The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle Directory Server Enterprise Edition

computer vulnerability note CVE-2014-0114

Apache Struts 1: code execution via ClassLoader

Synthesis of the vulnerability

An attacker can use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Impacted products: Struts, Debian, BIG-IP Hardware, TMOS, Fedora, SiteScope, IRAD, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, MBS, MES, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Creation date: 26/05/2014.
Identifiers: 1672316, 1673982, 1674339, 1675822, 2016214, c04399728, c05324755, CERTFR-2014-AVI-382, cpuapr2017, cpujan2018, cpuoct2017, cpuoct2018, CVE-2014-0114, DSA-2940-1, ESA-2014-080, FEDORA-2014-9380, HPSBGN03669, HPSBMU03090, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, MDVSA-2014:095, RHSA-2014:0474-01, RHSA-2014:0497-01, RHSA-2014:0500-01, RHSA-2014:0511-01, RHSA-2018:2669-01, SOL15282, SUSE-SU-2014:0902-1, swg22017525, VIGILANCE-VUL-14799, VMSA-2014-0008, VMSA-2014-0008.1, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The Apache Struts product is used to develop Java EE applications.

However, the "class" parameter is mapped to getClass(), and can be used to manipulate the ClassLoader. Technical details are unknown.

An attacker can therefore use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2013-1741 CVE-2013-2566 CVE-2013-5605

NSS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NSS.
Impacted products: Debian, Fedora, Junos Space, Firefox, NSS, SeaMonkey, Thunderbird, openSUSE, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 18/11/2013.
Revision date: 19/11/2013.
Identifiers: BID-58796, BID-63736, BID-63737, BID-63738, CERTA-2013-AVI-642, CERTFR-2014-AVI-318, CERTFR-2017-AVI-012, cpuapr2017, cpujul2014, cpuoct2016, cpuoct2017, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, DSA-2800-1, DSA-2994-1, DSA-3071-1, FEDORA-2013-22456, FEDORA-2013-22467, FEDORA-2013-23301, FEDORA-2013-23479, JSA10770, MFSA 2013-103, openSUSE-SU-2013:1730-1, openSUSE-SU-2013:1732-1, RHSA-2013:1791-01, RHSA-2013:1829-01, RHSA-2013:1840-01, RHSA-2013:1841-01, RHSA-2014:0041-01, SSA:2013-339-01, SSA:2013-339-02, SSA:2013-339-03, SUSE-SU-2013:1807-1, VIGILANCE-VUL-13789.

Description of the vulnerability

Several vulnerabilities were announced in NSS.

On a 64 bit computer, an attacker can generate the initialization of a large memory area, in order to trigger a denial of service. [severity:1/4; BID-63736, CVE-2013-1741]

An attacker can generate a buffer overflow in Null Cipher, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63738, CVE-2013-5605]

When verifyLog is used, the return code of CERT_VerifyCert() is incorrect, so an invalid certificate may be accepted. [severity:2/4; BID-63737, CVE-2013-5606]

When an attacker has 2^30 RC4 encrypted messages with different keys, he can guess the clear text message (VIGILANCE-VUL-12530). [severity:1/4; BID-58796, CVE-2013-2566]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2013-2566

SSL/TLS: obtaining messages encrypted by RC4

Synthesis of the vulnerability

When an attacker has 2^30 RC4 encrypted messages with different keys, he can guess the clear text message.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Avamar, BIG-IP Hardware, TMOS, HP Switch, Opera, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol.
Severity: 1/4.
Creation date: 15/03/2013.
Identifiers: 523628, BID-58796, BSA-2015-007, c05336888, cpuapr2017, cpujan2018, cpuoct2016, cpuoct2017, CVE-2013-2566, DSA-2018-124, HPSBHF03673, SOL14638, VIGILANCE-VUL-12530.

Description of the vulnerability

A SSL/TLS session can negotiate different encryption algorithms.

The RC4 algorithm uses a continuous stream of bytes generated from the key. This stream if then combined (XOR) with the clear text message.

However, the generated stream is biased. A statistical analysis of million of encrypted messages shows this bias.

When an attacker has 2^30 (minimum 2^24) RC4 encrypted messages with different keys, he can therefore guess the clear text message. This vulnerability is hard to exploit because of the quantity of messages required to perform the attack.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2010-3535

Oracle Directory Server Enterprise Edition: vulnerability of Identity Synchronization

Synthesis of the vulnerability

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition (Sun Java System Directory Server) Windows Identity Synchronization, in order to obtain information, to alter information, or to create a denial of service.
Impacted products: Oracle Directory Server, Oracle Directory Services Plus.
Severity: 2/4.
Creation date: 13/10/2010.
Identifiers: BID-43996, CVE-2010-3535, VIGILANCE-VUL-10039.

Description of the vulnerability

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition (Sun Java System Directory Server) Windows Identity Synchronization, in order to obtain information, to alter information, or to create a denial of service.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2009-0688 CVE-2009-2404 CVE-2010-0897

Sun Directory Server: several vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of Sun Java System Directory Server can be used by an attacker, in order to obtain information, to create a denial of service or to execute code.
Impacted products: Oracle Directory Server.
Severity: 3/4.
Creation date: 14/04/2010.
Identifiers: 273910, 276210, 6793557, 6843063, 6874719, 6896069, 6896070, 6896071, BID-34961, BID-35891, BID-39453, CERTA-2009-AVI-194, CERTA-2009-AVI-306, CERTA-2010-AVI-179, cpuapr2010, CVE-2009-0688, CVE-2009-2404, CVE-2010-0897, VIGILANCE-VUL-9583, VU#238019, ZDI-10-073, ZDI-10-074, ZDI-10-075.

Description of the vulnerability

Three vulnerabilities were announced in Sun Java System Directory Server.

An attacker can generate an overflow in applications linked to Cyrus SASL and using the sasl_encode64() function (VIGILANCE-VUL-8715). [severity:2/4; 273910, 6843063, 6874719, BID-34961, CERTA-2009-AVI-194, CERTA-2010-AVI-179, CVE-2009-0688, VU#238019]

An attacker can invite the victim to connect to a SSL site using a malicious X.509 certificate, in order to execute code (VIGILANCE-VUL-8906). [severity:3/4; 273910, 6843063, 6874719, BID-35891, CERTA-2009-AVI-306, CVE-2009-2404]

An attacker can send a malformed username in a DSML-over-HTTP session, in order to dereference a NULL pointer, which creates a denial of service. [severity:3/4; 276210, 6793557, 6896069, 6896070, 6896071, BID-39453, CVE-2010-0897, ZDI-10-073]

An attacker can send a LDAP query with malformed ASN.1 data, in order to execute code. [severity:3/4; 276210, 6793557, 6896069, 6896070, 6896071, BID-39453, CVE-2010-0897, ZDI-10-074]

An attacker can send a special UTF-8 character in a DSML-over-HTTP session, in order to generate an exception, which creates a denial of service. [severity:2/4; 276210, 6793557, 6896069, 6896070, 6896071, BID-39453, CVE-2010-0897, ZDI-10-075]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2010-0313 CVE-2010-0708

Sun Directory Server: denial of service via core_get_proxyauth_dn

Synthesis of the vulnerability

An attacker can send a malicious LDAP query to Sun Directory Server, in order to stop it.
Impacted products: Oracle Directory Server, Oracle Directory Services Plus.
Severity: 2/4.
Creation date: 11/01/2010.
Identifiers: 275711, 6915746, BID-37699, BID-37899, CVE-2010-0313, CVE-2010-0708, VIGILANCE-VUL-9332.

Description of the vulnerability

The Sun Java System Directory Server product manages LDAP queries.

The RFC 4370 defines the extension "LDAP Proxied Authorization Control" which is used to request that an operation be processed under another authorization.

The core_get_proxyauth_dn() function of Sun Java System Directory Server obtains the Distinguished Name contained in this query. However, if this extension is malformed, this function dereferences a NULL pointer.

An attacker can therefore send a malicious LDAP query to Sun Directory Server, in order to stop it.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2009-4440 CVE-2009-4441 CVE-2009-4442

Sun Directory Proxy Server: three vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of Sun Java System Directory Proxy Server can be used by an attacker, in order to access user's data or to create a denial of service.
Impacted products: Oracle Directory Server.
Severity: 2/4.
Creation date: 29/12/2009.
Identifiers: 270789, 6648665, 6782659, 6823593, 6828462, 6855978, BID-37481, CVE-2009-4440, CVE-2009-4441, CVE-2009-4442, CVE-2009-4443, VIGILANCE-VUL-9313.

Description of the vulnerability

The Sun Java System Directory Proxy Server product is provided with Sun Java System Directory Server Enterprise. It is impacted by three vulnerabilities.

In some cases, queries are handled with privileges of another user. [severity:2/4; 6823593, 6828462, CVE-2009-4440]

An attacker can use special packets, in order to forbid access to other clients. [severity:1/4; 6648665, 6782659, CVE-2009-4441, CVE-2009-4442]

An attacker can forbid a user from obtaining his psearch results. [severity:1/4; 6855978, CVE-2009-4443]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2009-3555

TLS, OpenSSL, GnuTLS: vulnerability of the renegotiation

Synthesis of the vulnerability

A remote attacker can use a vulnerability of TLS in order to insert plain text data during a renegotiation via a man-in-the-middle attack.
Impacted products: Apache httpd, ArubaOS, BES, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco CSS, IOS by Cisco, IOS XR Cisco, IronPort Email, IronPort Management, Cisco Router, Secure ACS, Cisco CallManager, Cisco CUCM, Cisco IP Phone, WebNS, XenApp, XenDesktop, XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, FortiOS, FreeBSD, HP-UX, AIX, WebSphere AS Traditional, IVE OS, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, Juniper SA, Mandriva Corporate, MES, Mandriva Linux, Mandriva NF, IIS, Windows 2000, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, NSS, NetBSD, NetScreen Firewall, ScreenOS, NLD, OES, OpenBSD, OpenSolaris, OpenSSL, openSUSE, Oracle Directory Server, Oracle GlassFish Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Trusted Solaris, ProFTPD, SSL protocol, RHEL, Slackware, Sun AS, SUSE Linux Enterprise Desktop, SLES, TurboLinux, Unix (platform) ~ not comprehensive, ESX.
Severity: 2/4.
Creation date: 10/11/2009.
Identifiers: 1021653, 111046, 273029, 273350, 274990, 6898371, 6898539, 6898546, 6899486, 6899619, 6900117, 977377, AID-020810, BID-36935, c01945686, c01963123, c02079216, CERTA-2011-ALE-005, CERTFR-2017-AVI-392, cisco-sa-20091109-tls, CTX123248, CTX123359, CVE-2009-3555, DSA-1934-1, DSA-2141-1, DSA-2141-2, DSA-2141-4, DSA-2626-1, DSA-3253-1, FEDORA-2009-12229, FEDORA-2009-12305, FEDORA-2009-12606, FEDORA-2009-12750, FEDORA-2009-12775, FEDORA-2009-12782, FEDORA-2009-12968, FEDORA-2009-13236, FEDORA-2009-13250, FEDORA-2010-1127, FEDORA-2010-3905, FEDORA-2010-3929, FEDORA-2010-3956, FEDORA-2010-5357, FEDORA-2010-8742, FEDORA-2010-9487, FEDORA-2010-9518, FG-IR-17-137, FreeBSD-SA-09:15.ssl, HPSBUX02482, HPSBUX02498, HPSBUX02517, KB25966, MDVSA-2009:295, MDVSA-2009:323, MDVSA-2009:337, MDVSA-2010:069, MDVSA-2010:076, MDVSA-2010:076-1, MDVSA-2010:089, MDVSA-2013:019, NetBSD-SA2010-002, openSUSE-SU-2010:1025-1, openSUSE-SU-2010:1025-2, openSUSE-SU-2011:0845-1, PM04482, PM04483, PM04534, PM04544, PM06400, PSN-2011-06-290, PSN-2012-11-767, RHSA-2009:1579-02, RHSA-2009:1580-02, RHSA-2010:0011-01, RHSA-2010:0119-01, RHSA-2010:0130-01, RHSA-2010:0155-01, RHSA-2010:0162-01, RHSA-2010:0163-01, RHSA-2010:0164-01, RHSA-2010:0165-01, RHSA-2010:0166-01, RHSA-2010:0167-01, SOL10737, SSA:2009-320-01, SSA:2010-067-01, SSRT090249, SSRT090264, SSRT100058, SUSE-SA:2009:057, SUSE-SA:2010:020, SUSE-SR:2010:008, SUSE-SR:2010:012, SUSE-SR:2011:008, SUSE-SU-2011:0847-1, TLSA-2009-30, TLSA-2009-32, VIGILANCE-VUL-9181, VMSA-2010-0015, VMSA-2010-0015.1, VMSA-2010-0019, VMSA-2010-0019.1, VMSA-2010-0019.2, VMSA-2010-0019.3, VU#120541.

Description of the vulnerability

Transport Layer Security (TLS) is a cryptographic protocol for network transport.

When opening a connection using TLS, a negotiation mechanism allows the client and server to agree on the encryption algorithm to use.

The protocol allows for renegotiation at any time during the connection. However, the handling of those renegotiations has a vulnerability.

A remote attacker can therefore exploit this vulnerability in order to insert plain text data via a man-in-the-middle attack.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2009-3087 CVE-2009-3094 CVE-2009-3095

Several products: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in numerous products.
Impacted products: Apache httpd, OpenOffice, PowerArchiver, NetWorker, F-PROT AV, FreeBSD, OpenView, OpenView NNM, OpenView Operations, HP Operations, Kaspersky AV, Domino, MySQL Community, MySQL Enterprise, OpenSolaris, OpenSSL, Oracle AS, Oracle Directory Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, WebLogic, Percona Server, XtraDB Cluster, Samba, Crystal Reports, SAP ERP, NetWeaver, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Creation date: 04/09/2009.
Revisions dates: 11/09/2009, 26/10/2009.
Identifiers: BID-36242, BID-36243, BID-36248, BID-36250, BID-36252, BID-36253, BID-36254, BID-36257, BID-36258, BID-36263, BID-36267, BID-36285, BID-36286, BID-36813, BID-36818, BID-36819, BID-37640, CERTA-2009-AVI-384, CERTA-2009-AVI-424, CVE-2009-3087, CVE-2009-3094, CVE-2009-3095, CVE-2009-3098, CVE-2009-3099, CVE-2009-3111, CVE-2009-3344, CVE-2009-3345, CVE-2009-3346, CVE-2009-3569, CVE-2009-3570, CVE-2009-3571, CVE-2009-3878, CVE-2009-4481-REJECT, CVE-2009-4484, VIGILANCE-VUL-9000.

Description of the vulnerability

Several vulnerabilities were announced in numerous products. Their technical details are unknown. Individual bulletins will be created when details will be published.

Apache mod_proxy_ftp is impacted by two vulnerabilities: VIGILANCE-VUL-8994 and VIGILANCE-VUL-9038. [severity:1/4; BID-36254, CERTA-2009-AVI-424, CVE-2009-3094, CVE-2009-3095]

EMC Legato NetWorker is impacted by three vulnerabilities. [severity:1/4]

F-PROT Antivirus is impacted by two vulnerabilities. [severity:1/4]

FreeBSD is impacted by two vulnerabilities. [severity:1/4]

FreeRADIUS is impacted by the VIGILANCE-VUL-9016 vulnerability. [severity:1/4; BID-36263, CERTA-2009-AVI-384, CVE-2009-3111, CVE-2009-4481-REJECT]

HP Operations is impacted by two vulnerabilities. [severity:1/4; BID-36253, BID-36258, CVE-2009-3098, CVE-2009-3099]

HP OpenView Network Node Manager is impacted by four vulnerabilities. [severity:1/4; BID-36248]

Lotus Domino is impacted by six vulnerabilities. [severity:1/4; BID-36257, CVE-2009-3087]

Kaspersky Online Antivirus Scanner is impacted by two vulnerabilities. One vulnerability is related to kos-bin-winnt.jar containing the kosglue-7.0.26.0.dll DLL which can contain a Trojan Horse. [severity:1/4; BID-36243]

MySQL is impacted by two vulnerabilities. The first one is VIGILANCE-VUL-9380. [severity:1/4; BID-36242, BID-37640, CVE-2009-4484]

OpenOffice is impacted by three vulnerabilities. [severity:1/4; BID-36285, CVE-2009-3569, CVE-2009-3570, CVE-2009-3571]

OpenSSL is impacted by one vulnerability. [severity:1/4]

Oracle WebLogic is impacted by three vulnerabilities. [severity:1/4]

Oracle Application Server is impacted by five vulnerabilities. [severity:1/4]

PowerArchiver is impacted by one vulnerability. [severity:1/4]

SAP Crystal Reports is impacted by three vulnerabilities. [severity:1/4; BID-36267, CVE-2009-3344, CVE-2009-3345, CVE-2009-3346]

SAP NetWeaver is impacted by six vulnerabilities. [severity:1/4; BID-36252]

Samba is impacted by six vulnerabilities. [severity:1/4; BID-36250]

Sun Java System Directory Server is impacted by two vulnerabilities. [severity:1/4; BID-36286]

Sun Java System Web Proxy Server is impacted by one vulnerability. [severity:1/4]

Solaris is impacted by one vulnerability. [severity:1/4]

Sun Java System WebServer is impacted by one vulnerability. [severity:1/4; BID-36813, CVE-2009-3878]

Solaris is impacted by two vulnerabilities. [severity:1/4; BID-36818, BID-36819]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2009-1332

Sun Directory Server: file detection via help

Synthesis of the vulnerability

An attacker can use the help page of Sun Java System Directory Server to detect if a file exists, and to see its first line.
Impacted products: Oracle Directory Server.
Severity: 2/4.
Creation date: 16/04/2009.
Identifiers: 255848, 6492611, BID-34548, CVE-2009-1332, VIGILANCE-VUL-8645.

Description of the vulnerability

The /manual/help/help script of Sun Java System Directory Server displays help pages. For example:
  http://server:390/manual/help/help?helpdir=...

If an attacker requests an invalid page, an error message is displayed. However, this message varies depending on the file:
 - if the file does not exist, the message is generic
 - if the file exists, the message is specific, and can contain the first line of the file.

An attacker can use the help page of Sun Java System Directory Server to detect if a file exists, and to see its first line.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Directory Server Enterprise Edition: