The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Pulse Secure Connect Secure

computer vulnerability alert CVE-2016-2180

OpenSSL: out-of-bounds memory reading via TS_OBJ_print_bio

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/08/2016.
Identifiers: 1359615, 1996096, 2000095, 2003480, 2003620, 2003673, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2180, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SA40312, SB10215, SOL02652550, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20286.

Description of the vulnerability

The OpenSSL product implements the RFC 3161 Public Key Infrastructure Time-Stamp Protocol.

However, the TS_OBJ_print_bio() function tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via TS_OBJ_print_bio() of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-2177

OpenSSL: out-of-bounds memory reading

Synthesis of the vulnerability

An attacker can force a memory access at an invalid address in OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, ePO, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 09/06/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 1999724, 2000095, 2000209, 2000544, 2001805, 2002770, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2016, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2177, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03763, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, SA132, SA40312, SB10165, SB10215, SOL23873366, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3181-1, VIGILANCE-VUL-19855.

Description of the vulnerability

The source code of OpenSSL includes many loops where a pointer is used to go through a buffer.

The definition of the C language allows a pointer to be off by one byte after the buffer, but the behavior of any further access is undefined. Several end of loop tests follows the forme "pointer + current data length > end pointer" in such a way that these 2 expressions are not always defined according to the language specification. An attacker which can control dynamic memory allocations can trigger evaluation of undefined conditions and perhaps invalid memory access.

An attacker can therefore force a memory access at an invalid address in OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-2178

OpenSSL: DSA signature not running in constant time

Synthesis of the vulnerability

An attacker can monitor a process performing a DSA signature with OpenSSL, in order to potentially obtain information about the secret key.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 07/06/2016.
Revision date: 08/06/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1996096, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 1999724, 2000095, 2000544, 2003480, 2003620, 2003673, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2178, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, SA132, SA40312, SB10215, SOL53084033, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-19820.

Description of the vulnerability

OpenSSL includes an implementation of the DSA algorithm.

The BN_FLG_CONSTTIME flag requires this operation to be performed in constant time, in order to block attacks watching the process. However, the dsa_sign_setup() function of the lib/libssl/src/crypto/dsa/dsa_ossl.c file does not correctly initialize the BN_FLG_CONSTTIME flag.

An attacker can therefore monitor a process performing a DSA signature with OpenSSL, in order to potentially obtain information about the secret key.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-4786 CVE-2016-4787 CVE-2016-4788

Pulse Connect Secure: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Pulse Connect Secure.
Impacted products: Pulse Connect Secure.
Severity: 2/4.
Consequences: user access/rights, client access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/05/2016.
Identifiers: CVE-2016-4786, CVE-2016-4787, CVE-2016-4788, CVE-2016-4789, CVE-2016-4790, CVE-2016-4791, CVE-2016-4792, SA40206, SA40207, SA40208, SA40209, SA40210, SA40211, SA40212, VIGILANCE-VUL-19613.

Description of the vulnerability

Several vulnerabilities were announced in Pulse Connect Secure.

An attacker can generate an infinite loop, in order to trigger a denial of service. [severity:2/4; CVE-2016-4786, SA40206]

An attacker can bypass file access restrictions, in order to obtain sensitive information. [severity:2/4; CVE-2016-4787, SA40207]

An attacker can bypass file access restrictions, in order to obtain sensitive information. [severity:2/4; CVE-2016-4788, SA40208]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-4789, SA40209]

An attacker can bypass security features in Admin UI, in order to obtain sensitive information. [severity:2/4; CVE-2016-4791, SA40210]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-4790, SA40211]

An attacker can bypass security features in Sign In Page, in order to obtain sensitive information. [severity:2/4; CVE-2016-4792, SA40212]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-2105 CVE-2016-2106 CVE-2016-2107

OpenSSL: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Tomcat, Mac OS X, StormShield, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, Android OS, HP Operations, HP Switch, AIX, IRAD, QRadar SIEM, IBM System x Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee NSM, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, pfSense, Pulse Connect Secure, Puppet, Python, RHEL, JBoss EAP by Red Hat, SAS Management Console, Shibboleth SP, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, VxWorks, X2GoClient.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 03/05/2016.
Identifiers: 1982949, 1985850, 1987779, 1993215, 1995099, 1998797, 2003480, 2003620, 2003673, 510853, 9010083, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-151, CERTFR-2016-AVI-153, CERTFR-2018-AVI-160, cisco-sa-20160504-openssl, cpuapr2017, cpujan2018, cpujul2016, cpujul2017, cpujul2018, cpuoct2016, cpuoct2017, cpuoct2018, CTX212736, CTX233832, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, DLA-456-1, DSA-3566-1, ESA-2017-142, FEDORA-2016-05c567df1a, FEDORA-2016-1e39d934ed, FEDORA-2016-e1234b65a2, FG-IR-16-026, FreeBSD-SA-16:17.openssl, HPESBGN03728, HPESBHF03756, HT206903, JSA10759, K23230229, K36488941, K51920288, K75152412, K93600123, MBGSA-1603, MIGR-5099595, MIGR-5099597, NTAP-20160504-0001, openSUSE-SU-2016:1237-1, openSUSE-SU-2016:1238-1, openSUSE-SU-2016:1239-1, openSUSE-SU-2016:1240-1, openSUSE-SU-2016:1241-1, openSUSE-SU-2016:1242-1, openSUSE-SU-2016:1243-1, openSUSE-SU-2016:1273-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:0487-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2016:0722-01, RHSA-2016:0996-01, RHSA-2016:1137-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, RHSA-2016:2073-01, SA123, SA40202, SB10160, SOL23230229, SOL36488941, SOL51920288, SOL75152412, SP-CAAAPPQ, SPL-119440, SPL-121159, SPL-123095, SSA:2016-124-01, STORM-2016-002, SUSE-SU-2016:1206-1, SUSE-SU-2016:1228-1, SUSE-SU-2016:1231-1, SUSE-SU-2016:1233-1, SUSE-SU-2016:1267-1, SUSE-SU-2016:1290-1, SUSE-SU-2016:1360-1, SUSE-SU-2018:0112-1, TNS-2016-10, USN-2959-1, VIGILANCE-VUL-19512, VN-2016-006, VN-2016-007.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. This vulnerability was initially fixed in versions 1.0.1o and 1.0.2c, but it was not disclosed at that time. [severity:3/4; CVE-2016-2108]

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. [severity:3/4; CVE-2016-2107]

An attacker can generate a buffer overflow in EVP_EncodeUpdate(), which is mainly used by command line applications, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2105]

An attacker can generate a buffer overflow in EVP_EncryptUpdate(), which is difficult to reach, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2106]

An attacker can trigger an excessive memory usage in d2i_CMS_bio(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2109]

An attacker can force a read at an invalid address in applications using X509_NAME_oneline(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-2176]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-5370 CVE-2016-0128 CVE-2016-2110

Windows, Samba: code execution via Badlock

Synthesis of the vulnerability

An attacker can use the Badlock vulnerability of Windows or Samba, in order to run code.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, DB2 UDB, QRadar SIEM, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Data ONTAP, openSUSE, openSUSE Leap, Solaris, Pulse Connect Secure, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 23/03/2016.
Revision date: 12/04/2016.
Identifiers: 1986595, 1987766, 3148527, 9010080, bulletinjan2016, bulletinoct2016, c05162399, CVE-2015-5370, CVE-2016-0128, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, DLA-509-1, DSA-3548-1, DSA-3548-2, DSA-3548-3, FEDORA-2016-48b3761baa, FEDORA-2016-be53260726, HPSBUX03616, MS16-047, NTAP-20160412-0001, openSUSE-SU-2016:1025-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2016:0611-01, RHSA-2016:0612-01, RHSA-2016:0613-01, RHSA-2016:0618-01, RHSA-2016:0619-01, RHSA-2016:0620-01, RHSA-2016:0621-01, RHSA-2016:0623-01, RHSA-2016:0624-01, RHSA-2016:0625-01, SA122, SA40196, SOL37603172, SOL53313971, SSA:2016-106-02, SSRT110128, SUSE-SU-2016:1022-1, SUSE-SU-2016:1023-1, SUSE-SU-2016:1024-1, SUSE-SU-2016:1028-1, SUSE-SU-2016:1105-1, USN-2950-1, USN-2950-2, USN-2950-3, USN-2950-4, USN-2950-5, VIGILANCE-VUL-19207, VU#813296.

Description of the vulnerability

The Windows and Samba products implement authentication for CIFS.

However, several vulnerabilities in these implementations can be used by a Man-in-the-Middle, or to weaken the protocol.

An attacker can therefore use the Badlock vulnerability of Windows or Samba, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-0702 CVE-2016-0705 CVE-2016-0797

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, HP Switch, AIX, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, McAfee Web Gateway, Meinberg NTP Server, Data ONTAP, Snap Creator Framework, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, ROX, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, VxWorks, WinSCP, X2GoClient.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 01/03/2016.
Revision date: 07/03/2016.
Identifiers: 000008897, 046178, 046208, 1979498, 1979602, 1987779, 1993210, 2003480, 2003620, 2003673, 2012827, 2013020, 2014202, 2014651, 2014669, 2015080, 2016039, 7043086, 9010066, 9010067, 9010072, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CTX208403, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842, DSA-3500-1, ESA-2016-080, FEDORA-2016-2802690366, FEDORA-2016-e1234b65a2, FEDORA-2016-e6807b3394, FreeBSD-SA-16:12.openssl, HPESBHF03741, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10722, JSA10759, K22334603, K52349521, K93122894, MBGSA-1602, NTAP-20160301-0001, NTAP-20160303-0001, NTAP-20160321-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:1211-1, openSUSE-SU-2017:1212-1, PAN-SA-2016-0020, PAN-SA-2016-0028, PAN-SA-2016-0030, RHSA-2016:0301-01, RHSA-2016:0302-01, RHSA-2016:0303-01, RHSA-2016:0304-01, RHSA-2016:0305-01, RHSA-2016:0306-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, RHSA-2016:1519-01, RHSA-2016:2073-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA117, SA40168, SB10156, SOL22334603, SOL40524634, SOL52349521, SOL79215841, SOL93122894, SSA:2016-062-02, SSA-623229, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2016-03, USN-2914-1, VIGILANCE-VUL-19060, VN-2016-004, VU#583776.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle on a server supporting SSLv2 and EXPORT ciphers (this configuration is considered as weak since several years), in order to read or write data in the session. [severity:2/4; CVE-2016-0800, VU#583776]

An attacker can force the usage of a freed memory area when OpenSSL processes a DSA private key (this scenario is rare), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0705]

An attacker can read a memory fragment via SRP_VBASE_get_by_user, in order to obtain sensitive information. [severity:1/4; CVE-2016-0798]

An attacker can force a NULL pointer to be dereferenced in BN_hex2bn(), in order to trigger a denial of service. [severity:1/4; CVE-2016-0797]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the BIO_*printf() functions, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0799]

An attacker can use cache conflicts on Intel Sandy-Bridge, in order to obtain RSA keys. [severity:1/4; CVE-2016-0702]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the internal doapr_outch() function, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2842]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-0703 CVE-2016-0704

OpenSSL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, BIG-IP Hardware, TMOS, FreeBSD, HP Switch, IRAD, Juniper J-Series, Junos OS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SUSE Linux Enterprise Desktop, SLES, Nessus, VxWorks.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/03/2016.
Identifiers: 046178, 046208, 1979498, 9010067, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CVE-2016-0703, CVE-2016-0704, FreeBSD-SA-16:12.openssl, HPESBHF03741, JSA10759, NTAP-20160303-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0720-1, PAN-SA-2016-0030, RHSA-2016:0372-01, SA117, SA40168, SOL95463126, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, VIGILANCE-VUL-19061.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

The 2_srvr.c file did not enforce that clear-key-length is zero for non-export ciphers, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0703]

The 2_srvr.c file overwrite some byte dur the Bleichenbacher protection, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0704]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-3985

Pulse Secure Connect Secure: privilege escalation via RDP

Synthesis of the vulnerability

An attacker can use RDP of Pulse Secure Connect Secure, in order to escalate his privileges.
Impacted products: Pulse Connect Secure.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 26/02/2016.
Identifiers: CVE-2016-3985, SA40166, VIGILANCE-VUL-19036.

Description of the vulnerability

The Pulse Secure Connect Secure product can be used to restrict RDP (Remote Desktop Protocol) sessions.

However, an attacker can bypass this restriction.

An attacker can therefore use RDP of Pulse Secure Connect Secure, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3196

OpenSSL: use after free via PSK Identify Hint

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Impacted products: FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Switch, AIX, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, McAfee Email Gateway, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, RHEL, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1981612, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3196, DSA-3413-1, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, RHSA-2015:2617-01, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18437.

Description of the vulnerability

The OpenSSL library can be used by a multi-threaded client.

However, in this case, the SSL_CTX structure does not contain an updated PSK Identify Hint. OpenSSL can thus free twice the same memory area.

An attacker can therefore force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Pulse Secure Connect Secure: