The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RHEL

vulnerability CVE-2015-1881

OpenStack Image Service: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of OpenStack Image Service, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/05/2015.
Identifiers: CVE-2015-1881, RHSA-2015:0938-01, VIGILANCE-VUL-16820.

Description of the vulnerability

An attacker can generate a fatal error of OpenStack Image Service, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-9684

OpenStack Image Service: memory leak

Synthesis of the vulnerability

An attacker can create a memory leak of OpenStack Image Service, in order to trigger a denial of service.
Impacted products: RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/05/2015.
Identifiers: CVE-2014-9684, RHSA-2015:0938-01, VIGILANCE-VUL-16819.

Description of the vulnerability

An attacker can create a memory leak of OpenStack Image Service, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-7575

GnuTLS: accepting a MD5 signature

Synthesis of the vulnerability

An attacker, who can generate a signature on the fly (unlikely), can use a weak algorithm (MD5) with applications linked to GnuTLS, in order to act as a Man-in-the-Middle.
Impacted products: Debian, Fedora, openSUSE, Oracle Communications, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: internet server.
Creation date: 05/05/2015.
Identifiers: cpuoct2017, CVE-2015-7575, DSA-3437-1, FEDORA-2015-7942, GNUTLS-SA-2015-2, openSUSE-SU-2015:1372-1, RHSA-2016:0012-01, SLOTH, SSA:2015-233-01, SSA:2016-254-01, SUSE-SU-2016:0256-1, USN-2865-1, VIGILANCE-VUL-16813.

Description of the vulnerability

The GnuTLS library implements the support of the TLS 1.2 algorithm. In this version, the application can choose any combination of signature and hash algorithms.

When a TLS client receives a ServerKeyExchange message, it has to check if the algorithms chosen by the server match its security policy. Likewise, when a TLS server receives a ClientCertificateVerify message, it has to check if the algorithms chosen by the client match its security policy.

However, GnuTLS accepts MD5 signatures in any case.

This vulnerability has the same origin than VIGILANCE-VUL-18586.

An attacker, who can generate a signature on the fly (unlikely), can therefore use a weak algorithm (MD5) with applications linked to GnuTLS, in order to act as a Man-in-the-Middle.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-0252

Apache Xerces-C++: unreachable memory reading via XMLReader.cpp

Synthesis of the vulnerability

An attacker can force a read at an invalid address in XMLReader.cpp of Apache Xerces-C++, in order to trigger a denial of service.
Impacted products: Xerces-C++, Debian, Fedora, openSUSE, Oracle Communications, RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/03/2015.
Revision date: 04/05/2015.
Identifiers: cpuoct2018, CVE-2015-0252, DSA-3199-1, FEDORA-2015-4228, FEDORA-2015-4251, FEDORA-2015-4285, FEDORA-2015-4321, openSUSE-SU-2016:0966-1, RHSA-2015:1193-01, VIGILANCE-VUL-16432.

Description of the vulnerability

The Apache Xerces-C++ product uses the src/xercesc/internal/XMLReader.cpp file to analyze XML data.

However, several XMLReader.cpp finction try to read a memory area which is not reachable, which triggers a fatal error.

An attacker can therefore force a read at an invalid address in XMLReader.cpp of Apache Xerces-C++, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-8122

JBoss Weld: information disclosure via Stale Thread State

Synthesis of the vulnerability

An attacker can bypass access restrictions to data in Stale Thread State of JBoss Weld, in order to obtain sensitive information.
Impacted products: RHEL, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 04/05/2015.
Identifiers: CVE-2014-8122, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0675-01, RHSA-2015:0773-01, RHSA-2015:0850-01, RHSA-2015:0851-01, RHSA-2015:0920-01, VIGILANCE-VUL-16804.

Description of the vulnerability

An attacker can bypass access restrictions to data in Stale Thread State of JBoss Weld, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-7853

JBoss AS: information disclosure via JacORB

Synthesis of the vulnerability

An attacker can bypass access restrictions to data in JacORB of JBoss AS, in order to obtain sensitive information.
Impacted products: RHEL, JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 04/05/2015.
Identifiers: CVE-2014-7853, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0920-01, VIGILANCE-VUL-16803.

Description of the vulnerability

An attacker can bypass access restrictions to data in JacORB of JBoss AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-7849

JBoss AS: read-write access via RBAC

Synthesis of the vulnerability

An attacker can bypass access restrictions of RBAC of JBoss AS, in order to read or alter data.
Impacted products: RHEL, JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 04/05/2015.
Identifiers: CVE-2014-7849, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0920-01, VIGILANCE-VUL-16802.

Description of the vulnerability

An attacker can bypass access restrictions of RBAC of JBoss AS, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-3636

Linux kernel: use after free via ping_unhash

Synthesis of the vulnerability

A local attacker can force the usage of a freed memory area in ping_unhash() of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: privileged shell.
Creation date: 04/05/2015.
Identifiers: CERTFR-2015-AVI-254, CERTFR-2015-AVI-261, CERTFR-2015-AVI-328, CERTFR-2015-AVI-357, CVE-2015-3636, DSA-3290-1, FEDORA-2015-7736, FEDORA-2015-8518, K17246, openSUSE-SU-2015:1382-1, openSUSE-SU-2016:0301-1, RHSA-2015:1221-01, RHSA-2015:1534-01, RHSA-2015:1564-01, RHSA-2015:1565-01, RHSA-2015:1583-01, RHSA-2015:1643-01, SOL17246, SUSE-SU-2015:1071-1, SUSE-SU-2015:1224-1, SUSE-SU-2015:1376-1, SUSE-SU-2015:1478-1, USN-2631-1, USN-2632-1, USN-2633-1, USN-2634-1, USN-2635-1, USN-2636-1, USN-2637-1, USN-2638-1, VIGILANCE-VUL-16801.

Description of the vulnerability

The Linux kernel supports sockets of type ping:
  socket(PF_INET, SOCK_DGRAM, IPPROTO_ICMP)
The access to these sockets is usually restricted.

However, if the user disconnects, and the connects the socket, the ping_unhash() function frees a memory area before reusing it.

A local attacker can therefore force the usage of a freed memory area in ping_unhash() of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2010-5312

jQuery: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of jQuery, in order to execute JavaScript code in the context of the web site.
Impacted products: Debian, Fedora, jQuery Core, RHEL.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 04/05/2015.
Identifiers: CVE-2010-5312, DSA-3249-1, DSA-3249-2, FEDORA-2014-15967, FEDORA-2014-16048, RHSA-2015:0442-01, RHSA-2015:1462-01, VIGILANCE-VUL-16795.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of jQuery, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-3455

Squid: Man-in-the-Middle of SSL Bumping

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle between Squid in ssl_bump client-first/bump mode and a server, in order to alter signatures.
Impacted products: Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, Squid.
Severity: 3/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet server.
Creation date: 30/04/2015.
Identifiers: bulletinjul2015, CERTFR-2015-AVI-200, CVE-2015-3455, FEDORA-2016-7b40eb9e29, MDVSA-2015:230, openSUSE-SU-2015:1546-1, openSUSE-SU-2016:2081-1, RHSA-2015:2378-01, SQUID-2015:1, VIGILANCE-VUL-16788.

Description of the vulnerability

The Squid product uses the ssl_bump option to inspect SSL/TLS using several modes:
 - client-first: establish a TLS session with the client, and then the server.
 - server-first: establish a TLS session with the server, and then the client.

However, in the client-first or bump mode, the X.509 certificate of the SSL/TLS session is not checked by Squid.

An attacker can therefore act as a Man-in-the-Middle between Squid in ssl_bump client-first/bump mode and a server, in order to alter signatures.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RHEL: