The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Novell openSUSE

computer vulnerability bulletin CVE-2016-4049

Quagga: assertion error via bgp_dump_obuf

Synthesis of the vulnerability

An attacker can force an assertion error in bgp_dump_obuf() of Quagga, in order to trigger a denial of service.
Impacted products: openSUSE, openSUSE Leap, Quagga.
Severity: 1/4.
Creation date: 28/04/2016.
Identifiers: CVE-2016-4049, openSUSE-SU-2016:1313-1, VIGILANCE-VUL-19478.

Description of the vulnerability

The Quagga product can be configured with:
 - more than 100 neighbors
 - a regular dump such as "dump bgp routes-mrt bview.dat"

However, in this case, if large packets are received, an assertion error occurs because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error in bgp_dump_obuf() of Quagga, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-5589 CVE-2015-5590 CVE-2015-8838

PHP: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, pfSense, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 10/07/2015.
Revisions dates: 10/07/2015, 22/04/2016.
Identifiers: 69669, 69768, 69923, 69958, 69970, 69972, CVE-2015-5589, CVE-2015-5590, CVE-2015-8838, DSA-3344-1, FEDORA-2015-11581, openSUSE-SU-2015:1351-1, openSUSE-SU-2016:1167-1, openSUSE-SU-2016:1173-1, RHSA-2016:0457-01, SUSE-SU-2016:1145-1, SUSE-SU-2016:1166-1, USN-2758-1, USN-2952-1, USN-2952-2, VIGILANCE-VUL-17341.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An unknown vulnerability was announced in the functions escapeshell*. This may be related to an incomplete fix for CVE-2015-4642 mentioned in VIGILANCE-VUL-17113. [severity:2/4; 69768]

An attacker can generate a buffer overflow in Phar::convertToDat, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69958, CVE-2015-5589]

An attacker can generate a buffer overflow in phar_fix_filepath, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69923, CVE-2015-5590]

An attacker can force the usage of a freed memory area in spl_recursive_it_move_forward_ex(), in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69970]

An attacker can force the usage of a freed memory area in sqlite3SafetyCheckSickOrOk(), in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69972]

An attacker can act as a Man-in-the-Middle when the mysqlnd client asks for a TLS session, in order to read or alter exchanged data (idem VIGILANCE-VUL-16761 which has the identifier CVE-2015-3152 for MySQL, but CVE-2015-8838 for PHP). [severity:2/4; 69669, CVE-2015-8838]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-3119

MIT krb5: NULL pointer dereference via LDAP process_db_args

Synthesis of the vulnerability

An attacker, with permission to modify a principal entry, can force a NULL pointer to be dereferenced in the LDAP KDB module of MIT krb5, in order to trigger a denial of service.
Impacted products: Fedora, MIT krb5, openSUSE, openSUSE Leap.
Severity: 1/4.
Creation date: 23/03/2016.
Identifiers: CVE-2016-3119, FEDORA-2016-56840babc3, FEDORA-2016-ed99cb602e, openSUSE-SU-2016:0947-1, openSUSE-SU-2016:1072-1, VIGILANCE-VUL-19206.

Description of the vulnerability

The MIT krb5 product can use a LDAP KDB module.

However, if an argument is empty, the process_db_args() function of the src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c file does not check if a pointer is NULL, before using it.

An attacker, with permission to modify a principal entry, can therefore force a NULL pointer to be dereferenced in the LDAP KDB module of MIT krb5, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-2315 CVE-2016-2324

git: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of git.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 16/03/2016.
Identifiers: CVE-2016-2315, CVE-2016-2324, DSA-3521-1, FEDORA-2016-6554eff611, FEDORA-2016-cee7647200, openSUSE-SU-2016:0802-1, openSUSE-SU-2016:0803-1, openSUSE-SU-2016:0826-1, openSUSE-SU-2016:0829-1, openSUSE-SU-2016:0831-1, openSUSE-SU-2016:0832-1, openSUSE-SU-2016:0958-1, RHSA-2016:0496-01, RHSA-2016:0497-01, SSA:2016-075-01, SUSE-SU-2016:0796-1, SUSE-SU-2016:0798-1, USN-2938-1, VIGILANCE-VUL-19178.

Description of the vulnerability

Several vulnerabilities were announced in git.

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2315]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2324]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-3125

ProFTPD: usage of DH 1024 bits by mod_tls

Synthesis of the vulnerability

An attacker can potentially decrypt a TLS session of ProFTPD, in order to obtain the content of transferred files.
Impacted products: Fedora, openSUSE, openSUSE Leap, ProFTPD.
Severity: 2/4.
Creation date: 11/03/2016.
Identifiers: 4230, CVE-2016-3125, FEDORA-2016-977d57cf2d, FEDORA-2016-f95d8ea3ad, openSUSE-SU-2016:1334-1, VIGILANCE-VUL-19159.

Description of the vulnerability

The ProFTPD product uses the mod_tls module to establish sessions secured by TLS.

The administrator can use the TLSDHParamFile parameter to specify a file containing a Diffie Hellman group of 4096 bits for example. However, ProFTPD always uses its 1024 bits group, which is too weak.

An attacker can therefore potentially decrypt a TLS session of ProFTPD, in order to obtain the content of transferred files.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-3172

Cacti: SQL injection of tree.php

Synthesis of the vulnerability

An attacker can use a SQL injection in tree.php of Cacti, in order to read or alter data.
Impacted products: Cacti, openSUSE, openSUSE Leap.
Severity: 2/4.
Creation date: 11/03/2016.
Identifiers: 2667, CVE-2016-3172, openSUSE-SU-2016:1328-1, VIGILANCE-VUL-19157.

Description of the vulnerability

The Cacti product uses a database.

However, user's data entered via tree.php are directly inserted in a SQL query.

An attacker can therefore use a SQL injection in tree.php of Cacti, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-2097 CVE-2016-2098

Rails: two vulnerabilities of Action Pack

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Action Pack of Rails.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL.
Severity: 2/4.
Creation date: 10/03/2016.
Identifiers: CVE-2016-2097, CVE-2016-2098, DSA-3509-1, FEDORA-2016-3954061e32, FEDORA-2016-f6af14570f, openSUSE-SU-2016:0790-1, openSUSE-SU-2016:0835-1, RHSA-2016:0454-01, RHSA-2016:0455-01, RHSA-2016:0456-01, VIGILANCE-VUL-19146.

Description of the vulnerability

Several vulnerabilities were announced in Rails.

An attacker can traverse directories in Action View, in order to read a file outside the root path. [severity:2/4; CVE-2016-2097]

An attacker can use a vulnerability in Render Method, in order to run code. [severity:2/4; CVE-2016-2098]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-7560 CVE-2016-0771

Samba: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, HP-UX, openSUSE, openSUSE Leap, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 08/03/2016.
Identifiers: c05121842, CERTFR-2016-AVI-084, CVE-2015-7560, CVE-2016-0771, DSA-3514-1, FEDORA-2016-cad77a4576, FEDORA-2016-ed1587f6ba, HPSBUX03596, openSUSE-SU-2016:0813-1, openSUSE-SU-2016:0877-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, RHSA-2016:0448-01, RHSA-2016:0449-01, SSA:2016-068-02, SUSE-SU-2016:0814-1, SUSE-SU-2016:0816-1, SUSE-SU-2016:0837-1, SUSE-SU-2016:0905-1, USN-2922-1, VIGILANCE-VUL-19118.

Description of the vulnerability

Several vulnerabilities were announced in Samba.

An attacker can create a symbolic link, in order to alter ACLs. [severity:2/4; CVE-2015-7560]

An attacker can force a read at an invalid address with a DNS TXT record sent to the internal DNS server in AC DC mode, in order to trigger a denial of service. [severity:2/4; CVE-2016-0771]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-0702 CVE-2016-0705 CVE-2016-0797

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS Cisco, IOS XE Cisco, Cisco Nexus, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, AIX, IRAD, Tivoli Workload Scheduler, WebSphere MQ, Copssh, Juniper Network Connect, McAfee Web Gateway, Meinberg NTP Server, Data ONTAP, Snap Creator Framework, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Pulse Connect Secure, Pulse Secure SBR, Puppet, RHEL, Red Hat JBoss EAP, ROX, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, Wind River Linux, VxWorks.
Severity: 2/4.
Creation date: 01/03/2016.
Revision date: 07/03/2016.
Identifiers: 046178, 046208, 1979498, 1979602, 7043086, 9010066, 9010067, 9010072, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CTX208403, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842, DSA-3500-1, FEDORA-2016-2802690366, FEDORA-2016-e1234b65a2, FEDORA-2016-e6807b3394, FreeBSD-SA-16:12.openssl, JSA10722, MBGSA-1602, NTAP-20160301-0001, NTAP-20160303-0001, NTAP-20160321-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, RHSA-2016:0301-01, RHSA-2016:0302-01, RHSA-2016:0303-01, RHSA-2016:0304-01, RHSA-2016:0305-01, RHSA-2016:0306-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, SA117, SA40168, SB10156, SOL22334603, SOL40524634, SOL52349521, SOL79215841, SOL93122894, SSA:2016-062-02, SSA-623229, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, USN-2914-1, VIGILANCE-VUL-19060, VN-2016-004, VU#583776.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle on a server supporting SSLv2 and EXPORT ciphers (this configuration is considered as weak since several years), in order to read or write data in the session. [severity:2/4; CVE-2016-0800, VU#583776]

An attacker can force the usage of a freed memory area when OpenSSL processes a DSA private key (this scenario is rare), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0705]

An attacker can read a memory fragment via SRP_VBASE_get_by_user, in order to obtain sensitive information. [severity:1/4; CVE-2016-0798]

An attacker can force a NULL pointer to be dereferenced in BN_hex2bn(), in order to trigger a denial of service. [severity:1/4; CVE-2016-0797]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the BIO_*printf() functions, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0799]

An attacker can use cache conflicts on Intel Sandy-Bridge, in order to obtain RSA keys. [severity:1/4; CVE-2016-0702]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the internal doapr_outch() function, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2842]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-1531

Exim: privilege escalation via perl_startup

Synthesis of the vulnerability

A local attacker can use Exim configured with perl_startup, in order to escalate his privileges.
Impacted products: Debian, Exim, Fedora, openSUSE, openSUSE Leap, Ubuntu.
Severity: 2/4.
Creation date: 03/03/2016.
Identifiers: CVE-2016-1531, DSA-3517-1, FEDORA-2016-0e3ca94d88, FEDORA-2016-e062971917, openSUSE-SU-2016:0721-1, USN-2933-1, VIGILANCE-VUL-19083.

Description of the vulnerability

The Exim product uses the "perl_startup" configuration directive, which can be used to run code in Perl language.

However, environment variables are not filtered. If Exim is installed suid root, a local attacker can thus pass variable to Perl, in order to gain root privileges.

A local attacker can therefore use Exim configured with perl_startup, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Novell openSUSE: