The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of QRadar SIEM

computer vulnerability alert CVE-2016-5542 CVE-2016-5554 CVE-2016-5556

Oracle Java: vulnerabilities of October 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, Avamar, Fedora, AIX, Domino, Notes, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, SnapManager, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, JavaFX, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 19/10/2016.
Identifiers: 1993440, 1994049, 1994123, 1994478, 1997764, 1999054, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2000212, 2000544, 2000904, 2000988, 2000990, 2001608, 2002331, 2002479, 2002537, 2003145, 2004036, 491108, CERTFR-2016-AVI-349, CERTFR-2017-AVI-012, cpuoct2016, CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597, DLA-704-1, DSA-3707-1, ESA-2016-137, FEDORA-2016-73054cfeeb, JSA10770, NTAP-20161019-0001, openSUSE-SU-2016:2862-1, openSUSE-SU-2016:2900-1, openSUSE-SU-2016:2985-1, openSUSE-SU-2016:2990-1, openSUSE-SU-2016:3088-1, RHSA-2016:2079-01, RHSA-2016:2088-01, RHSA-2016:2089-01, RHSA-2016:2090-01, RHSA-2016:2136-01, RHSA-2016:2137-01, RHSA-2016:2138-01, RHSA-2016:2658-01, RHSA-2016:2659-01, RHSA-2017:0061-01, SUSE-SU-2016:2887-1, SUSE-SU-2016:3010-1, SUSE-SU-2016:3040-1, SUSE-SU-2016:3041-1, SUSE-SU-2016:3043-1, SUSE-SU-2016:3068-1, SUSE-SU-2016:3078-1, USN-3121-1, USN-3130-1, USN-3154-1, VIGILANCE-VUL-20906, ZDI-16-571.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability via 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5556]

An attacker can use a vulnerability via AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5568, ZDI-16-571]

An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5582]

An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5573]

An attacker can use a vulnerability via Networking, in order to obtain information. [severity:2/4; CVE-2016-5597]

An attacker can use a vulnerability via JMX, in order to alter information. [severity:2/4; CVE-2016-5554]

An attacker can use a vulnerability via Libraries, in order to alter information. [severity:1/4; CVE-2016-5542]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7042

Linux kernel: buffer overflow via proc_keys_show

Synthesis of the vulnerability

An attacker can generate a buffer overflow via proc_keys_show() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, QRadar SIEM, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 14/10/2016.
Identifiers: 1373499, 2011746, CERTFR-2016-AVI-378, CERTFR-2016-AVI-426, CERTFR-2017-AVI-001, CERTFR-2017-AVI-016, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CERTFR-2017-AVI-131, CERTFR-2017-AVI-287, CVE-2016-7042, DLA-670-1, DSA-3696-1, openSUSE-SU-2016:3021-1, openSUSE-SU-2016:3050-1, openSUSE-SU-2016:3058-1, openSUSE-SU-2016:3061-1, RHSA-2017:0817-01, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0181-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:1102-1, USN-3126-1, USN-3126-2, USN-3127-1, USN-3127-2, USN-3128-1, USN-3128-2, USN-3128-3, USN-3129-1, USN-3129-2, USN-3161-1, USN-3161-2, USN-3161-3, USN-3161-4, VIGILANCE-VUL-20868.

Description of the vulnerability

The Linux kernel provides the /proc/keys interface to access to cryptographic keys.

However, if the size of data is greater than the size of the storage array, an overflow occurs in proc_keys_show().

An attacker can therefore generate a buffer overflow via proc_keys_show() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-6302 CVE-2016-6303 CVE-2016-6304

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Mac OS X, Arkoon FAST360, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, DB2 UDB, IRAD, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee Email Gateway, ePO, MySQL Community, MySQL Enterprise, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Percona Server, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, VxWorks, WinSCP.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 22/09/2016.
Identifiers: 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2000209, 2000544, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2017, bulletinjul2016, bulletinoct2016, CERTFR-2016-AVI-320, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, HT207423, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, RHSA-2016:2802-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA132, SA40312, SB10171, SB10215, SOL54211024, SOL90492697, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, STORM-2016-005, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20678.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can create a memory over consumption via an OCSP request, in order to trigger a denial of service. [severity:3/4; CVE-2016-6304]

An attacker can make a process block itself via SSL_peek, in order to trigger a denial of service. [severity:2/4; CVE-2016-6305]

An attacker can generate a buffer overflow via MDC2_Update, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-6303]

An attacker can generate a read only buffer overflow, in order to trigger a denial of service. [severity:1/4; CVE-2016-6302]

An attacker can generate a read only buffer overflow via the parsing of an X.509 certificate, in order to trigger a denial of service. [severity:1/4; CVE-2016-6306]

An attacker can make the server allocates a large amount of memory to process TLS packets. [severity:1/4; CVE-2016-6307]

An attacker can make the server allocates a large amount of memory to process DTLS packets. [severity:1/4; CVE-2016-6308]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-0379

IBM WebSphere MQ: out-of-bounds memory reading via MQ Protocol

Synthesis of the vulnerability

An attacker can force a read at an invalid address via MQ Protocol of IBM WebSphere MQ, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: QRadar SIEM, WebSphere MQ.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 20/09/2016.
Identifiers: 1984565, 2015824, 7014224, 7043086, CVE-2016-0379, VIGILANCE-VUL-20653.

Description of the vulnerability

An attacker can force a read at an invalid address via MQ Protocol of IBM WebSphere MQ, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-7097

Linux kernel: privilege escalation via setxattr

Synthesis of the vulnerability

A local attacker can use setxattr() on the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, QRadar SIEM, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 26/08/2016.
Identifiers: 2011746, CERTFR-2016-AVI-393, CERTFR-2016-AVI-426, CERTFR-2017-AVI-001, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CERTFR-2017-AVI-131, CERTFR-2017-AVI-287, CERTFR-2017-AVI-307, CVE-2016-7097, DLA-772-1, FEDORA-2017-6cc158c193, FEDORA-2017-81fbd592d4, K31603170, openSUSE-SU-2016:3021-1, openSUSE-SU-2016:3058-1, RHSA-2017:0817-01, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:1102-1, USN-3146-1, USN-3146-2, USN-3147-1, USN-3161-1, USN-3161-2, USN-3161-3, USN-3161-4, USN-3162-1, USN-3162-2, USN-3422-1, USN-3422-2, VIGILANCE-VUL-20479.

Description of the vulnerability

The Linux kernel implements the setxattr() system call, which is used to set extended attributes.

However, if setxattr() is called to set a POSIX ACL, and if the user is not privileged, the sgid bit is not reset.

A local attacker can therefore use setxattr() on the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-2182

OpenSSL: memory corruption via BN_bn2dec

Synthesis of the vulnerability

An attacker can generate a memory corruption via BN_bn2dec() of OpenSSL, in order to trigger a denial of service, and possibly to run code.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, Android OS, hMailServer, HP Switch, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, ePO, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/08/2016.
Identifiers: 1996096, 1999395, 1999421, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2000209, 2002870, 2003480, 2003620, 2003673, 2008828, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2182, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, K01276005, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SA40312, SB10171, SB10215, SOL01276005, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20460.

Description of the vulnerability

The OpenSSL library works on large numbers to perform operations such are RSA.

The BN_bn2dec() function converts a large number to its decimal representation. However, a special number forces BN_div_word() to return a limit value, then data are written after the end of the memory area.

An attacker can therefore generate a memory corruption via BN_bn2dec() of OpenSSL, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-2181

OpenSSL: denial of service via DTLS Window

Synthesis of the vulnerability

An attacker can send a DTLS packet with a large sequence number to an application compiled with OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, AIX, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 24/08/2016.
Identifiers: 1996096, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2003480, 2003620, 2003673, bulletinapr2017, bulletinjul2016, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2181, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, JSA10759, K59298921, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SB10215, SOL59298921, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20458.

Description of the vulnerability

The OpenSSL library implements DTLS (Datagram Transport Layer Security, for example on UDP).

In order to manage replays, OpenSSL uses a sliding window containing accepted sequence numbers. However, if an attacker sends a packet with a large sequence number, the window is moved, and legitimate packets thus have numbers before the beginning of the window, and are rejected.

An attacker can therefore send a DTLS packet with a large sequence number to an application compiled with OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2179

OpenSSL: denial of service via DTLS Reassembly

Synthesis of the vulnerability

An attacker can send DTLS packets in the wrong order with missing packets to an application compiled with OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, pfSense, RHEL, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 24/08/2016.
Identifiers: 1996096, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2000095, 2003480, 2003620, 2003673, bulletinapr2017, bulletinjul2016, bulletinjul2018, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-2179, DLA-637-1, DSA-3673-1, DSA-3673-2, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FreeBSD-SA-16:26.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2018:0458-1, RHSA-2016:1940-01, SA132, SB10215, SOL23512141, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, TNS-2016-16, USN-3087-1, USN-3087-2, VIGILANCE-VUL-20457.

Description of the vulnerability

The OpenSSL library implements DTLS (Datagram Transport Layer Security, for example on UDP).

DTLS packets can be in the wrong order. OpenSSL has to keep them in memory, in order to reassemble them. However, in two cases, message queues are not cleared.

An attacker can therefore send DTLS packets in the wrong order with missing packets to an application compiled with OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2875

IBM QRadar SIEM: code execution via OS Command Injection

Synthesis of the vulnerability

An authenticated attacker can inject a shell command via IBM QRadar SIEM, in order to run privileged code.
Impacted products: QRadar SIEM.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user account.
Creation date: 03/08/2016.
Identifiers: 1988094, CVE-2016-2875, VIGILANCE-VUL-20297.

Description of the vulnerability

The IBM QRadar SIEM product offers a web space restricted to authenticated users.

However, a parameter given in this space is directly injected in a shell command.

An authenticated attacker can therefore inject a shell command via IBM QRadar SIEM, in order to run privileged code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2869 CVE-2016-2871 CVE-2016-2873

IBM QRadar SIEM: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM QRadar SIEM.
Impacted products: QRadar SIEM.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 29/07/2016.
Identifiers: 1987768, 1987769, 1987770, 1987771, 1987773, 1987774, 1987776, 1987777, CVE-2016-2869, CVE-2016-2871, CVE-2016-2873, CVE-2016-2874, CVE-2016-2876, CVE-2016-2877, CVE-2016-2878, CVE-2016-2881, VIGILANCE-VUL-20257.

Description of the vulnerability

Several vulnerabilities were announced in IBM QRadar SIEM.

An attacker can trigger a Cross Site Scripting via QRadar UI, in order to run JavaScript code in the context of the web site. [severity:2/4; 1987768, CVE-2016-2869]

An attacker can read passwords in configuration files, in order to escalate his privileges. [severity:2/4; 1987769, CVE-2016-2871]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4; 1987770, CVE-2016-2873]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; 1987771, CVE-2016-2874]

An attacker can bypass access restrictions, in order to read or alter data. [severity:2/4; 1987773, CVE-2016-2877]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; 1987774, CVE-2016-2876]

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; 1987776, CVE-2016-2878]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; 1987777, CVE-2016-2881]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about QRadar SIEM: