The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetBSD

vulnerability announce 25282

NetBSD: memory corruption via a fragmented IPv6 packet

Synthesis of the vulnerability

An attacker sending a fragmented IPv6 packet with specially packed options, can generate a memory corruption in the NetBSD kernel, in order to trigger a denial of service.
Impacted products: NetBSD.
Severity: 2/4.
Creation date: 13/02/2018.
Identifiers: NetBSD-SA2018-004, VIGILANCE-VUL-25282.

Description of the vulnerability

An attacker sending a fragmented IPv6 packet with specially packed options, can generate a memory corruption in the NetBSD kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Junos OS, SRX-Series, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-9042 CVE-2017-6451 CVE-2017-6452

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Mac OS X, Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, McAfee Web Gateway, Meinberg NTP Server, NetBSD, NTP.org, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, RHEL, Slackware, Spectracom SecureSync, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity: 2/4.
Creation date: 22/03/2017.
Revision date: 30/03/2017.
Identifiers: APPLE-SA-2017-09-25-1, bulletinapr2017, CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464, FEDORA-2017-5ebac1c112, FEDORA-2017-72323a442f, FreeBSD-SA-17:03.ntp, HT208144, K02951273, K07082049, K32262483, K-511308, K99254031, NTP-01-002, NTP-01-003, NTP-01-004, NTP-01-007, NTP-01-008, NTP-01-009, NTP-01-012, NTP-01-014, NTP-01-016, PAN-SA-2017-0022, RHSA-2017:3071-01, RHSA-2018:0855-01, SA147, SB10201, SSA:2017-112-02, TALOS-2016-0260, USN-3349-1, VIGILANCE-VUL-22217, VU#633847.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can tamper with packet timestamp, in order to make target trafic dropped. [severity:2/4; CVE-2016-9042]

An attacker can generate a buffer overflow via ntpq, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-6460, NTP-01-002]

An attacker can generate a buffer overflow via mx4200_send(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6451, NTP-01-003]

An attacker can generate a buffer overflow via ctl_put(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-6458, NTP-01-004]

An attacker can generate a buffer overflow via addKeysToRegistry(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6459, NTP-01-007]

An attacker can generate a buffer overflow in the MS-Windows installer, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6452, NTP-01-008]

An attacker can define the PPSAPI_DLLS environment variable, in order to make the server run a library with hight privileges. [severity:2/4; CVE-2017-6455, NTP-01-009]

An authenticated attacker can submit an invalid configuration directive, to trigger a denial of service. [severity:2/4; CVE-2017-6463, NTP-01-012]

A privileged attacker can generate a buffer overflow via datum_pts_receive(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6462, NTP-01-014]

An authenticated attacker can submit an invalid configuration directive "mode", to trigger a denial of service. [severity:2/4; CVE-2017-6464, NTP-01-016]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-5398 CVE-2017-5399 CVE-2017-5400

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Mozilla Firefox and Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 08/03/2017.
Revision date: 21/03/2017.
Identifiers: 1130, bulletinapr2017, bulletinjul2017, CERTFR-2017-AVI-068, CERTFR-2017-AVI-069, CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5409, CVE-2017-5410, CVE-2017-5411, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5425, CVE-2017-5426, CVE-2017-5427, DLA-852-1, DLA-896-1, DSA-3805-1, DSA-3832-1, FEDORA-2017-bb459964ce, FEDORA-2017-e63f2f0d11, FEDORA-2017-f3484d64d2, FEDORA-2017-fce0c6fd46, MFSA-2017-05, MFSA-2017-06, MFSA-2017-07, MFSA-2017-09, openSUSE-SU-2017:0687-1, openSUSE-SU-2017:0688-1, openSUSE-SU-2017:0690-1, openSUSE-SU-2017:1196-1, openSUSE-SU-2017:1268-1, RHSA-2017:0459-01, RHSA-2017:0461-01, RHSA-2017:0498-01, SSA:2017-066-01, SSA:2017-066-02, SUSE-SU-2017:0714-1, SUSE-SU-2017:0732-1, USN-3216-1, USN-3216-2, USN-3233-1, VIGILANCE-VUL-22039.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla Firefox and Thunderbird.

