The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Enterprise Linux

computer vulnerability note CVE-2015-3143 CVE-2015-3144 CVE-2015-3145

cURL: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cURL.
Impacted products: curl, Debian, BIG-IP Hardware, TMOS, Fedora, HP Switch, Juniper J-Series, JUNOS, MBS, openSUSE, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 22/04/2015.
Identifiers: c04986859, CERTFR-2016-AVI-128, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, DSA-3232-1, FEDORA-2015-6712, FEDORA-2015-6728, FEDORA-2015-6853, HPSBHF03544, JSA10743, MDVSA-2015:219, MDVSA-2015:220, openSUSE-SU-2015:0799-1, RHSA-2015:1254-02, RHSA-2015:2159-06, SOL16704, SOL16707, SOL16708, SSA:2015-302-01, USN-2591-1, VIGILANCE-VUL-16689.

Description of the vulnerability

Several vulnerabilities were announced in cURL.

In order to optimize its performance, libcurl uses a pool to store its recent connections. However, after a first NTLM query, if the second query does not set a login, the memorized connection is reused. In this case, authentication data of the first query are thus used for the second query. [severity:2/4; CVE-2015-3143]

In order to optimize its performance, libcurl uses a pool to store its recent connections. However, after a first Negotiate query, if the second query uses a new login, the memorized connection is reused. In this case, authentication data of the first query are thus used for the second query. [severity:2/4; CVE-2015-3148]

An attacker can force a read at an invalid address in sanitize_cookie_path(), in order to trigger a denial of service. [severity:2/4; CVE-2015-3145]

An attacker can use an url such as "http://:80" to generate a memory corruption of one byte in fix_hostname(), in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2015-3144]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-1781

glibc: buffer overflow of gethostbyname_r

Synthesis of the vulnerability

An attacker can generate a buffer overflow in gethostbyname_r() of the glibc, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 21/04/2015.
Identifiers: 1199525, CVE-2015-1781, DSA-3480-1, FEDORA-2016-0480defc94, MDVSA-2015:218, openSUSE-SU-2015:0955-1, RHSA-2015:0863-01, RHSA-2015:2199-07, RHSA-2015:2589-01, SOL16865, SUSE-SU-2015:1424-1, SUSE-SU-2016:0470-1, USN-2985-1, USN-2985-2, VIGILANCE-VUL-16664.

Description of the vulnerability

The glibc library provides functions based on gethostbyname_r() (multi-thread) to obtain the IP address of a server from its DNS name.

However, if data is not memory aligned, an overflow occurs.

An attacker can therefore generate a buffer overflow in gethostbyname_r() of the glibc, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-3339

Linux kernel: privilege escalation via chown/execve

Synthesis of the vulnerability

A local attacker can use an execve() during the chown() operation by the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 20/04/2015.
Identifiers: CERTFR-2015-AVI-198, CERTFR-2015-AVI-236, CERTFR-2015-AVI-357, CERTFR-2015-AVI-498, CVE-2015-3339, DSA-3237-1, FEDORA-2015-7736, FEDORA-2015-8518, openSUSE-SU-2015:1382-1, openSUSE-SU-2016:0301-1, openSUSE-SU-2016:2649-1, RHSA-2015:1272-01, RHSA-2015:2152-02, RHSA-2015:2411-01, SOL95345942, SUSE-SU-2015:1071-1, SUSE-SU-2015:1376-1, SUSE-SU-2016:2074-1, USN-2583-1, USN-2584-1, USN-2596-1, USN-2597-1, USN-2597-2, USN-2598-1, USN-2598-2, USN-2599-1, USN-2599-2, USN-2600-1, USN-2600-2, USN-2601-1, USN-2612-1, VIGILANCE-VUL-16653.

Description of the vulnerability

The chown() system call changes the owner of a file. If this file had the suid/sgid bit, then chown() removes it, using an inode mutex to temporarily lock the access during the operation.

However, the execve() system call does not use this mutex. So, there is a time frame when the file is still suid/sgid, and is owned by the new user.

A local attacker can therefore use an execve() during the chown() operation by the Linux kernel, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-7941 CVE-2015-7942

libxml2: unreachable memory reading via Entity

Synthesis of the vulnerability

An attacker can use a partial entity, to force a read at an invalid address in libxml2, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, AIX, libxml, openSUSE, openSUSE Leap, RHEL, Nessus, Ubuntu.
Severity: 2/4.
Creation date: 20/04/2015.
Identifiers: 744980, CVE-2015-7941, CVE-2015-7942, DSA-3430-1, FEDORA-2015-037f844d3e, FEDORA-2015-c24af963a2, FEDORA-2016-189a7bf68c, FEDORA-2016-a9ee80b01d, openSUSE-SU-2015:2372-1, openSUSE-SU-2016:0106-1, RHSA-2015:2549-01, RHSA-2015:2550-01, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, SOL61570943, TNS-2017-03, USN-2812-1, VIGILANCE-VUL-16652.

Description of the vulnerability

An XML document can contain a comment starting with "<!ENTITY " and ending with ">".

However, if an entity does not end, libxml2 tries to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore use a partial entity, to force a read at an invalid address in libxml2, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-2783 CVE-2015-3329 CVE-2015-3330

PHP 5.5: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.5.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, MBS, Solaris, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 17/04/2015.
Revision date: 17/04/2015.
Identifiers: 69152, 69218, 69227, 69316, 69324, 69337, 69353, 69441, bulletinjul2015, c04686230, CERTFR-2015-AVI-187, CVE-2015-2783, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, DSA-3280-1, FEDORA-2015-6399, HPSBUX03337, MDVSA-2015:209, RHSA-2015:1135-01, RHSA-2015:1186-01, RHSA-2015:1218-01, SOL17028, SOL17061, SSRT102066, SUSE-SU-2015:0868-1, SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2016:1638-1, USN-2572-1, USN-2658-1, VIGILANCE-VUL-16646.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.5.

An attacker can use apache2handler, in order to execute code. [severity:3/4; 69218, CVE-2015-3330]

An attacker can use a type error in exception::getTraceAsString, in order to obtain sensitive information. [severity:2/4; 69152, CVE-2015-4599]

An attacker can generate a memory corruption in php_stream_url_wrap_http_ex, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69337]

An attacker can use the null character, in order to access to other files. [severity:2/4; 69353, CVE-2015-3411, CVE-2015-3412]

An attacker can force the usage of a freed memory area in php_curl, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69316]

An attacker can force a read at an invalid address in Phar, in order to trigger a denial of service. [severity:2/4; 69324, CVE-2015-2783]

An attacker can generate a buffer overflow in phar_set_inode, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69441, CVE-2015-3329]

An attacker can force the usage of a freed memory area in zval_scan, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69227]

An attacker can use a type error in SoapFault unserialize(), in order to obtain sensitive information. [severity:2/4; CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-2301 CVE-2015-2783 CVE-2015-3329

PHP 5.4: eleven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.4.
Impacted products: Debian, BIG-IP Hardware, TMOS, HP-UX, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 17/04/2015.
Revision date: 17/04/2015.
Identifiers: 66550, 68901, 69152, 69218, 69316, 69324, 69337, 69353, 69441, bulletinjul2015, c04686230, CERTFR-2015-AVI-187, CVE-2015-2301, CVE-2015-2783, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, DSA-3280-1, HPSBUX03337, openSUSE-SU-2015:0855-1, openSUSE-SU-2015:1197-1, RHSA-2015:1053-01, RHSA-2015:1066-01, RHSA-2015:1135-01, RHSA-2015:1218-01, SOL17028, SOL17061, SSA:2015-111-10, SSRT102066, SUSE-SU-2015:0868-1, SUSE-SU-2015:1265-1, SUSE-SU-2016:1638-1, USN-2572-1, VIGILANCE-VUL-16645.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.4.

An attacker can use apache2handler, in order to execute code. [severity:3/4; 69218, CVE-2015-3330]

An attacker can use a type error in exception::getTraceAsString, in order to obtain sensitive information. [severity:2/4; 69152, CVE-2015-4599]

An attacker can generate a memory corruption in php_stream_url_wrap_http_ex, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69337]

An attacker can use the null character, in order to access to other files. [severity:2/4; 69353, CVE-2015-3411, CVE-2015-3412]

An attacker can force the usage of a freed memory area in php_curl, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69316]

An attacker can force the usage of a freed memory area in phar_object.c, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 68901, CVE-2015-2301]

An attacker can force a read at an invalid address in Phar, in order to trigger a denial of service. [severity:2/4; 69324, CVE-2015-2783]

An attacker can generate a buffer overflow in phar_set_inode, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69441, CVE-2015-3329]

An attacker can generate a memory corruption in SoapFault unserialize(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69152]

An attacker can force the usage of a freed memory area in SQLite, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 66550]

An attacker can use a type error in SoapFault unserialize(), in order to obtain sensitive information. [severity:2/4; CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-3331

Linux kernel: denial of service via GCM

Synthesis of the vulnerability

An attacker can make the Linux kernel decrypt data with algorithm AES-GCM, in order to trigger a denial of service and perhaps run code with kernel privileges.
Impacted products: Debian, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 15/04/2015.
Revision date: 16/04/2015.
Identifiers: CERTFR-2015-AVI-236, CERTFR-2015-AVI-243, CERTFR-2015-AVI-254, CVE-2015-3331, DSA-3237-1, RHSA-2015:0981-01, RHSA-2015:0987-01, RHSA-2015:0989-01, RHSA-2015:1081-01, RHSA-2015:1199-01, SUSE-SU-2015:1071-1, SUSE-SU-2015:1376-1, SUSE-SU-2015:1478-1, USN-2613-1, USN-2614-1, USN-2615-1, USN-2616-1, USN-2631-1, USN-2632-1, VIGILANCE-VUL-16619.

Description of the vulnerability

The Linux kernel includes an implementation of some cryptographic algorithms, notably used by IPsec.

The set of supported algorithms includes AES and the mode GCM; which adds authentication of the sender to the encryption. Recent models of Intel processor have some instructions dedicated to fast AES software implementation. However, the kernel module that implements that, namely "aesni-intel" and precisely the routine "__driver_rfc4106_decrypt" defined in the file "arch/x86/crypto/aesni-intel_glue.c" does not rightly compute the size of the decrypted text. So the decryption leads to a memory corruption in the caller, another kernel module, and maybe to code injection.

An attacker can make the Linux kernel decrypt data with algorithm AES-GCM, in order to trigger a denial of service and perhaps to run code with kernel privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-3315

Abrt: privilege escalation via symlink

Synthesis of the vulnerability

A local attacker can create a symbolic link when Abrt is run, in order to alter the pointed file, with privileges of the Linux kernel.
Impacted products: Fedora, Linux, RHEL.
Severity: 2/4.
Creation date: 15/04/2015.
Revision date: 16/04/2015.
Identifiers: 1415483, CVE-2015-3315, FEDORA-2015-10193, FEDORA-2015-9886, RHSA-2015:1083-01, RHSA-2015:1210-01, VIGILANCE-VUL-16627.

Description of the vulnerability

The Linux system uses the Abrt tool (Automatic Bug Reporting Tool) to inform developers about errors.

However, when the file is opened, Abrt does not check if it is an existing symbolic link. The file pointed by the link is thus opened with root privileges, and the usage of /proc/pid/exe as a link allows to jump.

A local attacker can therefore create a symbolic link when Abrt is run, to interact with a root process, in order to gain its privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-0240

Samba: use after free via NetLogon

Synthesis of the vulnerability

An unauthenticated attacker can force the usage of a freed memory area in NetLogon of Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Impacted products: Debian, Fedora, HP-UX, MBS, OES, openSUSE, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Creation date: 23/02/2015.
Revision date: 15/04/2015.
Identifiers: 7014420, bulletinjan2015, c04636672, CERTFR-2015-AVI-078, CVE-2015-0240, DSA-3171-1, FEDORA-2015-2519, FEDORA-2015-2538, HPSBUX03320, MDVSA-2015:081, MDVSA-2015:082, MDVSA-2015:083, openSUSE-SU-2015:0375-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2015:0249-01, RHSA-2015:0250-01, RHSA-2015:0251-01, RHSA-2015:0252-01, RHSA-2015:0253-01, RHSA-2015:0254-01, RHSA-2015:0255-01, RHSA-2015:0256-01, RHSA-2015:0257-01, SSA:2015-064-01, SSRT101952, SUSE-SU-2015:0353-1, SUSE-SU-2015:0371-1, SUSE-SU-2015:0386-1, USN-2508-1, VIGILANCE-VUL-16242.

Description of the vulnerability

The Samba product implements the NetLogon service.

An unauthenticated attacker (NULL session over IPC) can use the RPC ServerPasswordSet() of NetLogon. However, the _netr_ServerPasswordSet() function frees a memory area before reusing it.

An unauthenticated attacker can therefore force the usage of a freed memory area in NetLogon of Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-3414 CVE-2015-3415 CVE-2015-3416

SQLite: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SQLite.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, MBS, Solaris, PHP, RHEL, Slackware, SQLite, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Creation date: 15/04/2015.
Identifiers: bulletinapr2016, CERTFR-2015-AVI-265, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, DSA-3252-1, DSA-3252-2, FEDORA-2015-6324, FEDORA-2015-6349, MDVSA-2015:217, RHSA-2015:1634-01, RHSA-2015:1635-01, SOL16950, SSA:2015-198-02, USN-2698-1, VIGILANCE-VUL-16615.

Description of the vulnerability

Several vulnerabilities were announced in SQLite.

An attacker can force a read at an invalid address in the parser of collation rules, in order to trigger a denial of service. [severity:1/4; CVE-2015-3414]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:1/4; CVE-2015-3415]

An attacker can generate a buffer overflow in a use of printf, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2015-3416]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Enterprise Linux: