The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NETASQ

computer vulnerability announce 18687

Netasq, Stormshield Network Security: Cross Site Scripting of Certificate

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Netasq and Stormshield Network Security, in order to run JavaScript code in the context of the web site.
Impacted products: SNS, NETASQ.
Severity: 2/4.
Creation date: 12/01/2016.
Identifiers: STORM-2015-015, VIGILANCE-VUL-18687.

Description of the vulnerability

The Netasq or Stormshield Network Security product offers a web service.

However, it does not filter received data from the X.509 certificate before inserting them in generated HTML documents on the proxy error page.

An attacker can therefore trigger a Cross Site Scripting in Netasq and Stormshield Network Security, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-3194

OpenSSL: NULL pointer dereference via Certificate Verification

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Impacted products: SES, SNS, Tomcat, ProxyAV, ProxySG, SGOS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Cisco Nexus, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, AIX, IRAD, QRadar SIEM, IVE OS, MAG Series Juniper, Juniper SA, Juniper SBR, MySQL Enterprise, Data ONTAP, NETASQ, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Solaris, pfSense, Pulse Connect Secure, MAG Series Pulse Secure, Pulse Secure SBR, Puppet, RHEL, Slackware, stunnel, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 9010051, BSA-2016-006, bulletinjan2016, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, CVE-2015-3194, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:1327-1, RHSA-2015:2617-01, SA105, SA40100, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, STORM-2015-017, USN-2830-1, VIGILANCE-VUL-18435.

Description of the vulnerability

The OpenSSL library can use the RSA PSS algorithm to check the validity of X.509 certificates.

However, if the "mask generation" parameter is missing during the verification of a signature in ASN.1 format, OpenSSL does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-5358

BSD, Juniper JunOS: memory leak in the LAST_ACK TCP state

Synthesis of the vulnerability

An attacker can block numerous TCP sessions in the LAST_ACK state, to trigger a memory exhaustion in FreeBSD/OpenBSD/JunOS, in order to create a denial of service.
Impacted products: SNS, FreeBSD, Juniper J-Series, JUNOS, NETASQ, NetBSD, OpenBSD, pfSense.
Severity: 3/4.
Creation date: 09/07/2015.
Revision date: 22/07/2015.
Identifiers: CERTFR-2015-AVI-286, CVE-2015-5358, FreeBSD-SA-15:13.tcp, JSA10686, NetBSD-SA2015-009, STORM-2015-013, VIGILANCE-VUL-17333.

Description of the vulnerability

According to the TCP protocol, when a service receives a FIN packet:
 - it jumps in the CLOSE_WAIT state
 - it sends a FIN packet to the client
 - it enters in the LAST_ACK state
 - it waits to receive the FIN-ACK packet
 - it can retry to send the FIN packet
 - if it does not receive the FIN-ACK packet, it waits at most the duration of a timer to jump from the LAST_ACK state to the CLOSED state

In the LAST_ACK state, the service keeps information (mbufs) in memory.

However, when the TCP Window has a zero length size, the BSD stack forgets to start the timer. Information are thus indefinitely kept in memory.

An attacker can therefore block numerous TCP sessions in the LAST_ACK state, to trigger a memory exhaustion in BSD/JunOS, in order to create a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2014-3566