An attacker can bypass security features via asm.js, in order to obtain sensitive information. [severity:3/4; CVE-2017-5400]

An attacker can generate a memory corruption via ErrorResult, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-5401]

An attacker can force the usage of a freed memory area via FontFace, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-5402]

An attacker can force the usage of a freed memory area via addRange, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-5403]

An attacker can force the usage of a freed memory area via Selection Ranges, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 1130, CVE-2017-5404]

An attacker can generate a memory corruption via Skia, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-5406]

An attacker can bypass security features via SVG Filters, in order to obtain sensitive information. [severity:3/4; CVE-2017-5407]

An attacker can generate a memory corruption via JavaScript Garbage Collection Incremental Sweeping, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5410]

An attacker can force the usage of a freed memory area via libGLES, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5409, CVE-2017-5411]

An attacker can bypass the origin check via Video Captions, in order to access to victim's data. [severity:2/4; CVE-2017-5408]

An attacker can force a read at an invalid address via SVG Filters, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-5412]

An attacker can force a read at an invalid address via Bidirectional Layout, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-5413]

An attacker can bypass security features via Bidirectional Layout, in order to obtain sensitive information. [severity:2/4; CVE-2017-5414]

An attacker can alter displayed information via Blob URL, in order to deceive the victim. [severity:2/4; CVE-2017-5415, CVE-2017-5416]

An attacker can force a NULL pointer to be dereferenced via HttpChannel, in order to trigger a denial of service. [severity:2/4; CVE-2017-5416]

An attacker can alter displayed information via URL drag-and-drop, in order to deceive the victim. [severity:2/4; CVE-2017-5417]

An attacker can bypass file access restrictions via Gecko Media Plugin, in order to obtain sensitive information. [severity:2/4; CVE-2017-5425]

An attacker can bypass security features via Gecko Media Plugin seccomp-bpf, in order to escalate his privileges. [severity:2/4; CVE-2017-5426]

An attacker can bypass security features via chrome.manifest, in order to escalate his privileges. [severity:2/4; CVE-2017-5427]

An attacker can force a read at an invalid address via HTTP Digest Authorization, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-5418]

An attacker can trigger a fatal error via Authentication Prompts, in order to trigger a denial of service. [severity:2/4; CVE-2017-5419]

An attacker can alter displayed information via Javascript URLs, in order to deceive the victim. [severity:1/4; CVE-2017-5420]

An attacker can trigger a fatal error via FTP Response Codes, in order to trigger a denial of service. [severity:1/4; CVE-2017-5405]

An attacker can alter displayed information via Print preview, in order to deceive the victim. [severity:2/4; CVE-2017-5421]

An attacker can trigger a fatal error via view-source, in order to trigger a denial of service. [severity:1/4; CVE-2017-5422]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-5399]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-5398]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 21895

NetBSD: two vulnerabilities via ARP requests

Synthesis of the vulnerability

An attacker can use several vulnerabilities via the ARP implementation of NetBSD.
Impacted products: NetBSD.
Severity: 2/4.
Creation date: 20/02/2017.
Identifiers: NetBSD-SA2017-002, VIGILANCE-VUL-21895.

Description of the vulnerability

Several vulnerabilities were announced in NetBSD.

An attacker can create a memory leak, in order to trigger a denial of service. [severity:2/4]

An attacker can read a kernel memory fragment, in order to obtain sensitive information. [severity:1/4]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-5373 CVE-2017-5374 CVE-2017-5375

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, NetBSD, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 24/01/2017.
Revision date: 25/01/2017.
Identifiers: CERTFR-2017-AVI-029, CERTFR-2017-AVI-033, CVE-2017-5373, CVE-2017-5374, CVE-2017-5375, CVE-2017-5376, CVE-2017-5377, CVE-2017-5378, CVE-2017-5379, CVE-2017-5380, CVE-2017-5381, CVE-2017-5382, CVE-2017-5383, CVE-2017-5384, CVE-2017-5385, CVE-2017-5386, CVE-2017-5387, CVE-2017-5388, CVE-2017-5389, CVE-2017-5390, CVE-2017-5391, CVE-2017-5392, CVE-2017-5393, CVE-2017-5394, CVE-2017-5395, CVE-2017-5396, DLA-800-1, DLA-896-1, DSA-3771-1, DSA-3832-1, FEDORA-2017-48e59edf94, FEDORA-2017-5df7a4018c, FEDORA-2017-c419dfe8c7, FEDORA-2017-cd5d8cac23, FEDORA-2017-e4e6928969, MFSA-2017-01, MFSA-2017-02, MFSA-2017-03, openSUSE-SU-2017:0354-1, openSUSE-SU-2017:0357-1, openSUSE-SU-2017:0358-1, RHSA-2017:0190-01, RHSA-2017:0238-01, SSA:2017-023-01, SSA:2017-026-01, SSA:2017-202-01, SUSE-SU-2017:0426-1, SUSE-SU-2017:0427-1, USN-3165-1, USN-3175-1, USN-3175-2, VIGILANCE-VUL-21666.

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-9080 CVE-2016-9893 CVE-2016-9894

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, NetBSD, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 14/12/2016.
Identifiers: bulletinjan2017, CERTFR-2016-AVI-412, CERTFR-2016-AVI-431, CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904, CVE-2016-9905, DLA-743-1, DLA-782-1, DSA-3734-1, DSA-3757-1, FEDORA-2016-2bca1021a3, FEDORA-2016-55f912fcdc, FEDORA-2016-85eae56259, FEDORA-2016-bd94ef48c8, FEDORA-2016-f115a880a6, FEDORA-2017-7af4c910c2, FEDORA-2017-7c870ccc88, MFSA-2016-94, MFSA-2016-95, MFSA-2016-96, openSUSE-SU-2016:3184-1, openSUSE-SU-2016:3307-1, openSUSE-SU-2016:3308-1, openSUSE-SU-2016:3310-1, openSUSE-SU-2017:0026-1, RHSA-2016:2946-01, RHSA-2016:2973-01, SSA:2016-348-01, SSA:2016-365-02, SSA:2016-365-03, SUSE-SU-2016:3210-1, SUSE-SU-2016:3222-1, SUSE-SU-2016:3223-1, USN-3155-1, USN-3165-1, VIGILANCE-VUL-21369.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla Firefox.

An attacker can generate a buffer overflow via SkiaGL, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-9894]

An attacker can force the usage of a freed memory area via the DOM interface, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-9899]

An attacker can bypass security features via a "marquee" element, in order to escalate his privileges. [severity:3/4; CVE-2016-9895]

An attacker can force the usage of a freed memory area via WebVR, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9896]

An attacker can generate a memory corruption via libGLES, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9897]

An attacker can force the usage of a freed memory area via DOM, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9898]

An attacker can bypass security features via URLs if type "data", in order to escalate his privileges. [severity:3/4; CVE-2016-9900]

An attacker can bypass the origin check via a timing attack, in order to access to victim's data. [severity:2/4; CVE-2016-9904]

An attacker can bypass security features via the Pocket service, in order to escalate his privileges. [severity:2/4; CVE-2016-9901]

An attacker can bypass the origin check via the Pocket extension, in order to access to victim's data. [severity:2/4; CVE-2016-9902]

An attacker can trigger a Cross Site Scripting via SDK, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-9903]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-9080]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-9893]

An attacker can generate a buffer overflow via EnumerateSubDocuments, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9905]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-9079

Firefox, Thunderbird: use after free via SVG Animation

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via a SVG animation on Firefox or Thunderbird, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, NetBSD, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 01/12/2016.
Identifiers: bulletinjan2017, CERTFR-2016-AVI-392, CVE-2016-9079, DLA-752-1, DSA-3728-1, DSA-3730-1, FEDORA-2016-0bfa836087, FEDORA-2016-2967f5f965, FEDORA-2016-5748592807, FEDORA-2016-d2cbcd602d, FEDORA-2016-fde083842e, MFSA-2016-92, openSUSE-SU-2016:2991-1, openSUSE-SU-2016:2994-1, openSUSE-SU-2016:3011-1, openSUSE-SU-2016:3019-1, RHSA-2016:2843-01, RHSA-2016:2850-01, SSA:2016-336-01, SSA:2016-336-02, SUSE-SU-2016:3048-1, SUSE-SU-2016:3080-1, SUSE-SU-2016:3105-1, USN-3140-1, USN-3141-1, VIGILANCE-VUL-21244, VU#791496.

Description of the vulnerability

An attacker can force the usage of a freed memory area via a SVG animation on Firefox or Thunderbird, in order to trigger a denial of service, and possibly to run code.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-6253

NetBSD: file corruption via mail.local

Synthesis of the vulnerability

A local attacker can create a symbolic link during the execution of mail.local(8) on NetBSD, in order to alter the pointed file.
Impacted products: NetBSD.
Severity: 1/4.
Creation date: 21/07/2016.
Identifiers: CVE-2016-6253, NetBSD-SA2016-006, VIGILANCE-VUL-20179.

Description of the vulnerability

The NetBSD product offers a mail mail.local service.

Users' mailboxes which are used to deliver messages are stored in /var/mail/$USER. The mail.local software uses lstat(2) to verify that the file is not a symlink. Then if the file is not a symlink, it's opened. However, it is possible to create a symlink after the lstat(2) call and before the open(2) call. Then an attacker can append arbitrary data or change the ownership using fchown(2) on the file where the symlink points to.

A local attacker can therefore create a symbolic link during the execution of mail.local(8) on NetBSD, in order to alter the pointed file.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-8212

Bozohttpd: code execution via CGI Handlers

Synthesis of the vulnerability

An attacker can use CGI handlers of Bozohttpd, which were not conceived to be called as a CGI, in order to run code on NetBSD.
Impacted products: Debian, NetBSD.
Severity: 3/4.
Creation date: 22/04/2016.
Identifiers: CVE-2015-8212, DLA-490-1, NetBSD-SA2016-005, VIGILANCE-VUL-19440.

Description of the vulnerability

The NetBSD system offers a web service based on bozohttpd.

The "-C" option converts any program (such as PHP-CLI) to a CGI handler. However, by nature, this feature is not safe. All arguments given to the url of a CGI are sent to the script, which was usually not conceived for that.

An attacker can therefore use CGI handlers of Bozohttpd, which were not conceived to be called as a CGI, in order to run code on NetBSD.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetBSD: