEDORA-2013-12414, FEDORA-2013-12421, FEDORA-2013-13140, FEDORA-2013-13213, FEDORA-2013-13216, FEDORA-2013-8694, FEDORA-2013-8737, FEDORA-2013-9620, FEDORA-2013-9628, FEDORA-2014-16390, FEDORA-2014-16477, FEDORA-2016-50abc3e885, FEDORA-2016-52b294538d, MDVSA-2013:229, openSUSE-SU-2014:1070-1, RHSA-2014:1263-01, RHSA-2014:1690-01, RHSA-2015:0042-01, RHSA-2016:1166-01, VIGILANCE-VUL-18936.

Description of the vulnerability

The base library of Python includes an SSL implementation.

The SSL client side must check that the name from the X.509 certificate matches the name provided by the application. Servers in a subdomain may share a certificate if the name follows the pattern "*.domain". However, when the name from the certificate contains many wilcards "*", the library uses a great computing power. The concerned function ssl.match_hostname() likely converts the name into a regex pattern which is evaluated with backtracking. So a mismatch will be recognized only after many different attempts to match the wildcards.

An attacker who controls an SSL server can therefore use a certificate with many wildcards in the name, in order to trigger a denial of service against clients programmed in Python.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2013-1881

librsvg: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to librsvg, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: MBS, MES, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 20/10/2015.
Identifiers: CVE-2013-1881, MDVSA-2014:009, openSUSE-SU-2013:1786-1, RHSA-2014:0127-01, SUSE-SU-2015:1785-1, USN-2149-1, USN-2149-2, VIGILANCE-VUL-18141.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the librsvg parser allows external entities.

An attacker can therefore transmit malicious XML data to librsvg, in order to read a file, scan sites, or trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-0219 CVE-2015-0220 CVE-2015-0221

Django: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Django.
Impacted products: Debian, Fedora, MBS, openSUSE, Ubuntu.
Severity: 2/4.
Creation date: 22/09/2015.
Identifiers: CVE-2015-0219, CVE-2015-0220, CVE-2015-0221, CVE-2015-0222, DSA-3151-1, FEDORA-2015-0714, FEDORA-2015-0790, FEDORA-2015-0804, MDVSA-2015:036, MDVSA-2015:109, openSUSE-SU-2015:0643-1, openSUSE-SU-2015:1598-1, USN-2469-1, USN-2469-2, VIGILANCE-VUL-17951.

Description of the vulnerability

Several vulnerabilities were announced in Django.

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-0219]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2015-0220]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:1/4; CVE-2015-0221]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:1/4; CVE-2015-0222]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2014-9645

BusyBox: bypass of modprobe filter

Synthesis of the vulnerability

A privileged attacker can add path separator to module names, in order to make modprobe of BusyBox load forbidden modules.
Impacted products: Debian, MBS, openSUSE.
Severity: 1/4.
Creation date: 18/06/2015.
Identifiers: 914660, CVE-2014-9645, DLA-1445-1, DLA-1445-2, DLA-1445-3, MDVSA-2015:031, openSUSE-SU-2015:1083-1, VIGILANCE-VUL-17169.

Description of the vulnerability

The BusyBox product includes an implementation of many Unix system tools, including modprobe for kernel module loading.

Modprobe allows to black-list modules by names. However, the BusyBox implementation of modprobe does not suitably handles the path separatopr "/".

A privileged attacker can therefore add path separator to module names, in order to make modprobe of BusyBox load forbidden modules.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-0202 CVE-2015-0248 CVE-2015-0251

Apache Subversion: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Subversion.
Impacted products: Subversion, Debian, Fedora, MBS, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 31/03/2015.
Revision date: 12/06/2015.
Identifiers: bulletinoct2015, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, DSA-3231-1, FEDORA-2015-11795, MDVSA-2015:192, openSUSE-SU-2015:0672-1, RHSA-2015:1633-01, RHSA-2015:1742-01, SUSE-SU-2017:2200-1, USN-2721-1, VIGILANCE-VUL-16501.

Description of the vulnerability

Several vulnerabilities were announced in Apache Subversion.

An attacker can use numerous resources with FSFS, in order to trigger a denial of service. [severity:2/4; CVE-2015-0202]

An attacker can generate an assertion error in mod_dav_svn and svnserve, in order to trigger a denial of service. [severity:2/4; CVE-2015-0248]

An attacker can spoof the svn:author propertywith a specially chosen sequence of WebDAV commands for the version 1 of the protocol implemented by the Apache module mod_dav_svn. [severity:1/4; CVE-2015-0251]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-3455

Squid: Man-in-the-Middle of SSL Bumping

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle between Squid in ssl_bump client-first/bump mode and a server, in order to alter signatures.
Impacted products: Fedora, MBS, openSUSE, openSUSE Leap, Solaris, RHEL, Squid.
Severity: 3/4.
Creation date: 30/04/2015.
Identifiers: bulletinjul2015, CERTFR-2015-AVI-200, CVE-2015-3455, FEDORA-2016-7b40eb9e29, MDVSA-2015:230, openSUSE-SU-2015:1546-1, openSUSE-SU-2016:2081-1, RHSA-2015:2378-01, SQUID-2015:1, VIGILANCE-VUL-16788.

Description of the vulnerability

The Squid product uses the ssl_bump option to inspect SSL/TLS using several modes:
 - client-first: establish a TLS session with the client, and then the server.
 - server-first: establish a TLS session with the server, and then the client.

However, in the client-first or bump mode, the X.509 certificate of the SSL/TLS session is not checked by Squid.

An attacker can therefore act as a Man-in-the-Middle between Squid in ssl_bump client-first/bump mode and a server, in order to alter signatures.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2014-4165

ntop: Cross Site Scripting of rrdPlugin

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in rrdPlugin of ntop, in order to execute JavaScript code in the context of the web site.
Impacted products: MBS, openSUSE.
Severity: 2/4.
Creation date: 29/04/2015.
Identifiers: CVE-2014-4165, MDVSA-2015:216, openSUSE-SU-2015:0727-1, VIGILANCE-VUL-16763.

Description of the vulnerability

The ntop product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in rrdPlugin of ntop, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-2170 CVE-2015-2221 CVE-2015-2222

ClamAV: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ClamAV.
Impacted products: ClamAV, Fedora, MBS, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 29/04/2015.
Identifiers: CERTFR-2015-AVI-199, CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2305, CVE-2015-2668, FEDORA-2015-7334, FEDORA-2015-7378, MDVSA-2015:221, openSUSE-SU-2015:0906-1, SUSE-SU-2016:1638-1, USN-2594-1, VIGILANCE-VUL-16759.

Description of the vulnerability

Several vulnerabilities were announced in ClamAV.

An attacker can generate an infinite loop with a y0da file, in order to trigger a denial of service. [severity:2/4; CVE-2015-2221]

An attacker can use a Petite Packed file, in order to trigger a denial of service. [severity:2/4; CVE-2015-2222]

An attacker can use a Upack Packed file, in order to trigger a denial of service. [severity:2/4]

An attacker can use a PE file, in order to trigger a denial of service. [severity:2/4]

An attacker can generate an infinite loop with an xz file, in order to trigger a denial of service. [severity:2/4; CVE-2015-2668]

An attacker can generate a buffer overflow in the regcomp() function of Henry Spencer regex, in order to trigger a denial of service, and possibly to execute code (VIGILANCE-VUL-16412). [severity:2/4; CVE-2015-2305]

An attacker can use an upx file, in order to trigger a denial of service. [severity:2/4; CVE-2015-2170]

An attacker can use an HTML file, in order to trigger a denial of service. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.