SSL 3.0: decrypting session, POODLE

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information.
Impacted products: SES, SNS, Apache httpd, Arkoon FAST360, ArubaOS, Asterisk Open Source, BES, ProxyAV, ProxySG, SGOS, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, IronPort Email, Cisco Nexus, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, WebNS, Clearswift Email Gateway, Clearswift Web Gateway, CUPS, Debian, Black Diamond, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, F-Secure AV, HP BSM, HP Data Protector, HP NNMi, HP Operations, ProCurve Switch, SiteScope, HPE Switch, TippingPoint IPS, HP-UX, AIX, Security Directory Server, SPSS Data Collection, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS, WebSphere MQ, WS_FTP Server, IVE OS, Juniper J-Series, JUNOS, Junos Space, Junos Space Network Management Platform, MAG Series Juniper, NSM Central Manager, NSMXpress, Juniper SA, Domino, Notes, MBS, McAfee Email and Web Security, McAfee Email Gateway, ePO, VirusScan, McAfee Web Gateway, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, NETASQ, NetBSD, NetIQ Sentinel, NetScreen Firewall, ScreenOS, nginx, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Polycom CMA, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, Postfix, SSL protocol, Puppet, RHEL, Red Hat JBoss EAP, RSA Authentication Manager, ROS, ROX, RuggedSwitch, Slackware, Spectracom SecureSync, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter, VMware vSphere, VMware vSphere Hypervisor, Wind River Linux.
Severity: 3/4.
Creation date: 15/10/2014.
Identifiers: 10923, 1589583, 1595265, 1653364, 1657963, 1663874, 1687167, 1687173, 1687433, 1687604, 1687611, 1690160, 1690185, 1690342, 1691140, 1692551, 1695392, 1696383, 1699051, 1700706, 2977292, 3009008, 7036319, aid-10142014, AST-2014-011, bulletinapr2015, bulletinjan2015, bulletinjan2016, bulletinjul2015, bulletinjul2016, bulletinoct2015, c04486577, c04487990, c04492722, c04497114, c04506802, c04510230, c04567918, c04616259, c04626982, c04676133, c04776510, CERTFR-2014-ALE-007, CERTFR-2014-AVI-454, CERTFR-2014-AVI-509, CERTFR-2015-AVI-169, cisco-sa-20141015-poodle, CVE-2014-3566, DSA-3053-1, DSA-3253-1, DSA-3489-1, ESA-2014-178, ESA-2015-098, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FEDORA-2014-12989, FEDORA-2014-12991, FEDORA-2014-13012, FEDORA-2014-13017, FEDORA-2014-13040, FEDORA-2014-13069, FEDORA-2014-13070, FEDORA-2014-13444, FEDORA-2014-13451, FEDORA-2014-13764, FEDORA-2014-13777, FEDORA-2014-13781, FEDORA-2014-13794, FEDORA-2014-14234, FEDORA-2014-14237, FEDORA-2014-15379, FEDORA-2014-15390, FEDORA-2014-15411, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2015-9090, FEDORA-2015-9110, FreeBSD-SA-14:23.openssl, FSC-2014-8, HPSBGN03256, HPSBGN03305, HPSBGN03332, HPSBHF03156, HPSBHF03300, HPSBMU03152, HPSBMU03184, HPSBMU03213, HPSBMU03416, HPSBUX03162, HPSBUX03194, JSA10656, MDVSA-2014:203, MDVSA-2014:218, MDVSA-2015:062, NetBSD-SA2014-015, nettcp_advisory, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1384-1, openSUSE-SU-2014:1395-1, openSUSE-SU-2014:1426-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1586-1, PAN-SA-2014-0005, POODLE, RHSA-2014:1652-01, RHSA-2014:1653-01, RHSA-2014:1692-01, RHSA-2014:1920-01, RHSA-2014:1948-01, RHSA-2015:0010-01, RHSA-2015:0011-01, RHSA-2015:0012-01, RHSA-2015:1545-01, RHSA-2015:1546-01, SA83, SB10090, SB10104, sk102989, SOL15702, SP-CAAANKE, SP-CAAANST, SPL-91947, SPL-91948, SSA:2014-288-01, SSA-396873, SSA-472334, SSRT101767, STORM-2014-02-FR, SUSE-SU-2014:1357-1, SUSE-SU-2014:1361-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, SUSE-SU-2015:0010-1, SUSE-SU-2016:1457-1, SUSE-SU-2016:1459-1, T1021439, TSB16540, USN-2839-1, VIGILANCE-VUL-15485, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2, VN-2014-003, VU#577193.

Description of the vulnerability

An SSL/TLS session can be established using several protocols:
 - SSL 2.0 (obsolete)
 - SSL 3.0
 - TLS 1.0
 - TLS 1.1
 - TLS 1.2

An attacker can downgrade the version to SSLv3. However, with SSL 3.0, an attacker can change the padding position with a CBC encryption, in order to progressively guess clear text fragments.

This vulnerability is named POODLE (Padding Oracle On Downgraded Legacy Encryption).

An attacker, located as a Man-in-the-Middle, can therefore decrypt a SSL 3.0 session, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2007-3725

ClamAV, unrar: denial of service

Synthesis of the vulnerability

An attacker can create a malicious RAR archive in order to stop ClamAV or unrar.
Impacted products: ClamAV, Debian, Mandriva Corporate, Mandriva Linux, NETASQ, NLD, OES, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 11/07/2007.
Identifiers: BID-24866, CERTA-2002-AVI-136, CERTA-2007-AVI-306, CVE-2007-3725, DSA-1340-1, MDKSA-2007:150, SUSE-SR:2007:015, VIGILANCE-VUL-6991.

Description of the vulnerability

The ClamAV antivirus and the unrar tool share the same vulnerability.

The execute_standard_filter() function of unrarvm.c does not check if one of the sizes indicated in the RAR file is too small. This error forces ClamAV to read data at an invalid address, which leads to a segmentation error.

An attacker can therefore create a malicious RAR archive in order to stop ClamAV or unrar.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2007-2650 CVE-2007-3023 CVE-2007-3024

ClamAV: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of ClamAV lead to denials of service or to code execution.
Impacted products: ClamAV, Debian, Fedora, Mandriva Corporate, Mandriva Linux, NETASQ, openSUSE.
Severity: 3/4.
Creation date: 31/05/2007.
Identifiers: BID-24289, BID-24316, BID-24358, CVE-2007-2650, CVE-2007-3023, CVE-2007-3024, CVE-2007-3025, CVE-2007-3122, CVE-2007-3123, DSA-1320-1, FEDORA-2007-1154, MDKSA-2007:115, SUSE-SA:2007:033, VIGILANCE-VUL-6855.

Description of the vulnerability

Several vulnerabilities of ClamAV lead to denials of service or to code execution.

The %v parameter is not correctly checked in fresclam/manager.c. [severity:3/4]

Malicious RAR headers are not correctly handled in libclamav/unrar/unrar.c. [severity:3/4; BID-24289, CVE-2007-3122]

Size of data is not correctly computed in libclamav/unsp.c. [severity:3/4; CVE-2007-3023]

Permissions of temporary files created by cli_gentempstream() are not sufficiently strict. [severity:3/4; CVE-2007-3024]

A malicious OLE file can generate an infinite loop in libclamav/ole2_extract.c. [severity:3/4; BID-24316, CVE-2007-2650]

An unknown vulnerability affects libclamav/phishcheck.c. [severity:3/4; CVE-2007-3025]

An unknown vulnerability affects libclamav/unrar/unrar.c. [severity:3/4; CVE-2007-3123]

An unknown vulnerability affects libclamav/pdf.c. [severity:3/4]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2007-1745 CVE-2007-1997 CVE-2007-2029

ClamAV: vulnerabilities of CHM, CAB and PDF

Synthesis of the vulnerability

An attacker can create CHM, CAB and PDF files leading to denials of service or to code execution on ClamAV.
Impacted products: ClamAV, Debian, Mandriva Corporate, Mandriva Linux, NETASQ, openSUSE.
Severity: 3/4.
Creation date: 13/04/2007.
Revision date: 17/04/2007.
Identifiers: BID-23473, BID-23656, CERTA-2002-AVI-088, CVE-2007-1745, CVE-2007-1997, CVE-2007-2029, DSA-1281-1, DSA-1281-2, MDKSA-2007:098, SUSE-SA:2007:026, VIGILANCE-VUL-6740.

Description of the vulnerability

Three vulnerabilities were announced in ClamAV antivirus.

When an error occurs during the analysis of a CHM file, the chm_decompress_stream() function of libclamav/chmunpack.c does not lock the temporary file containing the binary. [severity:3/4; CVE-2007-1745]

A malicious CAB archive can generate an integer overflow in cab_unstore() function of libclamav/cab.c, leading to code execution. [severity:3/4; CVE-2007-1997]

The PDF format is composed of a series of objects (pages, fonts, catalog, etc.), which can be compressed with zlib. The cli_pdf() function of libclamav/pdf.c stores compressed data in a temporary file, to uncompress them. However, if size of compressed data is null, the temporary file descriptor is not closed. [severity:3/4; BID-23656, CVE-2007-2029]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2006-1614 CVE-2006-1615 CVE-2006-1630

ClamAV: several vulnerabilities

Synthesis of the vulnerability

An attacker can generate several errors in ClamAV leading to code execution or to a denial of service.
Impacted products: ClamAV, Debian, Mandriva Corporate, Mandriva Linux, NETASQ, openSUSE.
Severity: 2/4.
Creation date: 06/04/2006.
Revision date: 10/04/2006.
Identifiers: BID-17388, CERTA-2002-AVI-009, CERTA-2006-AVI-140, CVE-2006-1614, CVE-2006-1615, CVE-2006-1630, DSA-1024-1, MDKSA-2006:067, SUSE-SA:2006:020, VIGILANCE-VUL-5741.

Description of the vulnerability

The ClamAV antivirus has 3 vulnerabilities.

An integer overflow occurs during a PE header analyze, when ArchiveMaxFileSize option is deactivated (CVE-2006-1614).

Several format string attacks can occur in logging code (CVE-2006-1615).

A memory access error in cli_bitset_set() function stops service (CVE-2006-1630).
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 5734

NetASQ: denial of service of ARP

Synthesis of the vulnerability

An attacker can generate a memory leak during transparent VLAN usage.
Impacted products: NETASQ.
Severity: 1/4.
Creation date: 03/04/2006.
Identifiers: na_rn_6151_001_fr, VIGILANCE-VUL-5734.

Description of the vulnerability

The NETASQ firewall supports transparent VLAN.

When an ARP packet is received on a transparent VLAN, memory is allocated but never freed.

A network attacker can therefore progressively saturate memory.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2006-0162

ClamAV: buffer overflow of UPX

Synthesis of the vulnerability

An attacker can create a malicious UPX program in order to run code on ClamAV.
Impacted products: ClamAV, Debian, Mandriva Corporate, Mandriva Linux, NETASQ, OpenBSD.
Severity: 2/4.
Creation date: 10/01/2006.
Revision date: 13/01/2006.
Identifiers: BID-16191, CERTA-2006-AVI-012, CVE-2006-0162, DSA-947-1, DSA-947-2, MDKSA-2006:016, OPSA_20060114, VIGILANCE-VUL-5501, VU#385908, ZDI-06-001.

Description of the vulnerability

Programs can be packed in order to shrink their size and make their analyze more complex. ClamAV supports UPX packer (Ultimate Packer for eXecutables).

A program compacted with UPX can lead to a buffer overflow in libclamav/upx.c.

An attacker can therefore send a compacted program in order to run code or to conduct a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NETASQ: