The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Nortel Ethernet Routing Switch

vulnerability bulletin CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Impacted products: Avaya Ethernet Routing Switch, Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, Avamar, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeRADIUS, hMailServer, HPE BSM, LoadRunner, HP Operations, Performance Center, Real User Monitoring, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Informix Server, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, McAfee Email Gateway, ePO, Data ONTAP, Snap Creator Framework, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/08/2016.
Identifiers: 1610582, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1994375, 1995099, 1995922, 1998797, 1999054, 1999421, 2000209, 2000212, 2000370, 2000544, 2001608, 2002021, 2002335, 2002336, 2002479, 2002537, 2002870, 2002897, 2002991, 2003145, 2003480, 2003620, 2003673, 2004036, 2008828, 523628, 9010102, bulletinapr2017, c05349499, c05369403, c05369415, c05390849, CERTFR-2017-AVI-012, CERTFR-2019-AVI-049, CERTFR-2019-AVI-311, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-2183, CVE-2016-6329, DSA-2018-124, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FG-IR-17-173, HPESBGN03697, HPESBGN03765, HPESBUX03725, HPSBGN03690, HPSBGN03694, HPSBHF03674, ibm10718843, java_jan2017_advisory, JSA10770, KM03060544, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2017:1638-1, openSUSE-SU-2018:0458-1, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, RHSA-2018:2123-01, SA133, SA40312, SB10171, SB10186, SB10197, SB10215, SOL13167034, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SSA:2016-363-01, SSA-556833, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2017:1444-1, SUSE-SU-2017:2838-1, SUSE-SU-2017:3177-1, SWEET32, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3270-1, USN-3339-1, USN-3339-2, USN-3372-1, VIGILANCE-VUL-20473.

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-0138 CVE-2015-0204

OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Impacted products: Arkoon FAST360, ArubaOS, Avaya Ethernet Routing Switch, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ATA, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Cisco IP Phone, Cisco MeetingPlace, Cisco WSA, Clearswift Email Gateway, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, Chrome, HPE NNMi, HP-UX, AIX, DB2 UDB, Domino, Notes, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, McAfee Email Gateway, ePO, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows (platform) ~ not comprehensive, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Java Oracle, Solaris, Tuxedo, WebLogic, pfSense, Puppet, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/03/2015.
Revision date: 09/03/2015.
Identifiers: 122007, 1450666, 1610582, 1647054, 1698613, 1699051, 1699810, 1700225, 1700997, 1701485, 1902260, 1903541, 1963275, 1968485, 1973383, 55767, 7014463, 7022958, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, c04773241, CERTFR-2015-AVI-108, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2017, CTX216642, CVE-2015-0138, CVE-2015-0204, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FG-IR-15-007, FREAK, FreeBSD-SA-15:01.openssl, HPSBMU03345, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SA40015, SA88, SA91, SB10108, SB10110, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, T1022075, USN-2459-1, VIGILANCE-VUL-16301, VN-2015-003_FREAK, VU#243585.

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

Several cryptographic algorithms can be negotiated, such as algorithms allowed for USA export (less than 512 bits).

An attacker, located as a Man-in-the-Middle, can inject during the session initialization a message choosing an export algorithm. This message should generate an error, however some TLS clients accept it.

Note: the variant related to Windows is described in VIGILANCE-VUL-16332.

An attacker, located as a Man-in-the-Middle, can therefore force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 13143

Avaya Ethernet Routing Switch: denial of service via NanoSSH

Synthesis of the vulnerability

An attacker can connect to the NanoSSH service of Avaya Ethernet Routing Switch, in order to trigger a denial of service.
Impacted products: Avaya Ethernet Routing Switch.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 18/07/2013.
Identifiers: 2116, VIGILANCE-VUL-13143.

Description of the vulnerability

The Avaya Ethernet Routing Switch product uses the SSH Mocana NanoSSH server.

When a SSH client connects to the server, it sends the packet SSH KEXINIT, which contains the list of supported MAC algorithms (hmac-md5,hmac-sha1, etc.). However, if this list is too large, the NanoSSH service stops.

The origin of this vulnerability could be a buffer overflow.

An attacker can therefore connect to the NanoSSH service of Avaya Ethernet Routing Switch, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-2631

Cisco, Juniper, Microsoft, Nortel, Stonesoft: vulnerability of SSL VPN

Synthesis of the vulnerability

A weakness in the conception of some Clientless SSL VPN products can be used by an attacker in order to obtain information from other web sites visited by the victim.
Impacted products: Avaya Ethernet Routing Switch, ASA, IVE OS, Juniper SA, ISA, Nortel ESM, Nortel VPN Router, StoneGate Firewall.
Severity: 3/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: internet server.
Creation date: 09/12/2009.
Identifiers: 025367-01, 19500, 2009009920, 984744, BID-37152, CVE-2009-2631, KB15799, PSN-2009-11-580, VIGILANCE-VUL-9265, VU#261869.

Description of the vulnerability

Some VPN SSL products setup a SSL proxy where users connect with their web browser. Urls of visited web sites are then rewritten as:
  https://proxy-ssl/origin-site/page.html
So, they seem to be hosted on the https://proxy-ssl/ server.

Web browsers are conceived to partition JavaScript scripts on the domain where they come from. However, when a SSL proxy places different web sites under the same domain, this protection is bypassed, and a malicious JavaScript script can thus access to other web sites.

Some products update the source code of web pages on the fly, in order to replace JavaScript calls. However, an attacker can obfuscate his code so this change cannot be done.

A weakness in the conception of some Clientless SSL VPN products can therefore be used by an attacker in order to obtain information from other web sites visited by the victim.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2009-3563

NTP: denial of service

Synthesis of the vulnerability

A remote attacker can send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Impacted products: Avaya Ethernet Routing Switch, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, Tru64 UNIX, HP-UX, AIX, Juniper J-Series, Junos OS, Mandriva Linux, Mandriva NF, Meinberg NTP Server, NetBSD, Nortel ESM, Nortel VPN Router, NLD, OES, NTP.org, OpenSolaris, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SLES, ESX, ESXi.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 09/12/2009.
Identifiers: 025389-01, 1021781, 2009009932, 275590, 6902029, BID-37255, c01961950, c02737553, c03714526, CERTA-2010-AVI-002, CR131466, CVE-2009-3563, DSA-1948-1, FEDORA-2009-13046, FEDORA-2009-13090, FEDORA-2009-13121, FreeBSD-SA-10:02.ntpd, HPSBTU02496, HPSBUX02639, HPSBUX02859, IZ68659, IZ71047, IZ71071, IZ71093, IZ71608, IZ71610, IZ71611, IZ71613, IZ71614, MDVSA-2009:328, NetBSD-SA2010-005, PSN-2009-12-609, RHSA-2009:1648-01, RHSA-2009:1651-01, SOL10905, SSA:2009-343-01, SSRT090245, SSRT100293, SSRT101144, SUSE-SR:2009:020, VIGILANCE-VUL-9259, VMSA-2010-0004, VMSA-2010-0004.1, VMSA-2010-0004.2, VMSA-2010-0004.3, VMSA-2010-0009, VMSA-2010-0009.1.

Description of the vulnerability

The NTP protocol possess multiple modes of operation.

The MODE_PRIVATE mode is used by ntpdc to query the state of ntpd daemon. When ntpd receives an invalid MODE_PRIVATE request, it sends back a MODE_PRIVATE error. However, when ntpd receives a MODE_PRIVATE error, it sends it back to the sender generating a loop.

A remote attacker can therefore send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-5161

OpenSSH: information disclosure via CBC

Synthesis of the vulnerability

An attacker capturing an OpenSSH session has a low probability to obtain 32 bits of plain text.
Impacted products: Avaya Ethernet Routing Switch, CheckPoint Power-1 Appliance, SecurePlatform, CheckPoint Smart-1, CheckPoint UTM-1 Appliance, CheckPoint VSX-1, BIG-IP Hardware, TMOS, AIX, NetBSD, OpenSolaris, OpenSSH, Solaris, RHEL.
Severity: 1/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 18/11/2008.
Revision date: 21/11/2008.
Identifiers: 247186, 6761890, BID-32319, CPNI-957037, CVE-2008-5161, NetBSD-SA2009-005, RHSA-2009:1287-02, sk36343, sol14609, VIGILANCE-VUL-8251, VU#958563.

Description of the vulnerability

The OpenSSH program encrypts data of sessions using a CBC (Cipher Block Chaining) algorithm by default.

If an attacker creates an error in the session,
 - he has one chance over 262144 (2^18) to obtain 32 bits of the unencrypted session
 - he has one chance over 16384 (2^14) to obtain 14 bits of the unencrypted session
This attack interrupts the SSH session, so the victim detects that a problem occurred.

This vulnerability does not impact the CTR (Counter) algorithm.

An attacker capturing an OpenSSH session, and injecting invalid data, thus has a low probability to obtain some bits of plain text.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.