The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Directory Server Enterprise Edition

vulnerability bulletin CVE-2013-2186 CVE-2014-1568 CVE-2014-1569

Oracle Fusion: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in July 2015.
Impacted products: WebSphere AS Traditional, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 39.
Creation date: 15/07/2015.
Identifiers: 1962107, cpujul2015, CVE-2013-2186, CVE-2014-1568, CVE-2014-1569, CVE-2014-3566, CVE-2014-3567, CVE-2014-3571, CVE-2014-7809, CVE-2015-0286, CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-1926, CVE-2015-2593, CVE-2015-2598, CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, CVE-2015-2623, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-2658, CVE-2015-4742, CVE-2015-4744, CVE-2015-4745, CVE-2015-4747, CVE-2015-4751, CVE-2015-4758, CVE-2015-4759, VIGILANCE-VUL-17373.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-2186]

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4745]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2603]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2602]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2604]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2605]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2606]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1569]

An attacker can use a vulnerability of Oracle OpenSSO, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle Traffic Director, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle iPlanet Web Proxy Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1569]

An attacker can use a vulnerability of Oracle iPlanet Web Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1569]

An attacker can use a vulnerability of Oracle Access Manager, in order to obtain or alter information. [severity:3/4; CVE-2015-2593]

An attacker can use a vulnerability of Oracle Tuxedo, in order to trigger a denial of service. [severity:3/4; CVE-2014-3567]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0443]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0444]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0445]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0446]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4759]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4758]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2634]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2635]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2636]

An attacker can use a vulnerability of Oracle Event Processing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4747]

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-7809]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain or alter information. [severity:2/4; CVE-2015-1926]

An attacker can use a vulnerability of Oracle Access Manager, in order to trigger a denial of service. [severity:2/4; CVE-2015-4751]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can use a vulnerability of Oracle JDeveloper, in order to trigger a denial of service. [severity:2/4; CVE-2015-4742]

An attacker can use a vulnerability of Oracle Tuxedo, in order to trigger a denial of service. [severity:2/4; CVE-2014-3571]

An attacker can use a vulnerability of Oracle Tuxedo, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can use a vulnerability of Web Cache, in order to obtain information. [severity:2/4; CVE-2015-2658]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:2/4; CVE-2015-2623]

An attacker can use a vulnerability of Oracle Tuxedo, in order to obtain information. [severity:2/4; CVE-2014-3566]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2015-2623]

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to alter information. [severity:2/4; CVE-2015-2598]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:1/4; CVE-2015-4744]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:1/4; CVE-2015-4744]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-2808

TLS: RC4 decryption via Bar Mitzvah

Synthesis of the vulnerability

An attacker can use the Bar Mitzvah Attack on TLS, in order to obtain sensitive information encrypted by RC4.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Avamar, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, HPE BSM, HP Data Protector, HPE NNMi, HP Operations, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Domino, Notes, IRAD, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, SnapManager, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 27/03/2015.
Identifiers: 1450666, 1610582, 1647054, 1882708, 1883551, 1883553, 1902260, 1903541, 1960659, 1963275, 1967498, 523628, 7014463, 7022958, 7045736, 9010041, 9010044, Bar Mitzvah, BSA-2015-007, c04708650, c04767175, c04770140, c04772305, c04773119, c04773241, c04777195, c04777255, c04832246, c04926789, c05085988, c05336888, cpujan2018, cpuoct2017, CVE-2015-2808, DSA-2018-124, HPSBGN03350, HPSBGN03393, HPSBGN03399, HPSBGN03407, HPSBGN03414, HPSBGN03415, HPSBGN03580, HPSBHF03673, HPSBMU03345, HPSBMU03401, HPSBUX03435, HPSBUX03512, NTAP-20150715-0001, NTAP-20151028-0001, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SOL16864, SSRT102254, SSRT102977, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, VIGILANCE-VUL-16486, VN-2015-004.

Description of the vulnerability

During the initialization of a TLS session, the client and the server negotiate cryptographic algorithms. The RC4 algorithm can be chosen to encrypt data.

For some weak keys (one over 2^24), the Invariance Weakness can be used to predict the two LSB (Least Significant Bit) of the 100 first bytes encrypted with RC4. The first TLS message is "Finished" (36 bytes), thus an attacker can predict LSBs of 64 bytes.

An attacker can therefore use the Bar Mitzvah Attack on TLS, in order to obtain sensitive information encrypted by RC4.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-1944 CVE-2011-3389 CVE-2011-3607

Oracle Fusion: several vulnerabilities of January 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in January 2015.
Impacted products: Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, WebLogic.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 34.
Creation date: 21/01/2015.
Identifiers: cpujan2015, CVE-2011-1944, CVE-2011-3389, CVE-2011-3607, CVE-2013-0338, CVE-2013-1741, CVE-2013-2186, CVE-2013-2877, CVE-2013-4286, CVE-2013-5704, CVE-2013-6438, CVE-2014-0098, CVE-2014-0114, CVE-2014-0191, CVE-2014-0224, CVE-2014-0226, CVE-2014-6526, CVE-2014-6548, CVE-2014-6569, CVE-2014-6571, CVE-2014-6576, CVE-2014-6580, CVE-2014-6592, CVE-2015-0362, CVE-2015-0367, CVE-2015-0372, CVE-2015-0376, CVE-2015-0386, CVE-2015-0389, CVE-2015-0396, CVE-2015-0399, CVE-2015-0401, CVE-2015-0414, CVE-2015-0420, CVE-2015-0434, RHSA-2018:2669-01, VIGILANCE-VUL-16012.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2011-1944]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0224]

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-1741]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0396]

An attacker can use a vulnerability of Oracle Real-Time Decision Server, Oracle Waveset or Oracle WebLogic Portal, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0114]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-2186]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0226]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-6571]

An attacker can use a vulnerability of BI Publisher (XML Publisher), in order to obtain or alter information. [severity:2/4; CVE-2013-4286]

An attacker can use a vulnerability of Oracle Adaptive Access Manager, in order to obtain or alter information. [severity:2/4; CVE-2014-6576]

An attacker can use a vulnerability of BI Publisher (XML Publisher), in order to obtain information. [severity:2/4; CVE-2015-0362]

An attacker can use a vulnerability of Oracle Access Manager, in order to alter information. [severity:2/4; CVE-2015-0367]

An attacker can use a vulnerability of Oracle Containers for J2EE, in order to obtain information. [severity:2/4; CVE-2015-0372]

An attacker can use a vulnerability of Oracle HTTP Server, in order to trigger a denial of service. [severity:2/4; CVE-2013-2877]

An attacker can use a vulnerability of Oracle HTTP Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-0098]

An attacker can use a vulnerability of Oracle HTTP Server, in order to trigger a denial of service. [severity:2/4; CVE-2013-6438]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2013-5704]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information. [severity:2/4; CVE-2014-6569]

An attacker can use a vulnerability of Oracle SOA Suite, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2014-6548]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2011-3607]

An attacker can use a vulnerability of Oracle Access Manager, in order to obtain information. [severity:2/4; CVE-2015-0434]

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition, in order to alter information. [severity:2/4; CVE-2014-6526]

An attacker can use a vulnerability of Oracle Forms, in order to obtain information. [severity:2/4; CVE-2015-0420]

An attacker can use a vulnerability of Oracle HTTP Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-0191]

An attacker can use a vulnerability of Oracle HTTP Server, in order to trigger a denial of service. [severity:2/4; CVE-2013-0338]

An attacker can use a vulnerability of Oracle HTTP Server, in order to trigger a denial of service. [severity:2/4; CVE-2015-0386]

An attacker can use a vulnerability of Oracle Reports Developer, in order to alter information. [severity:2/4; CVE-2014-6580]

An attacker can use a vulnerability of Oracle Security Service, in order to obtain information. [severity:2/4; CVE-2011-3389]

An attacker can use a vulnerability of Oracle WebCenter Content, in order to alter information. [severity:2/4; CVE-2015-0376]

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to obtain information. [severity:1/4; CVE-2015-0399]

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition, in order to alter information. [severity:2/4; CVE-2015-0401]

An attacker can use a vulnerability of Oracle OpenSSO, in order to alter information. [severity:2/4; CVE-2015-0389]

An attacker can use a vulnerability of Oracle OpenSSO, in order to alter information. [severity:1/4; CVE-2014-6592]

An attacker can use a vulnerability of Oracle SOA Suite, in order to obtain information. [severity:2/4; CVE-2015-0414]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-0114

Apache Struts 1: code execution via ClassLoader

Synthesis of the vulnerability

An attacker can use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Impacted products: Struts, Debian, BIG-IP Hardware, TMOS, Fedora, SiteScope, IRAD, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, Puppet, RHEL, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 26/05/2014.
Identifiers: 1672316, 1673982, 1674339, 1675822, 2016214, c04399728, c05324755, CERTFR-2014-AVI-382, cpuapr2017, cpujan2018, cpujan2019, cpuoct2017, cpuoct2018, CVE-2014-0114, DSA-2940-1, ESA-2014-080, FEDORA-2014-9380, HPSBGN03669, HPSBMU03090, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, MDVSA-2014:095, RHSA-2014:0474-01, RHSA-2014:0497-01, RHSA-2014:0500-01, RHSA-2014:0511-01, RHSA-2018:2669-01, SOL15282, SUSE-SU-2014:0902-1, swg22017525, VIGILANCE-VUL-14799, VMSA-2014-0008, VMSA-2014-0008.1, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The Apache Struts product is used to develop Java EE applications.

However, the "class" parameter is mapped to getClass(), and can be used to manipulate the ClassLoader.

An attacker can therefore use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-1741 CVE-2013-2566 CVE-2013-5605

NSS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NSS.
Impacted products: Debian, Fedora, Junos Space, Juniper SBR, Firefox, NSS, SeaMonkey, Thunderbird, openSUSE, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data flow, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/11/2013.
Revision date: 19/11/2013.
Identifiers: BID-58796, BID-63736, BID-63737, BID-63738, CERTA-2013-AVI-642, CERTFR-2014-AVI-318, CERTFR-2017-AVI-012, CERTFR-2019-AVI-325, cpuapr2017, cpujul2014, cpuoct2016, cpuoct2017, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, DSA-2800-1, DSA-2994-1, DSA-3071-1, FEDORA-2013-22456, FEDORA-2013-22467, FEDORA-2013-23301, FEDORA-2013-23479, JSA10770, JSA10939, MFSA 2013-103, openSUSE-SU-2013:1730-1, openSUSE-SU-2013:1732-1, RHSA-2013:1791-01, RHSA-2013:1829-01, RHSA-2013:1840-01, RHSA-2013:1841-01, RHSA-2014:0041-01, SSA:2013-339-01, SSA:2013-339-02, SSA:2013-339-03, SUSE-SU-2013:1807-1, VIGILANCE-VUL-13789.

Description of the vulnerability

Several vulnerabilities were announced in NSS.

On a 64 bit computer, an attacker can generate the initialization of a large memory area, in order to trigger a denial of service. [severity:1/4; BID-63736, CVE-2013-1741]

An attacker can generate a buffer overflow in Null Cipher, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63738, CVE-2013-5605]

When verifyLog is used, the return code of CERT_VerifyCert() is incorrect, so an invalid certificate may be accepted. [severity:2/4; BID-63737, CVE-2013-5606]

When an attacker has 2^30 RC4 encrypted messages with different keys, he can guess the clear text message (VIGILANCE-VUL-12530). [severity:1/4; BID-58796, CVE-2013-2566]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-2566

SSL/TLS: obtaining messages encrypted by RC4

Synthesis of the vulnerability

When an attacker has 2^30 RC4 encrypted messages with different keys, he can guess the clear text message.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Avamar, BIG-IP Hardware, TMOS, HP Switch, Opera, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 15/03/2013.
Identifiers: 523628, BID-58796, BSA-2015-007, c05336888, cpuapr2017, cpujan2018, cpuoct2016, cpuoct2017, CVE-2013-2566, DSA-2018-124, HPSBHF03673, SOL14638, VIGILANCE-VUL-12530.

Description of the vulnerability

A SSL/TLS session can negotiate different encryption algorithms.

The RC4 algorithm uses a continuous stream of bytes generated from the key. This stream if then combined (XOR) with the clear text message.

However, the generated stream is biased. A statistical analysis of million of encrypted messages shows this bias.

When an attacker has 2^30 (minimum 2^24) RC4 encrypted messages with different keys, he can therefore guess the clear text message. This vulnerability is hard to exploit because of the quantity of messages required to perform the attack.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2010-3535

Oracle Directory Server Enterprise Edition: vulnerability of Identity Synchronization

Synthesis of the vulnerability

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition (Sun Java System Directory Server) Windows Identity Synchronization, in order to obtain information, to alter information, or to create a denial of service.
Impacted products: Oracle Directory Server, Oracle Directory Services Plus.
Severity: 2/4.
Consequences: user access/rights, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Creation date: 13/10/2010.
Identifiers: BID-43996, CVE-2010-3535, VIGILANCE-VUL-10039.

Description of the vulnerability

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition (Sun Java System Directory Server) Windows Identity Synchronization, in order to obtain information, to alter information, or to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2009-0688 CVE-2009-2404 CVE-2010-0897

Sun Directory Server: several vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of Sun Java System Directory Server can be used by an attacker, in order to obtain information, to create a denial of service or to execute code.
Impacted products: Oracle Directory Server.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 14/04/2010.
Identifiers: 273910, 276210, 6793557, 6843063, 6874719, 6896069, 6896070, 6896071, BID-34961, BID-35891, BID-39453, CERTA-2009-AVI-194, CERTA-2009-AVI-306, CERTA-2010-AVI-179, cpuapr2010, CVE-2009-0688, CVE-2009-2404, CVE-2010-0897, VIGILANCE-VUL-9583, VU#238019, ZDI-10-073, ZDI-10-074, ZDI-10-075.

Description of the vulnerability

Three vulnerabilities were announced in Sun Java System Directory Server.

An attacker can generate an overflow in applications linked to Cyrus SASL and using the sasl_encode64() function (VIGILANCE-VUL-8715). [severity:2/4; 273910, 6843063, 6874719, BID-34961, CERTA-2009-AVI-194, CERTA-2010-AVI-179, CVE-2009-0688, VU#238019]

An attacker can invite the victim to connect to a SSL site using a malicious X.509 certificate, in order to execute code (VIGILANCE-VUL-8906). [severity:3/4; 273910, 6843063, 6874719, BID-35891, CERTA-2009-AVI-306, CVE-2009-2404]

An attacker can send a malformed username in a DSML-over-HTTP session, in order to dereference a NULL pointer, which creates a denial of service. [severity:3/4; 276210, 6793557, 6896069, 6896070, 6896071, BID-39453, CVE-2010-0897, ZDI-10-073]

An attacker can send a LDAP query with malformed ASN.1 data, in order to execute code. [severity:3/4; 276210, 6793557, 6896069, 6896070, 6896071, BID-39453, CVE-2010-0897, ZDI-10-074]

An attacker can send a special UTF-8 character in a DSML-over-HTTP session, in order to generate an exception, which creates a denial of service. [severity:2/4; 276210, 6793557, 6896069, 6896070, 6896071, BID-39453, CVE-2010-0897, ZDI-10-075]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2010-0313 CVE-2010-0708

Sun Directory Server: denial of service via core_get_proxyauth_dn

Synthesis of the vulnerability

An attacker can send a malicious LDAP query to Sun Directory Server, in order to stop it.
Impacted products: Oracle Directory Server, Oracle Directory Services Plus.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/01/2010.
Identifiers: 275711, 6915746, BID-37699, BID-37899, CVE-2010-0313, CVE-2010-0708, VIGILANCE-VUL-9332.

Description of the vulnerability

The Sun Java System Directory Server product manages LDAP queries.

The RFC 4370 defines the extension "LDAP Proxied Authorization Control" which is used to request that an operation be processed under another authorization.

The core_get_proxyauth_dn() function of Sun Java System Directory Server obtains the Distinguished Name contained in this query. However, if this extension is malformed, this function dereferences a NULL pointer.

An attacker can therefore send a malicious LDAP query to Sun Directory Server, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2009-4440 CVE-2009-4441 CVE-2009-4442

Sun Directory Proxy Server: three vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of Sun Java System Directory Proxy Server can be used by an attacker, in order to access user's data or to create a denial of service.
Impacted products: Oracle Directory Server.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/12/2009.
Identifiers: 270789, 6648665, 6782659, 6823593, 6828462, 6855978, BID-37481, CVE-2009-4440, CVE-2009-4441, CVE-2009-4442, CVE-2009-4443, VIGILANCE-VUL-9313.

Description of the vulnerability

The Sun Java System Directory Proxy Server product is provided with Sun Java System Directory Server Enterprise. It is impacted by three vulnerabilities.

In some cases, queries are handled with privileges of another user. [severity:2/4; 6823593, 6828462, CVE-2009-4440]

An attacker can use special packets, in order to forbid access to other clients. [severity:1/4; 6648665, 6782659, CVE-2009-4441, CVE-2009-4442]

An attacker can forbid a user from obtaining his psearch results. [severity:1/4; 6855978, CVE-2009-4443]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Directory Server Enterprise Edition: