The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Nortel Ethernet Routing Switch

threat announce CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/08/2016.
Identifiers: 1610582, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1994375, 1995099, 1995922, 1998797, 1999054, 1999421, 2000209, 2000212, 2000370, 2000544, 2001608, 2002021, 2002335, 2002336, 2002479, 2002537, 2002870, 2002897, 2002991, 2003145, 2003480, 2003620, 2003673, 2004036, 2008828, 523628, 9010102, bulletinapr2017, c05349499, c05369403, c05369415, c05390849, CERTFR-2017-AVI-012, CERTFR-2019-AVI-049, CERTFR-2019-AVI-311, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-2183, CVE-2016-6329, DSA-2018-124, DSA-2019-131, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FG-IR-17-173, HPESBGN03697, HPESBGN03765, HPESBUX03725, HPSBGN03690, HPSBGN03694, HPSBHF03674, ibm10718843, java_jan2017_advisory, JSA10770, KM03060544, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2017:1638-1, openSUSE-SU-2018:0458-1, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, RHSA-2018:2123-01, SA133, SA40312, SB10171, SB10186, SB10197, SB10215, SOL13167034, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SSA:2016-363-01, SSA-556833, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2017:1444-1, SUSE-SU-2017:2838-1, SUSE-SU-2017:3177-1, SWEET32, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3270-1, USN-3339-1, USN-3339-2, USN-3372-1, VIGILANCE-VUL-20473.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2015-0138 CVE-2015-0204

OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/03/2015.
Revision date: 09/03/2015.
Identifiers: 122007, 1450666, 1610582, 1647054, 1698613, 1699051, 1699810, 1700225, 1700997, 1701485, 1902260, 1903541, 1963275, 1968485, 1973383, 55767, 7014463, 7022958, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, c04773241, CERTFR-2015-AVI-108, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2017, CTX216642, CVE-2015-0138, CVE-2015-0204, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FG-IR-15-007, FREAK, FreeBSD-SA-15:01.openssl, HPSBMU03345, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SA40015, SA88, SA91, SB10108, SB10110, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, T1022075, USN-2459-1, VIGILANCE-VUL-16301, VN-2015-003_FREAK, VU#243585.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

Several cryptographic algorithms can be negotiated, such as algorithms allowed for USA export (less than 512 bits).

An attacker, located as a Man-in-the-Middle, can inject during the session initialization a message choosing an export algorithm. This message should generate an error, however some TLS clients accept it.

Note: the variant related to Windows is described in VIGILANCE-VUL-16332.

An attacker, located as a Man-in-the-Middle, can therefore force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

weakness alert 13143

Avaya Ethernet Routing Switch: denial of service via NanoSSH

Synthesis of the vulnerability

An attacker can connect to the NanoSSH service of Avaya Ethernet Routing Switch, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 18/07/2013.
Identifiers: 2116, VIGILANCE-VUL-13143.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Avaya Ethernet Routing Switch product uses the SSH Mocana NanoSSH server.

When a SSH client connects to the server, it sends the packet SSH KEXINIT, which contains the list of supported MAC algorithms (hmac-md5,hmac-sha1, etc.). However, if this list is too large, the NanoSSH service stops.

The origin of this vulnerability could be a buffer overflow.

An attacker can therefore connect to the NanoSSH service of Avaya Ethernet Routing Switch, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2009-2631

Cisco, Juniper, Microsoft, Nortel, Stonesoft: vulnerability of SSL VPN

Synthesis of the vulnerability

A weakness in the conception of some Clientless SSL VPN products can be used by an attacker in order to obtain information from other web sites visited by the victim.
Severity: 3/4.
Creation date: 09/12/2009.
Identifiers: 025367-01, 19500, 2009009920, 984744, BID-37152, CVE-2009-2631, KB15799, PSN-2009-11-580, VIGILANCE-VUL-9265, VU#261869.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Some VPN SSL products setup a SSL proxy where users connect with their web browser. Urls of visited web sites are then rewritten as:
  https://proxy-ssl/origin-site/page.html
So, they seem to be hosted on the https://proxy-ssl/ server.

Web browsers are conceived to partition JavaScript scripts on the domain where they come from. However, when a SSL proxy places different web sites under the same domain, this protection is bypassed, and a malicious JavaScript script can thus access to other web sites.

Some products update the source code of web pages on the fly, in order to replace JavaScript calls. However, an attacker can obfuscate his code so this change cannot be done.

A weakness in the conception of some Clientless SSL VPN products can therefore be used by an attacker in order to obtain information from other web sites visited by the victim.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2009-3563

NTP: denial of service

Synthesis of the vulnerability

A remote attacker can send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Severity: 2/4.
Creation date: 09/12/2009.
Identifiers: 025389-01, 1021781, 2009009932, 275590, 6902029, BID-37255, c01961950, c02737553, c03714526, CERTA-2010-AVI-002, CR131466, CVE-2009-3563, DSA-1948-1, FEDORA-2009-13046, FEDORA-2009-13090, FEDORA-2009-13121, FreeBSD-SA-10:02.ntpd, HPSBTU02496, HPSBUX02639, HPSBUX02859, IZ68659, IZ71047, IZ71071, IZ71093, IZ71608, IZ71610, IZ71611, IZ71613, IZ71614, MDVSA-2009:328, NetBSD-SA2010-005, PSN-2009-12-609, RHSA-2009:1648-01, RHSA-2009:1651-01, SOL10905, SSA:2009-343-01, SSRT090245, SSRT100293, SSRT101144, SUSE-SR:2009:020, VIGILANCE-VUL-9259, VMSA-2010-0004, VMSA-2010-0004.1, VMSA-2010-0004.2, VMSA-2010-0004.3, VMSA-2010-0009, VMSA-2010-0009.1.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The NTP protocol possess multiple modes of operation.

The MODE_PRIVATE mode is used by ntpdc to query the state of ntpd daemon. When ntpd receives an invalid MODE_PRIVATE request, it sends back a MODE_PRIVATE error. However, when ntpd receives a MODE_PRIVATE error, it sends it back to the sender generating a loop.

A remote attacker can therefore send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2008-5161

OpenSSH: information disclosure via CBC

Synthesis of the vulnerability

An attacker capturing an OpenSSH session has a low probability to obtain 32 bits of plain text.
Severity: 1/4.
Creation date: 18/11/2008.
Revision date: 21/11/2008.
Identifiers: 247186, 6761890, BID-32319, CPNI-957037, CVE-2008-5161, NetBSD-SA2009-005, RHSA-2009:1287-02, sk36343, sol14609, VIGILANCE-VUL-8251, VU#958563.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSH program encrypts data of sessions using a CBC (Cipher Block Chaining) algorithm by default.

If an attacker creates an error in the session,
 - he has one chance over 262144 (2^18) to obtain 32 bits of the unencrypted session
 - he has one chance over 16384 (2^14) to obtain 14 bits of the unencrypted session
This attack interrupts the SSH session, so the victim detects that a problem occurred.

This vulnerability does not impact the CTR (Counter) algorithm.

An attacker capturing an OpenSSH session, and injecting invalid data, thus has a low probability to obtain some bits of plain text.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.