The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Network Appliance Data ONTAP

computer vulnerability bulletin CVE-2016-2848

BIND: assertion error via Options

Synthesis of the vulnerability

An attacker can force an assertion error via DNS Options of BIND, in order to trigger a denial of service.
Impacted products: Debian, AIX, BIND, Data ONTAP, RHEL, Ubuntu.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 21/10/2016.
Identifiers: CVE-2016-2848, DLA-672-1, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, RHSA-2016:2093-01, RHSA-2016:2094-01, RHSA-2016:2099-01, USN-3108-1, VIGILANCE-VUL-20928.

Description of the vulnerability

The BIND product implements a DNS service.

However, if the Options section is malformed, an assertion error occurs because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error via DNS Options of BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-8858

OpenSSH: denial of service via kex_input_kexinit

Synthesis of the vulnerability

An unauthenticated attacker can send some SSH messages to OpenSSH, in order to trigger a denial of service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, FreeBSD, AIX, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP, OpenBSD, OpenSSH, openSUSE Leap, Solaris, pfSense.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 11/10/2016.
Identifiers: bulletinoct2016, CVE-2016-8858, FreeBSD-SA-16:33.openssh, JSA10837, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0344-1, openSUSE-SU-2017:0674-1, pfSense-SA-17_03.webgui, SA136, VIGILANCE-VUL-20819.

Description of the vulnerability

The OpenSSH product uses the kex_input_kexinit() function during the initialization of the key exchange.

However, the ssh_dispatch_set() function is not called, which leads to the consumption of memory and CPU.

An unauthenticated attacker can therefore send some SSH messages to OpenSSH, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Impacted products: Avaya Ethernet Routing Switch, Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, Avamar, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeRADIUS, hMailServer, HPE BSM, LoadRunner, HP Operations, Performance Center, Real User Monitoring, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Informix Server, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, McAfee Email Gateway, ePO, Data ONTAP, Snap Creator Framework, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/08/2016.
Identifiers: 1610582, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1994375, 1995099, 1995922, 1998797, 1999054, 1999421, 2000209, 2000212, 2000370, 2000544, 2001608, 2002021, 2002335, 2002336, 2002479, 2002537, 2002870, 2002897, 2002991, 2003145, 2003480, 2003620, 2003673, 2004036, 2008828, 523628, 9010102, bulletinapr2017, c05349499, c05369403, c05369415, c05390849, CERTFR-2017-AVI-012, CERTFR-2019-AVI-049, CERTFR-2019-AVI-311, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-2183, CVE-2016-6329, DSA-2018-124, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FG-IR-17-173, HPESBGN03697, HPESBGN03765, HPESBUX03725, HPSBGN03690, HPSBGN03694, HPSBHF03674, ibm10718843, java_jan2017_advisory, JSA10770, KM03060544, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2017:1638-1, openSUSE-SU-2018:0458-1, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, RHSA-2018:2123-01, SA133, SA40312, SB10171, SB10186, SB10197, SB10215, SOL13167034, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SSA:2016-363-01, SSA-556833, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2017:1444-1, SUSE-SU-2017:2838-1, SUSE-SU-2017:3177-1, SWEET32, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3270-1, USN-3339-1, USN-3339-2, USN-3372-1, VIGILANCE-VUL-20473.

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-6515

OpenSSH: denial of service via crypt

Synthesis of the vulnerability

An attacker can send a long password, which is hashed by crypt() via OpenSSH, in order to trigger a denial of service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Brocade vTM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, IBM System x Server, Juniper EX-Series, Juniper J-Series, Junos OS, Junos Space, SRX-Series, McAfee Email Gateway, Data ONTAP, OpenSSH, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 01/08/2016.
Identifiers: BSA-2016-204, BSA-2016-207, BSA-2016-210, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2017-247, CERTFR-2017-AVI-012, CERTFR-2019-AVI-325, CVE-2016-6515, DLA-1500-1, DLA-1500-2, DLA-594-1, FEDORA-2016-4a3debc3a6, FreeBSD-SA-17:06.openssh, JSA10770, JSA10940, K31510510, MIGR-5099595, MIGR-5099597, NTAP-20171130-0003, openSUSE-SU-2016:2339-1, RHSA-2017:2029-01, SA136, SOL31510510, SSA-181018, USN-3061-1, VIGILANCE-VUL-20279.

Description of the vulnerability

The OpenSSH product uses the crypt() function to hash passwords provided by users.

However, if the sent password is too long, the crypt() function consumes numerous resources.

An attacker can therefore send a long password, which is hashed by crypt() via OpenSSH, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6210

OpenSSH: user detection via BLOWFISH

Synthesis of the vulnerability

An attacker can use a long password on OpenSSH, in order to detect if a login name is valid.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP, OpenSSH, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 18/07/2016.
Identifiers: bulletinoct2016, CERTFR-2016-AVI-279, CERTFR-2019-AVI-325, CVE-2016-6210, DLA-578-1, DSA-3626-1, FEDORA-2016-16e8d38f57, FEDORA-2016-341c83dbd3, FEDORA-2016-7440fa5ce2, JSA10940, K14845276, NTAP-20190206-0001, openSUSE-SU-2016:2339-1, RHSA-2017:2029-01, RHSA-2017:2563-01, SA136, SSA:2016-219-03, USN-3061-1, VIGILANCE-VUL-20133.

Description of the vulnerability

The OpenSSH product uses a workaround, so authentication trials with an invalid login last as long as a normal authentication. In order to do so, a fake password entry is created, with a hash based on the BLOWFISH algorithm.

However, BLOWFISH is faster than SHA256/SHA512 usually used. If the password to hash is long, the time difference can be measured.

An attacker can therefore use a long password on OpenSSH, in order to detect if a login name is valid.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-4953 CVE-2016-4954 CVE-2016-4955

NTP.org: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Cisco ACE, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco MeetingPlace, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Meinberg NTP Server, Data ONTAP, NTP.org, openSUSE, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 5.
Creation date: 03/06/2016.
Identifiers: 9010095, bulletinapr2016, CERTFR-2016-AVI-209, cisco-sa-20160603-ntpd, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957, FEDORA-2016-89e0874533, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:24.ntp, hpesbhf03757, ICSA-16-175-03, K03331206, K64505405, K82644737, NTAP-20160722-0001, openSUSE-SU-2016:1583-1, openSUSE-SU-2016:1636-1, SOL03331206, SSA:2016-155-01, SUSE-SU-2016:1563-1, SUSE-SU-2016:1568-1, SUSE-SU-2016:1584-1, SUSE-SU-2016:1602-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-19790, VU#321640.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can force ntpd to use "interleaved" mode, in order to trigger a denial of service. [severity:1/4; CVE-2016-4956, VU#321640]

An attacker can send a spoofed CRYPTO_NAK packet, in order to trigger a denial of service. [severity:1/4; CVE-2016-4955, VU#321640]

An attacker can send spoofed packets, in order to partially corrupt the state ot the target server. [severity:1/4; CVE-2016-4954, VU#321640]

An attacker can send a malicious CRYPTO-NAK packet, in order to invalidate the cryptographic protection layer. [severity:1/4; CVE-2016-4953, VU#321640]

An attacker can send a malicious CRYPTO-NAK packet, the validity of which is wrongly checked, in order to trigger a denial of service. [severity:3/4; CVE-2016-4957, VU#321640]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-2105 CVE-2016-2106 CVE-2016-2107

OpenSSL: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Tomcat, Mac OS X, StormShield, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, Android OS, HP Operations, HP Switch, AIX, IRAD, QRadar SIEM, IBM System x Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee NSM, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, pfSense, Pulse Connect Secure, Puppet, Python, RHEL, JBoss EAP by Red Hat, SAS Management Console, Shibboleth SP, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, VxWorks, X2GoClient.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 03/05/2016.
Identifiers: 1982949, 1985850, 1987779, 1993215, 1995099, 1998797, 2003480, 2003620, 2003673, 510853, 9010083, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-151, CERTFR-2016-AVI-153, CERTFR-2018-AVI-160, cisco-sa-20160504-openssl, cpuapr2017, cpujan2018, cpujul2016, cpujul2017, cpujul2018, cpuoct2016, cpuoct2017, cpuoct2018, CTX212736, CTX233832, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, DLA-456-1, DSA-3566-1, ESA-2017-142, FEDORA-2016-05c567df1a, FEDORA-2016-1e39d934ed, FEDORA-2016-e1234b65a2, FG-IR-16-026, FreeBSD-SA-16:17.openssl, HPESBGN03728, HPESBHF03756, HT206903, JSA10759, K23230229, K36488941, K51920288, K75152412, K93600123, MBGSA-1603, MIGR-5099595, MIGR-5099597, NTAP-20160504-0001, openSUSE-SU-2016:1237-1, openSUSE-SU-2016:1238-1, openSUSE-SU-2016:1239-1, openSUSE-SU-2016:1240-1, openSUSE-SU-2016:1241-1, openSUSE-SU-2016:1242-1, openSUSE-SU-2016:1243-1, openSUSE-SU-2016:1273-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:0487-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2016:0722-01, RHSA-2016:0996-01, RHSA-2016:1137-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, RHSA-2016:2073-01, SA123, SA40202, SB10160, SOL23230229, SOL36488941, SOL51920288, SOL75152412, SP-CAAAPPQ, SPL-119440, SPL-121159, SPL-123095, SSA:2016-124-01, STORM-2016-002, SUSE-SU-2016:1206-1, SUSE-SU-2016:1228-1, SUSE-SU-2016:1231-1, SUSE-SU-2016:1233-1, SUSE-SU-2016:1267-1, SUSE-SU-2016:1290-1, SUSE-SU-2016:1360-1, SUSE-SU-2018:0112-1, TNS-2016-10, USN-2959-1, VIGILANCE-VUL-19512, VN-2016-006, VN-2016-007.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. This vulnerability was initially fixed in versions 1.0.1o and 1.0.2c, but it was not disclosed at that time. [severity:3/4; CVE-2016-2108]

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. [severity:3/4; CVE-2016-2107]

An attacker can generate a buffer overflow in EVP_EncodeUpdate(), which is mainly used by command line applications, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2105]

An attacker can generate a buffer overflow in EVP_EncryptUpdate(), which is difficult to reach, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2106]

An attacker can trigger an excessive memory usage in d2i_CMS_bio(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2109]

An attacker can force a read at an invalid address in applications using X509_NAME_oneline(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-2176]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-5370 CVE-2016-0128 CVE-2016-2110

Windows, Samba: code execution via Badlock

Synthesis of the vulnerability

An attacker can use the Badlock vulnerability of Windows or Samba, in order to run code.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, DB2 UDB, QRadar SIEM, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Data ONTAP, openSUSE, openSUSE Leap, Solaris, Pulse Connect Secure, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 23/03/2016.
Revision date: 12/04/2016.
Identifiers: 1986595, 1987766, 3148527, 9010080, bulletinjan2016, bulletinoct2016, c05162399, CVE-2015-5370, CVE-2016-0128, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, DLA-509-1, DSA-3548-1, DSA-3548-2, DSA-3548-3, FEDORA-2016-48b3761baa, FEDORA-2016-be53260726, HPSBUX03616, MS16-047, NTAP-20160412-0001, openSUSE-SU-2016:1025-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2016:0611-01, RHSA-2016:0612-01, RHSA-2016:0613-01, RHSA-2016:0618-01, RHSA-2016:0619-01, RHSA-2016:0620-01, RHSA-2016:0621-01, RHSA-2016:0623-01, RHSA-2016:0624-01, RHSA-2016:0625-01, SA122, SA40196, SOL37603172, SOL53313971, SSA:2016-106-02, SSRT110128, SUSE-SU-2016:1022-1, SUSE-SU-2016:1023-1, SUSE-SU-2016:1024-1, SUSE-SU-2016:1028-1, SUSE-SU-2016:1105-1, USN-2950-1, USN-2950-2, USN-2950-3, USN-2950-4, USN-2950-5, VIGILANCE-VUL-19207, VU#813296.

Description of the vulnerability

The Windows and Samba products implement authentication for CIFS.

However, several vulnerabilities in these implementations can be used by a Man-in-the-Middle, or to weaken the protocol.

An attacker can therefore use the Badlock vulnerability of Windows or Samba, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-7746

NetApp Data ONTAP: read-write access via 7-Mode UTF-8

Synthesis of the vulnerability

An attacker can bypass access restrictions of NetApp Data ONTAP in 7-Mode with UTF-8, in order to read or alter data.
Impacted products: Data ONTAP.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user account.
Creation date: 21/03/2016.
Identifiers: 9010049, CVE-2015-7746, NTAP-20151112-0001, VIGILANCE-VUL-19200.

Description of the vulnerability

The NetApp Data ONTAP product can be configured in 7-Mode, with ".UTF-8" appended to the volume language.

However, in this case, an attacker can bypass access restrictions to data.

An attacker can therefore bypass access restrictions of NetApp Data ONTAP in 7-Mode with UTF-8, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-3115

OpenSSH: injection of xauth commands

Synthesis of the vulnerability

An attacker, who has an account with OpenSSH, but which is restricted and without a shell access, can transmit xauth commands via OpenSSH, in order to read/write a file with his own privileges.
Impacted products: Blue Coat CAS, Debian, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, NSM Central Manager, NSMXpress, Data ONTAP, OpenBSD, OpenSSH, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 1/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: user account.
Creation date: 10/03/2016.
Identifiers: 000008913, 499797, bulletinapr2016, CERTFR-2016-AVI-097, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-3115, DLA-1500-1, DLA-1500-2, ESA-2017-025, FEDORA-2016-188267b485, FEDORA-2016-bb59db3c86, FEDORA-2016-d339d610c1, FEDORA-2016-fc1cc33e05, FreeBSD-SA-16:14.openssh, JSA10774, K93532943, NTAP-20160519-0001, openSUSE-SU-2016:1455-1, RHSA-2016:0465-01, RHSA-2016:0466-01, SA121, SA126, SOL93532943, SSA:2016-070-01, USN-2966-1, VIGILANCE-VUL-19152.

Description of the vulnerability

The xauth utility manages credentials of the user to access to X11.

When X11Forwarding is enabled in sshd_config, the OpenSSH daemon transmits credentials to xauth. However, OpenSSH does not filter line feeds contained in these credentials. So xauth commands can thus be transmitted to xauth. These commands can read/write a file with user's privileges, or to connect to a port.

An attacker, who has an account with OpenSSH, but which is restricted and without a shell access, can therefore transmit xauth commands via OpenSSH, in order to read/write a file with his own privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Network Appliance Data ONTAP: