The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of OpenBSD

vulnerability alert 24721

OpenBSD: denial of service via MPLS

Synthesis of the vulnerability

An attacker can send malicious MPLS packets to OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 3/4.
Creation date: 11/12/2017.
Identifiers: VIGILANCE-VUL-24721.

Description of the vulnerability

The OpenBSD product has a service to manage received MPLS packets.

However, when malicious MPLS packets are received, a fatal error occurs.

An attacker can therefore send malicious MPLS packets to OpenBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 22952

OpenBSD: denial of service via the wscons driver

Synthesis of the vulnerability

An attacker can generate a fatal error via wscons of OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Creation date: 13/06/2017.
Identifiers: VIGILANCE-VUL-22952.

Description of the vulnerability

An attacker can generate a fatal error via wscons of OpenBSD, in order to trigger a denial of service.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 22951

OpenBSD on hppa plateforms: integer overflow in the sti graphic driver

Synthesis of the vulnerability

An attacker can generate an integer overflow in the sti driver of OpenBSD, in order to trigger a denial of service.
Impacted products: OpenBSD.
Severity: 1/4.
Creation date: 13/06/2017.
Identifiers: VIGILANCE-VUL-22951.

Description of the vulnerability

OpenBSD includes a video card driver sti.

However, in the function sti_ioctl(), a caller controlled variable is used in a comparison is such a way that the user can bypass a check and then trigger a kernel crash.

An attacker can therefore generate an integer overflow in the sti driver of OpenBSD, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-6512

Perl File-Path: permission tampering

Synthesis of the vulnerability

A local attacker can create a symbolic link, in order to change the access rights assigned to the pointed file, with the privileges of the process using the Perl module File::Path.
Impacted products: Debian, Fedora, Kubernetes, OpenBSD, openSUSE Leap, Ubuntu.
Severity: 2/4.
Creation date: 06/06/2017.
Identifiers: CVE-2017-6512, DLA-978-1, DSA-3873-1, FEDORA-2017-212f07c853, FEDORA-2017-4e981a51e6, FEDORA-2017-dd42592f9a, openSUSE-SU-2017:3101-1, USN-3625-1, USN-3625-2, VIGILANCE-VUL-22899.

Description of the vulnerability

A local attacker can create a symbolic link, in order to change the access rights assigned to the pointed file, with the privileges of the process using the Perl module File::Path.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 22201

OpenBSD: information disclosure via the ELF loader

Synthesis of the vulnerability

A local attacker can read a fragment of the OpenBSD kernel stack via the loader of programs using the ELF format, in order to get sensitive information.
Impacted products: OpenBSD.
Severity: 1/4.
Creation date: 21/03/2017.
Identifiers: VIGILANCE-VUL-22201.

Description of the vulnerability

A local attacker can read a fragment of the OpenBSD kernel stack via the loader of programs using the ELF format, in order to get sensitive information.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 22005

OpenBSD: Man-in-the-Middle via WPA

Synthesis of the vulnerability

An attacker can act as a WiFi access point, in order to read or write data in the session of OpenBSD client hosts.
Impacted products: OpenBSD.
Severity: 2/4.
Creation date: 02/03/2017.
Identifiers: VIGILANCE-VUL-22005.

Description of the vulnerability

The OpenBSD kernel implements WPA to encryp Wi-Fi communications.

However, the packet chaining in signaling is not rightly checked.

An attacker can therefore act as a Wi-Fi access point, in order to read or write data in the session of OpenBSD client hosts.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-6563 CVE-2015-6564 CVE-2015-6565

OpenSSH: three vulnerabilities

Synthesis of the vulnerability

An authenticated attacker can use several vulnerabilities of OpenSSH.
Impacted products: Blue Coat CAS, DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Copssh, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, OpenBSD, OpenSSH, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 12/08/2015.
Revisions dates: 03/09/2015, 27/01/2017.
Identifiers: BFS-SA-2015-002, BSA-2015-009, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2015-6563, CVE-2015-6564, CVE-2015-6565, DLA-1500-1, DLA-1500-2, FEDORA-2015-13520, FreeBSD-SA-15:22.openssh, JSA10774, JSA10840, K17263, RHSA-2015:2088-06, RHSA-2016:0741-01, SA104, SB10177, SB10178, SOL17263, SUSE-SU-2015:1581-1, VIGILANCE-VUL-17643.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSH.

A local attacker can write a message (or ANSI sequences) on the tty of other users, because the tty is world-writable. It is also possible to use the TIOCSTI ioctl, in order to inject shell commands. [severity:2/4; CVE-2015-6565]

On OpenSSH Portable, a local attacker can use PAM and compromise the pre-authentication process, in order to impersonate other users. [severity:2/4; BFS-SA-2015-002, CVE-2015-6563]

On OpenSSH Portable, an attacker can compromise the pre-authentication process and force the usage of a freed memory area in PAM support, in order to trigger a denial of service, and possibly to run code. [severity:2/4; BFS-SA-2015-002, CVE-2015-6564]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-7056

OpenSSL: ECDSA signature not computed in constant time

Synthesis of the vulnerability

An attacker can monitor a process performing a DSA signature with OpenSSL, in order to potentially obtain information about the secret key.
Impacted products: Mac OS X, Debian, BIG-IP Hardware, TMOS, Android OS, OpenBSD, OpenSSL, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 11/01/2017.
Identifiers: CVE-2016-7056, DLA-814-1, DSA-3773-1, HT207615, K32743437, openSUSE-SU-2017:0409-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:1211-1, openSUSE-SU-2017:1212-1, openSUSE-SU-2018:0458-1, SUSE-SU-2018:0112-1, USN-3181-1, VIGILANCE-VUL-21550.

Description of the vulnerability

An attacker can therefore monitor a process performing a ECDSA signature with OpenSSL, in order to potentially obtain information about the secret key.

This vulnerability is the same than the one described in VIGILANCE-VUL-19820, but this time it is about the elliptic curve based variant of DSA.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-8858

OpenSSH: denial of service via kex_input_kexinit

Synthesis of the vulnerability

An unauthenticated attacker can send some SSH messages to OpenSSH, in order to trigger a denial of service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, FreeBSD, AIX, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP, OpenBSD, OpenSSH, openSUSE Leap, Solaris, pfSense.
Severity: 2/4.
Creation date: 11/10/2016.
Identifiers: bulletinoct2016, CVE-2016-8858, FreeBSD-SA-16:33.openssh, JSA10837, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0344-1, openSUSE-SU-2017:0674-1, pfSense-SA-17_03.webgui, SA136, VIGILANCE-VUL-20819.

Description of the vulnerability

The OpenSSH product uses the kex_input_kexinit() function during the initialization of the key exchange.

However, the ssh_dispatch_set() function is not called, which leads to the consumption of memory and CPU.

An unauthenticated attacker can therefore send some SSH messages to OpenSSH, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-5407 CVE-2016-7942 CVE-2016-7943

X.Org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of X.Org.
Impacted products: Debian, Fedora, OpenBSD, openSUSE, openSUSE Leap, Solaris, Slackware, Ubuntu, XOrg Bundle ~ not comprehensive, libX11.
Severity: 2/4.
Creation date: 05/10/2016.
Identifiers: bulletinoct2016, CVE-2016-5407, CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7951, CVE-2016-7952, CVE-2016-7953, DLA-654-1, DLA-660-1, DLA-664-1, DLA-667-1, DLA-671-1, DLA-684-1, DLA-684-2, DLA-685-1, DLA-685-2, DLA-686-1, FEDORA-2016-0e7694c456, FEDORA-2016-21f0de504c, FEDORA-2016-3b41a9eaa8, FEDORA-2016-49d560da23, FEDORA-2016-5aa206bd16, FEDORA-2016-83040426d6, FEDORA-2016-8877cf648b, FEDORA-2016-a236cb3315, FEDORA-2016-b26b497381, FEDORA-2016-c1d4b1df79, FEDORA-2016-cabb6d7ef7, FEDORA-2016-d045c2c7b3, FEDORA-2016-d286ffb801, FEDORA-2016-ff5a2f4839, openSUSE-SU-2016:2600-1, openSUSE-SU-2016:3031-1, openSUSE-SU-2016:3033-1, openSUSE-SU-2016:3034-1, openSUSE-SU-2016:3036-1, openSUSE-SU-2016:3037-1, openSUSE-SU-2016:3059-1, SSA:2016-305-02, USN-3758-1, USN-3758-2, VIGILANCE-VUL-20768.

Description of the vulnerability

Several vulnerabilities were announced in X.Org libraries.

An attacker can force a read at an invalid address via libX11 XGetImage(), in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7942]

An attacker can force a read at an invalid address via libX11 XListFonts(), in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7943]

An attacker can generate an integer overflow via libXfixes, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7944]

An attacker can force a read at an invalid address via libXi, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7945]

An attacker can generate an infinite loop via libXi, in order to trigger a denial of service. [severity:1/4; CVE-2016-7946]

An attacker can generate an integer overflow via libXrandr, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7947]

An attacker can trigger a fatal error via libXrandr, in order to trigger a denial of service. [severity:1/4; CVE-2016-7948]

An attacker can generate a buffer overflow via libXrender, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7949]

An attacker can generate a buffer overflow via libXrender XRenderQueryFilters, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7950]

An attacker can force a read at an invalid address via libXtst XRecord, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7951]

An attacker can generate an infinite loop via libXtst XRecord, in order to trigger a denial of service. [severity:1/4; CVE-2016-7952]

An attacker can generate a memory corruption via libXv, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5407]

An attacker can force a read at an invalid address via libXvMC, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7953]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about OpenBSD: