| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of RHEL
Linux kernel: information disclosure via KVM espfix
Synthesis of the vulnerability
An attacker can use KVM of the Linux kernel, in order to obtain information about the memory layout to bypass ASLR.
Impacted products: BIG-IP Hardware, TMOS, Fedora, NSM Central Manager, NSMXpress, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 12/12/2014.
Identifiers: 1172765, CERTFR-2014-AVI-528, CERTFR-2015-AVI-021, CVE-2014-8134, FEDORA-2014-17244, FEDORA-2014-17283, FEDORA-2014-17293, JSA10853, openSUSE-SU-2015:0566-1, openSUSE-SU-2015:0713-1, openSUSE-SU-2015:0714-1, RHSA-2016:0855-01, SOL17120, SUSE-SU-2015:0481-1, SUSE-SU-2015:0581-1, SUSE-SU-2015:0736-1, USN-2441-1, USN-2442-1, USN-2443-1, USN-2444-1, USN-2445-1, USN-2446-1, USN-2447-1, USN-2447-2, USN-2448-1, USN-2448-2, USN-2464-1, VIGILANCE-VUL-15787.
Description of the vulnerability
The Linux kernel implements "espfix" which fixes a processor bug related to 16 bit addresses.
However, a guest in a KVM PV 32 bits system can obtain the 16 top bits of the address.
An attacker can therefore use KVM of the Linux kernel, in order to obtain information about the memory layout to bypass ASLR.
Complete Vigil@nce bulletin.... (Free trial) |
Python: bypassing X.509 check
Synthesis of the vulnerability
An attacker can setup a malicious HTTPS server, and invite a Python client to connect, without detecting that the web server uses the certificate from another site.
Impacted products: BIG-IP Hardware, TMOS, MBS, Solaris, Python, RHEL.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: internet server.
Confidence: confirmed by the editor (5/5).
Creation date: 11/12/2014.
Identifiers: bulletinjan2015, bulletinoct2015, CVE-2014-9365, K11068141, MDVSA-2015:075, RHSA-2017:1868-01, VIGILANCE-VUL-15786.
Description of the vulnerability
An SSL client must check that the host name included in the X.509 certificate received from the server is the one of the targeted server.
However, HTTPS clients of Python do not perform this check.
An attacker can therefore setup a malicious HTTPS server, and invite a Python client to connect, without detecting that the web server uses the certificate from another site.
Complete Vigil@nce bulletin.... (Free trial) |
rpm: integer overflow of rpmcpioHeaderRead
Synthesis of the vulnerability
An attacker can create a malicious RPM file, and invite the victim to open it with rpm, to generate an integer overflow in the rpmcpioHeaderRead() function of rpm, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: administrator access/rights, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 10/12/2014.
Identifiers: 1168715, CVE-2014-8118, DSA-3129-1, FEDORA-2014-16838, FEDORA-2014-16890, MDVSA-2014:251, MDVSA-2015:056, openSUSE-SU-2014:1716-1, RHSA-2014:1976-01, SUSE-SU-2014:1697-1, SUSE-SU-2015:0107-1, USN-2479-1, VIGILANCE-VUL-15772.
Description of the vulnerability
The rpm command is used to install packages on the system.
However, if the size of a file name is too large, an addition overflows, and a short memory area is used in the rpmcpioHeaderRead() function.
An attacker can therefore create a malicious RPM file, and invite the victim to open it with rpm, to generate an integer overflow in the rpmcpioHeaderRead() function of rpm, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial) |
rpm: code execution via Delayed Check
Synthesis of the vulnerability
An attacker can create a malicious RPM file, and invite the victim to open it with rpm, in order to execute code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 10/12/2014.
Identifiers: 1039811, CVE-2013-6435, DSA-3129-1, FEDORA-2014-16838, FEDORA-2014-16890, MDVSA-2014:251, MDVSA-2015:056, openSUSE-SU-2014:1716-1, RHSA-2014:1974-01, RHSA-2014:1975-01, RHSA-2014:1976-01, SOL16383, SUSE-SU-2014:1697-1, SUSE-SU-2015:0107-1, USN-2479-1, VIGILANCE-VUL-15771.
Description of the vulnerability
The rpm command is used to install packages on the system.
It extracts package data to a temporary file, before checking its signature. However, a system process can extract commands from this file before the signature check .
An attacker can therefore create a malicious RPM file, and invite the victim to open it with rpm, in order to execute code.
Complete Vigil@nce bulletin.... (Free trial) |
Adobe Flash Player: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Chrome, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 09/12/2014.
Identifiers: 2755801, APSB14-27, CERTFR-2014-AVI-522, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164, openSUSE-SU-2014:1622-1, openSUSE-SU-2014:1629-1, RHSA-2014:1981-01, SUSE-SU-2014:1650-1, VIGILANCE-VUL-15761, ZDI-14-416, ZDI-14-417.
Description of the vulnerability
Several vulnerabilities were announced in Adobe Flash Player.
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-0587]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-9164]
An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-8443]
An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-9163, ZDI-14-417]
An attacker can obtain sensitive information. [severity:2/4; CVE-2014-9162, ZDI-14-416]
An attacker can bypass the same origin policy, in order to obtain sensitive information. [severity:2/4; CVE-2014-0580]
Complete Vigil@nce bulletin.... (Free trial) |
X.Org Server: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of X.Org Server.
Impacted products: Debian, Fedora, MBS, NetBSD, OpenBSD, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 09/12/2014.
Identifiers: bulletinjan2015, bulletinoct2015, CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103, DSA-3095-1, FEDORA-2014-16600, FEDORA-2014-16623, FEDORA-2015-3948, FEDORA-2015-3964, MDVSA-2015:119, NetBSD-SA2015-001, openSUSE-SU-2014:1719-1, RHSA-2014:1982-01, RHSA-2014:1983-01, SSA:2014-356-03, SUSE-SU-2015:0045-1, USN-2436-1, USN-2436-2, USN-2438-1, VIGILANCE-VUL-15760.
Description of the vulnerability
Several vulnerabilities were announced in X.Org Server.
An attacker can force a NULL pointer to be dereferenced in SUN-DES-1, in order to trigger a denial of service. [severity:1/4; CVE-2014-8091]
An attacker can generate an integer overflow in X11 Core, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8092]
An attacker can generate an integer overflow in GLX, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8093]
An attacker can generate an integer overflow in DRI2, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8094]
An attacker can generate a buffer overflow in XInput, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8095]
An attacker can generate a buffer overflow in XC-MISC, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8096]
An attacker can generate a buffer overflow in DBE, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8097]
An attacker can generate a buffer overflow in GLX, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8098]
An attacker can generate a buffer overflow in XVideo, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8099]
An attacker can generate a buffer overflow in Render, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8100]
An attacker can generate a buffer overflow in RandR, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8101]
An attacker can generate a buffer overflow in XFixes, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8102]
An attacker can generate a buffer overflow in DRI3, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-8103]
Complete Vigil@nce bulletin.... (Free trial) |
ISC BIND: infinite loop of Delegation
Synthesis of the vulnerability
An attacker, who owns a malicious DNS server and who invites a client of BIND to query this server, can generate an infinite loop in the delegation processing of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, Junos OS, MBS, NetBSD, OpenBSD, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: internet server.
Confidence: confirmed by the editor (5/5).
Creation date: 09/12/2014.
Identifiers: AA-01216, bulletinjan2015, c04550240, c04769567, CERTFR-2014-AVI-512, CERTFR-2015-AVI-146, CVE-2014-8500, DSA-3094-1, FEDORA-2014-16557, FEDORA-2014-16576, FEDORA-2014-16607, FreeBSD-SA-14:29.bind, FreeBSD-SA-14:30.unbound, HPSBUX03235, HPSBUX03400, JSA10676, MDVSA-2014:238, MDVSA-2015:165, NetBSD-SA2015-002, openSUSE-SU-2015:1250-1, openSUSE-SU-2015:1250-2, RHSA-2014:1984-01, RHSA-2014:1985-01, RHSA-2016:0078-01, SOL15927, SSA:2014-344-01, SSA:2015-111-01, SSRT101750, SSRT102211, SUSE-SU-2015:0011-1, SUSE-SU-2015:0011-2, SUSE-SU-2015:0096-1, SUSE-SU-2015:0480-1, SUSE-SU-2015:0488-1, USN-2437-1, VIGILANCE-VUL-15754, VU#264212.
Description of the vulnerability
The ISC BIND product can be configured as a Recursive Resolver.
In this case, when a server indicates a delegation, BIND sends a second query to this other server. However, there is no limit on the number of delegations.
An attacker, who owns a malicious DNS server and who invites a client of BIND to query this server, can therefore generate an infinite loop in the delegation processing of ISC BIND, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
JasPer: two vulnerabilities of jpc_dec.c
Synthesis of the vulnerability
An attacker can use several vulnerabilities of JasPer.
Impacted products: Debian, Fedora, MBS, openSUSE, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Tuxedo, WebLogic, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 04/12/2014.
Identifiers: 1167537, cpujul2018, CVE-2014-9029, DSA-3089-1, FEDORA-2014-16292, FEDORA-2014-16349, FEDORA-2014-16465, FEDORA-2014-16961, FEDORA-2014-17027, FEDORA-2014-17032, MDVSA-2014:247, MDVSA-2015:159, openSUSE-SU-2014:1644-1, openSUSE-SU-2016:2737-1, RHSA-2014:2021-01, RHSA-2015:0698-01, SSA:2015-302-02, USN-2434-1, USN-2434-2, VIGILANCE-VUL-15743.
Description of the vulnerability
Several vulnerabilities were announced in JasPer.
An attacker can generate a buffer overflow in jpc_dec_cp_setfromcox(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4]
An attacker can generate a buffer overflow in jpc_dec_cp_setfromrgn(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4]
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: memory corruption via cirrus
Synthesis of the vulnerability
An attacker who is privileged in the guest system can generate a memory corruption in the host system via cirrus of QEMU, in order to trigger a denial of service, and possibly to execute code.
Impacted products: XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, MBS, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: privileged shell.
Confidence: confirmed by the editor (5/5).
Creation date: 04/12/2014.
Identifiers: CERTFR-2015-AVI-161, CTX200892, CVE-2014-8106, DSA-3087-1, DSA-3088-1, FEDORA-2015-1886, FEDORA-2015-5482, MDVSA-2014:249, MDVSA-2015:061, RHSA-2015:0349-01, RHSA-2015:0624-01, RHSA-2015:0643-01, RHSA-2015:0795-01, RHSA-2015:0867-01, RHSA-2015:0868-01, RHSA-2015:0891-01, SOL63519101, SUSE-SU-2017:0582-1, SUSE-SU-2017:0647-1, SUSE-SU-2017:0718-1, USN-2439-1, VIGILANCE-VUL-15742.
Description of the vulnerability
The QEMU product uses by default the hw/display/cirrus_vga.c VGA driver.
However, the blit_is_unsafe() function, does not check if the BIT BLIT (picture in picture) operation uses a size which is too large.
An attacker who is privileged in the guest system can therefore generate a memory corruption in the host system via cirrus of QEMU, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial) |
Firefox, Thunderbird, SeaMonkey: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Firefox, Thunderbird and SeaMonkey.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, client access/rights, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 02/12/2014.
Identifiers: CERTFR-2014-AVI-503, CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1591, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594, CVE-2014-1595, CVE-2014-8631, CVE-2014-8632, DSA-3090-1, DSA-3092-1, FEDORA-2014-16242, FEDORA-2014-16259, FEDORA-2014-17126, FEDORA-2014-17217, FEDORA-2014-17219, MFSA-2014-83, MFSA-2014-84, MFSA-2014-85, MFSA-2014-86, MFSA-2014-87, MFSA-2014-88, MFSA-2014-89, MFSA-2014-90, MFSA-2014-91, openSUSE-SU-2014:1581-1, openSUSE-SU-2014:1654-1, openSUSE-SU-2014:1655-1, openSUSE-SU-2014:1656-1, openSUSE-SU-2015:1266-1, RHSA-2014:1919-01, RHSA-2014:1924-01, SSA:2014-337-01, SSA:2014-344-02, SSA:2014-344-06, SUSE-SU-2014:1624-1, USN-2424-1, USN-2428-1, VIGILANCE-VUL-15729.
Description of the vulnerability
Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1587, CVE-2014-1588, MFSA-2014-83]
An attacker can use the XML Binding Language, in order to escalate his privileges. [severity:2/4; CVE-2014-1589, MFSA-2014-84]
An attacker can use XMLHttpRequest, in order to trigger a denial of service. [severity:2/4; CVE-2014-1590, MFSA-2014-85]
An attacker can bypass the Content Security Policy, in order to obtain sensitive information in urls. [severity:3/4; CVE-2014-1591, MFSA-2014-86]
An attacker can force the usage of a freed memory area in HTML5, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1592, MFSA-2014-87]
An attacker can generate a buffer overflow via a Media Content, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1593, MFSA-2014-88]
An attacker can generate a memory corruption via a cast from BasicThebesLayer to BasicContainerLayer, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-1594, MFSA-2014-89]
An attacker can read logs on OS X, in order to obtain sensitive information. [severity:3/4; CVE-2014-1595, MFSA-2014-90]
An attacker can use XrayWrappers, in order to obtain sensitive information. [severity:2/4; CVE-2014-8631, CVE-2014-8632, MFSA-2014-91]
An attacker can therefore invite the victim to navigate on a malicious site, in order for example to execute code on his computer.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about RHEL:
|