The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MicroFocus SUSE Linux Enterprise Server

computer vulnerability CVE-2015-5300

NTP.org: altering time via Small-step/Big-step

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle of NTP.org, in order to change the client time.
Impacted products: CheckPoint IP Appliance, IPSO, XenServer, Fedora, FreeBSD, AIX, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 08/01/2016.
Identifiers: 2956, bulletinjan2016, CTX220112, CVE-2015-5300, FEDORA-2016-34bc10a2c8, FreeBSD-SA-16:02.ntp, openSUSE-SU-2016:1292-1, openSUSE-SU-2016:1329-1, openSUSE-SU-2016:1423-1, sk109942, SSA:2016-054-04, SUSE-SU-2016:1175-1, SUSE-SU-2016:1177-1, SUSE-SU-2016:1247-1, SUSE-SU-2016:1278-1, SUSE-SU-2016:1291-1, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, VIGILANCE-VUL-18665.

Description of the vulnerability

The ntpd daemon of NTP.org manages the local time by receiving information from several time servers with upper stratum.

However, if an attacker acts as a Man-in-the-Middle, and sends invalid information to NTP.org, the daemon restarts. Then, during the restart, the attacker can continue to spoof upper time servers, to change the time. If ntpd is started without the "-g" option, the time change is limited to 900 seconds.

An attacker can therefore act as a Man-in-the-Middle of NTP.org, in order to change the client time.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-7575

Mozilla NSS, OpenSSL, Oracle Java: MD5 allowed in TLS 1.2

Synthesis of the vulnerability

An attacker can create a MD5 collision in a TLS 1.2 session of Mozilla NSS, OpenSSL or Oracle Java, in order to capture data belonging to this session.
Impacted products: Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, AIX, DB2 UDB, QRadar SIEM, SPSS Modeler, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, JAXP, Domino, Notes, Firefox, NSS, Thunderbird, SnapManager, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Creation date: 28/12/2015.
Revision date: 08/01/2016.
Identifiers: 000008896, 1974958, 1975290, 1975424, 1976113, 1976148, 1976200, 1976262, 1976362, 1976363, 1977405, 1977517, 1977518, 1977523, 9010065, cpujan2016, CVE-2015-7575, DSA-3436-1, DSA-3457-1, DSA-3465-1, DSA-3491-1, DSA-3688-1, FEDORA-2016-4aeba0f53d, MFSA-2015-150, NTAP-20160225-0001, NTAP20160225-001, openSUSE-SU-2015:2405-1, openSUSE-SU-2016:0007-1, openSUSE-SU-2016:0161-1, openSUSE-SU-2016:0162-1, openSUSE-SU-2016:0263-1, openSUSE-SU-2016:0268-1, openSUSE-SU-2016:0270-1, openSUSE-SU-2016:0272-1, openSUSE-SU-2016:0279-1, openSUSE-SU-2016:0307-1, openSUSE-SU-2016:0308-1, openSUSE-SU-2016:0488-1, RHSA-2016:0007-01, RHSA-2016:0008-01, RHSA-2016:0049-01, RHSA-2016:0050-01, RHSA-2016:0053-01, RHSA-2016:0054-01, RHSA-2016:0055-01, RHSA-2016:0056-01, RHSA-2016:0098-01, RHSA-2016:0099-01, RHSA-2016:0100-01, RHSA-2016:0101-01, SA108, SLOTH, SUSE-SU-2016:0256-1, SUSE-SU-2016:0265-1, SUSE-SU-2016:0269-1, SUSE-SU-2016:0390-1, SUSE-SU-2016:0399-1, SUSE-SU-2016:0401-1, SUSE-SU-2016:0428-1, SUSE-SU-2016:0431-1, SUSE-SU-2016:0433-1, SUSE-SU-2016:0770-1, SUSE-SU-2016:0776-1, USN-2863-1, USN-2864-1, USN-2866-1, USN-2884-1, USN-2904-1, VIGILANCE-VUL-18586.

Description of the vulnerability

The Mozilla NSS, OpenSSL and Oracle Java products implement TLS version 1.2.

The MD5 hashing algorithm is weak. However, it is accepted in signatures of TLS 1.2 ServerKeyExchange messages.

An attacker can therefore create a MD5 collision in a TLS 1.2 session of Mozilla NSS, OpenSSL or Oracle Java, in order to capture data belonging to this session.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-1903 CVE-2016-1904 CVE-2016-5114

PHP: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, PHP, RHEL, Slackware, SLES, Ubuntu.
Severity: 3/4.
Creation date: 07/01/2016.
Identifiers: 70661, 70728, 70741, 70755, 70976, 71270, CERTFR-2016-AVI-023, CVE-2016-1903, CVE-2016-1904, CVE-2016-5114, DLA-628-1, FEDORA-2016-5207e0c1a1, FEDORA-2016-558167a417, openSUSE-SU-2016:0251-1, openSUSE-SU-2016:0366-1, openSUSE-SU-2016:1553-1, RHSA-2016:2750-01, SSA:2016-034-04, SUSE-SU-2016:1581-1, USN-2952-1, USN-2952-2, USN-3045-1, VIGILANCE-VUL-18653.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can generate a memory corruption in PHP_to_XMLRPC_worker, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 70728]

An attacker can generate a memory corruption in WDDX Packet Deserialization, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70741]

An attacker can force the usage of a freed memory area in WDDX Packet Deserialization, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70661]

An attacker can read a memory fragment via gdImageRotateInterpolated(), in order to obtain sensitive information. [severity:1/4; 70976, CVE-2016-1903]

An attacker can create a memory leak in fpm_log.c, in order to trigger a denial of service. [severity:2/4; 70755, CVE-2016-5114]

An attacker can generate a buffer overflow in fpm_log.c, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70755, CVE-2016-5114]

An attacker can generate a buffer overflow in escapeshell(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; 71270, CVE-2016-1904]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-7513

Linux kernel: denial of service via KVM PIT Emulation

Synthesis of the vulnerability

An attacker can use the KVM and PIT on the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 06/01/2016.
Identifiers: CERTFR-2016-AVI-004, CERTFR-2016-AVI-044, CERTFR-2017-AVI-034, CVE-2015-7513, DSA-3434-1, FEDORA-2016-26e19f042a, FEDORA-2016-5d43766e33, FEDORA-2016-b59fd603be, openSUSE-SU-2016:2625-1, SUSE-SU-2016:2245-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2017:0333-1, USN-2886-1, USN-2886-2, USN-2887-1, USN-2887-2, USN-2888-1, USN-2889-1, USN-2889-2, USN-2890-1, USN-2890-2, USN-2890-3, VIGILANCE-VUL-18644.

Description of the vulnerability

The arch/x86/kvm/x86.c file implements the PIT (Programmable Interval Timer) management for KVM.

However, if an attacker defines a PIT counter to zero, a modulo zero operation generates a fatal error.

An attacker can therefore use the KVM and PIT on the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-8745

QEMU: assertion error via vmxnet3_io_bar0_read

Synthesis of the vulnerability

An attacker, who is privileged in a guest system, can generate an assertion error in the vmxnet3_io_bar0_read() function of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 04/01/2016.
Identifiers: CVE-2015-8745, DSA-3471-1, FEDORA-2016-42778e8c82, FEDORA-2016-890e612f52, FEDORA-2016-e9bba2bb01, openSUSE-SU-2016:0914-1, openSUSE-SU-2016:0995-1, openSUSE-SU-2016:1750-1, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1154-1, SUSE-SU-2016:1318-1, SUSE-SU-2016:1560-1, SUSE-SU-2016:1703-1, SUSE-SU-2016:1745-1, USN-2891-1, VIGILANCE-VUL-18631.

Description of the vulnerability

The QEMU product implements the support of VMXNET Generation 3 network devices.

However, an attacker with CAP_SYS_RAWIO privileges can read the IMR (Interrupt Mask Registers). However, an assertion error occurs because developers did not except this case, which stops the process.

An attacker, who is privileged in a guest system, can therefore generate an assertion error in the vmxnet3_io_bar0_read() function of QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-8744

QEMU: unreachable memory reading via vmxnet3_process_tx_queue

Synthesis of the vulnerability

An attacker, who is privileged in a guest system, can force a read at an invalid address in the vmxnet3_process_tx_queue() function of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 04/01/2016.
Identifiers: CVE-2015-8744, DSA-3471-1, FEDORA-2016-890e612f52, FEDORA-2016-e9bba2bb01, openSUSE-SU-2016:0914-1, openSUSE-SU-2016:0995-1, openSUSE-SU-2016:1750-1, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1318-1, SUSE-SU-2016:1560-1, SUSE-SU-2016:1703-1, USN-2891-1, VIGILANCE-VUL-18630.

Description of the vulnerability

The QEMU product implements the support of VMXNET Generation 3 network devices.

However, an attacker with CAP_SYS_RAWIO privileges can create a packet too short. The vmxnet3_process_tx_queue() function then tries to read an unreachable memory area, which triggers a fatal error.

An attacker, who is privileged in a guest system, can therefore force a read at an invalid address in the vmxnet3_process_tx_queue() function of QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-8743

QEMU: memory corruption via ne2000_mem_writel

Synthesis of the vulnerability

An attacker, who is privileged in a guest system, can generate a memory corruption in ne2000_mem_writel() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 04/01/2016.
Identifiers: CVE-2015-8743, DSA-3469-1, DSA-3470-1, DSA-3471-1, FEDORA-2016-275e9ff483, FEDORA-2016-42778e8c82, openSUSE-SU-2016:0914-1, openSUSE-SU-2016:0995-1, openSUSE-SU-2016:1750-1, openSUSE-SU-2016:2494-1, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1154-1, SUSE-SU-2016:1318-1, SUSE-SU-2016:1445-1, SUSE-SU-2016:1560-1, SUSE-SU-2016:1698-1, SUSE-SU-2016:1703-1, SUSE-SU-2016:1745-1, SUSE-SU-2016:1785-1, USN-2891-1, VIGILANCE-VUL-18629.

Description of the vulnerability

The QEMU product implements the support of NE2000 network devices.

However, the ne2000_mem_writel() function does not correctly check addresses to copy.

An attacker, who is privileged in a guest system, can therefore generate a memory corruption in ne2000_mem_writel() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-8709

Linux kernel: privilege escalation via ptrace and User Namespace

Synthesis of the vulnerability

A local attacker can use ptrace() on a User Namespace created by the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Fedora, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 04/01/2016.
Identifiers: CERTFR-2015-AVI-558, CERTFR-2016-AVI-004, CERTFR-2016-AVI-103, CERTFR-2017-AVI-060, CVE-2015-8709, DSA-3434-1, FEDORA-2016-5d43766e33, FEDORA-2016-6ce812a1e0, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2017:0456-1, SUSE-SU-2016:0785-1, SUSE-SU-2016:1019-1, SUSE-SU-2016:1764-1, SUSE-SU-2017:0575-1, USN-2846-1, USN-2847-1, USN-2848-1, USN-2849-1, USN-2850-1, USN-2851-1, USN-2852-1, USN-2853-1, USN-2854-1, VIGILANCE-VUL-18628.

Description of the vulnerability

The User Namespace (CONFIG_USER_NS) feature provides jailed environments.

However, a local attacker can create a Namespace, and ptrace a root process entering in this Namespace.

A local attacker can therefore use ptrace() on a User Namespace created by the Linux kernel, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-7575

Bouncy Castle: MD5 allowed in TLS 1.2

Synthesis of the vulnerability

An attacker can create a collision with a weak algorithm such as MD5 in a TLS 1.2 session of Bouncy Castle, in order to capture data belonging to this session.
Impacted products: Bouncy Castle JCE, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***.
Severity: 1/4.
Creation date: 30/12/2015.
Identifiers: CVE-2015-7575, openSUSE-SU-2016:0605-1, SLOTH, SUSE-SU-2016:0256-1, VIGILANCE-VUL-18615.

Description of the vulnerability

The Bouncy Castle library implements TLS version 1.2.

However, Bouncy Castle does not check if the algorithm used in the DigitallySigned structure is part of the accepted algorithms indicated in the signature_algorithms extension or the CertificateRequest message.

This vulnerability has the same origin than VIGILANCE-VUL-18586.

An attacker can therefore create a collision with a weak algorithm such as MD5 in a TLS 1.2 session of Bouncy Castle, in order to capture data belonging to this session.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-8660

Linux kernel: attribute change on overlayfs

Synthesis of the vulnerability

A local attacker can use the setxattr() function on an overlayfs file system on the Linux kernel, in order to access to a restricted file.
Impacted products: Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 28/12/2015.
Identifiers: CERTFR-2016-AVI-073, CVE-2015-8660, RHSA-2016:1532-02, RHSA-2016:1539-01, RHSA-2016:1541-03, SUSE-SU-2016:0585-1, USN-2857-1, USN-2857-2, USN-2858-1, USN-2858-2, USN-2858-3, VIGILANCE-VUL-18592.

Description of the vulnerability

The Linux kernel supports the ovl (overlayfs) file system.

The ovl_setattr() function of the fs/overlayfs/inode.c file changes file attributes. However, due to an optimization, the attribute change does not check permissions.

A local attacker can therefore use the setxattr() function on an overlayfs file system on the Linux kernel, in order to access to a restricted file.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MicroFocus SUSE Linux Enterprise Server: