The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Security Directory Server

vulnerability bulletin CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Impacted products: Avaya Ethernet Routing Switch, Blue Coat CAS, ProxySG par Blue Coat, SGOS by Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, Avamar, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeRADIUS, hMailServer, HPE BSM, LoadRunner, HP Operations, Performance Center, Real User Monitoring, SiteScope, HP Switch, HP-UX, AIX, DB2 UDB, Informix Server, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli System Automation, WebSphere MQ, Junos Space, McAfee Email Gateway, ePO, Data ONTAP, Snap Creator Framework, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, SSL protocol, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/08/2016.
Identifiers: 1610582, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1994375, 1995099, 1995922, 1998797, 1999054, 1999421, 2000209, 2000212, 2000370, 2000544, 2001608, 2002021, 2002335, 2002336, 2002479, 2002537, 2002870, 2002897, 2002991, 2003145, 2003480, 2003620, 2003673, 2004036, 2008828, 523628, 9010102, bulletinapr2017, c05349499, c05369403, c05369415, c05390849, CERTFR-2017-AVI-012, CERTFR-2019-AVI-049, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpujul2017, cpuoct2017, CVE-2016-2183, CVE-2016-6329, DSA-2018-124, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FG-IR-17-173, HPESBGN03697, HPESBGN03765, HPESBUX03725, HPSBGN03690, HPSBGN03694, HPSBHF03674, ibm10718843, java_jan2017_advisory, JSA10770, KM03060544, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2017:1638-1, openSUSE-SU-2018:0458-1, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, RHSA-2018:2123-01, SA133, SA40312, SB10171, SB10186, SB10197, SB10215, SOL13167034, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SSA:2016-363-01, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2017:1444-1, SUSE-SU-2017:2838-1, SUSE-SU-2017:3177-1, SWEET32, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3270-1, USN-3339-1, USN-3339-2, USN-3372-1, VIGILANCE-VUL-20473.

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6313

GnuPG: predicting 160 bits

Synthesis of the vulnerability

An attacker can use a vulnerability in the pseudo-random generator of GnuPG, in order to predict bits.
Impacted products: Debian, Fedora, GnuPG, Security Directory Server, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/08/2016.
Identifiers: 2000347, bulletinoct2017, CVE-2016-6313, CVE-2016-6316-ERROR, DLA-600-1, DLA-602-1, DSA-3649-1, DSA-3650-1, FEDORA-2016-2b4ecfa79f, FEDORA-2016-3a0195918f, FEDORA-2016-81aab0aff9, FEDORA-2016-9864953aa3, openSUSE-SU-2016:2208-1, openSUSE-SU-2016:2423-1, RHSA-2016:2674-01, SSA:2016-236-01, SSA:2016-236-02, USN-3064-1, USN-3065-1, VIGILANCE-VUL-20413.

Description of the vulnerability

The GnuPG/Libgcrypt product uses a pseudo-random generator to generate series of bits, used by keys.

However, an attacker who can read 4640 successive bits can predict the 160 next bits.

Existing RSA keys are not weakened. Existing DSA / ElGamal keys should not be weakened. The editor thus recommends to not revoke existing keys.

An attacker can therefore use a vulnerability in the pseudo-random generator of GnuPG, in order to predict bits.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-0718 CVE-2016-2830 CVE-2016-2835

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Impacted products: Debian, Fedora, Security Directory Server, Firefox, SeaMonkey, Thunderbird, openSUSE, openSUSE Leap, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Tuxedo, WebLogic, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 23.
Creation date: 03/08/2016.
Identifiers: 2000347, CERTFR-2016-AVI-259, cpujul2018, CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5253, CVE-2016-5254, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5267, CVE-2016-5268, DLA-585-1, DLA-640-1, DSA-3640-1, DSA-3686-1, FEDORA-2016-7dd68d253f, FEDORA-2016-e77b6d963a, FEDORA-2016-f8ae4ede46, MFSA-2016-62, MFSA-2016-63, MFSA-2016-64, MFSA-2016-65, MFSA-2016-66, MFSA-2016-67, MFSA-2016-68, MFSA-2016-69, MFSA-2016-70, MFSA-2016-71, MFSA-2016-72, MFSA-2016-73, MFSA-2016-74, MFSA-2016-75, MFSA-2016-76, MFSA-2016-77, MFSA-2016-78, MFSA-2016-79, MFSA-2016-80, MFSA-2016-81, MFSA-2016-82, MFSA-2016-83, MFSA-2016-84, openSUSE-SU-2016:1964-1, openSUSE-SU-2016:2026-1, openSUSE-SU-2016:2253-1, openSUSE-SU-2016:2254-1, openSUSE-SU-2016:2378-1, RHSA-2016:1551-01, RHSA-2016:1809-01, SSA:2016-219-02, SSA:2016-244-01, SUSE-SU-2016:2061-1, SUSE-SU-2016:2131-1, SUSE-SU-2016:2195-1, USN-3044-1, USN-3073-1, VIGILANCE-VUL-20294, ZDI-16-673.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla Firefox/Thunderbird.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-2835, CVE-2016-2836, MFSA-2016-62]

An attacker can bypass security features via Favicon Network Connection, in order to obtain sensitive information. [severity:3/4; CVE-2016-2830, MFSA-2016-63]

An attacker can generate a buffer overflow via SVG With Bidirectional Content, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-2838, MFSA-2016-64]

An attacker can generate a memory corruption via LibAV, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2839, MFSA-2016-65]

An attacker can alter displayed information via Malformed/invalid Mediatypes, in order to deceive the victim. [severity:2/4; CVE-2016-5251, MFSA-2016-66]

An attacker can generate a memory corruption via 2D Graphics Rendering, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5252, MFSA-2016-67]

An attacker can force a read at an invalid address via XML Parsing, in order to trigger a denial of service, or to obtain sensitive information (VIGILANCE-VUL-19644). [severity:2/4; CVE-2016-0718, MFSA-2016-68]

An attacker can bypass security features via Mozilla Updater, in order to escalate his privileges. [severity:2/4; CVE-2016-5253, MFSA-2016-69]

An attacker can force the usage of a freed memory area via Alt Key, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5254, MFSA-2016-70]

An attacker can generate a memory corruption via Incremental Garbage Collection, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5255, MFSA-2016-71]

An attacker can force the usage of a freed memory area via DTLS WebRTC, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5258, MFSA-2016-72]

An attacker can force the usage of a freed memory area via Service Workers, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5259, MFSA-2016-73]

An attacker can bypass security features via Form Input, in order to obtain sensitive information. [severity:2/4; CVE-2016-5260, MFSA-2016-74]

An attacker can generate an integer overflow via WebSockets, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5261, MFSA-2016-75]

An attacker can trigger a Cross Site Scripting via Marquee, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-5262, MFSA-2016-76]

An attacker can generate a buffer overflow via ClearKey Content Decryption Module, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-2837, MFSA-2016-77, ZDI-16-673]

An attacker can generate a memory corruption via Display Transformation, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5263, MFSA-2016-78]

An attacker can force the usage of a freed memory area via SVG Effects, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5264, MFSA-2016-79]

An attacker can bypass the origin check via Saved Shortcut File, in order to access to victim's data. [severity:2/4; CVE-2016-5265, MFSA-2016-80]

An attacker can bypass security features via Drag And Drop, in order to obtain sensitive information. [severity:2/4; CVE-2016-5266, MFSA-2016-81]

An attacker can alter displayed information via Right-to-left Characters, in order to deceive the victim. [severity:2/4; CVE-2016-5267, MFSA-2016-82]

An attacker can alter displayed information via Internal Error Pages, in order to deceive the victim. [severity:1/4; CVE-2016-5268, MFSA-2016-83]

An attacker can bypass security features via Resource Timing API, in order to obtain sensitive information. [severity:2/4; CVE-2016-5250, MFSA-2016-84]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-1977

IBM Tivoli/Security Directory Server: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of IBM Tivoli/Security Directory Server, in order to read a file outside the service root path.
Impacted products: Security Directory Server, Tivoli Directory Server.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 12/07/2016.
Identifiers: 1986452, CVE-2015-1977, VIGILANCE-VUL-20068.

Description of the vulnerability

The IBM Tivoli/Security Directory Server product offers a web service.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of IBM Tivoli/Security Directory Server, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-0389

IBM WebSphere Application Server (Liberty Profile): information disclosure via "Admin Center"

Synthesis of the vulnerability

An attacker can use a vulnerability via the Admin Center of IBM WebSphere Application Server, in order to obtain sensitive information.
Impacted products: Security Directory Server, WebSphere AS Traditional.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 28/06/2016.
Identifiers: 1982012, 1995259, CVE-2016-0389, VIGILANCE-VUL-19989.

Description of the vulnerability

The IBM product WebSphere Application Server Liberty Profile offers a web interface for administration.

However, an attacker can bypass access restrictions to data.

An attacker can therefore use a vulnerability via the Admin Center of IBM WebSphere Application Server, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-2834

Mozilla NSS: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Security Directory Server, QRadar SIEM, NSS, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 08/06/2016.
Identifiers: 1206283, 1221620, 1241034, 1241037, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2000347, CERTFR-2016-AVI-193, cpujul2017, cpuoct2017, CVE-2016-2834, DLA-527-1, DSA-3688-1, MFSA-2016-61, openSUSE-SU-2016:1552-1, openSUSE-SU-2016:1557-1, RHSA-2016:2779-01, SA137, SOL15479471, SUSE-SU-2016:1691-1, SUSE-SU-2016:1799-1, SUSE-SU-2016:2061-1, SUSE-SU-2016:2195-1, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SYMSA1391, USN-3029-1, VIGILANCE-VUL-19835.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla NSS.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-2815 CVE-2016-2818 CVE-2016-2819

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Impacted products: Debian, Fedora, Security Directory Server, Firefox, SeaMonkey, Thunderbird, openSUSE, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 08/06/2016.
Identifiers: 2000347, CERTFR-2016-AVI-193, CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2825, CVE-2016-2826, CVE-2016-2828, CVE-2016-2829, CVE-2016-2831, CVE-2016-2832, CVE-2016-2833, CVE-2016-2834, DLA-518-1, DLA-521-1, DLA-572-1, DSA-3600-1, DSA-3647-1, FEDORA-2016-559fb75a4c, FEDORA-2016-f89d347ad6, MFSA-2016-49, MFSA-2016-50, MFSA-2016-51, MFSA-2016-52, MFSA-2016-53, MFSA-2016-54, MFSA-2016-55, MFSA-2016-56, MFSA-2016-57, MFSA-2016-58, MFSA-2016-59, MFSA-2016-60, MFSA-2016-61, openSUSE-SU-2016:1552-1, openSUSE-SU-2016:1557-1, RHSA-2016:1217-01, RHSA-2016:1392-01, SSA:2016-187-01, SUSE-SU-2016:1691-1, SUSE-SU-2016:1799-1, SUSE-SU-2016:2061-1, SUSE-SU-2016:2195-1, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, USN-2993-1, USN-3023-1, VIGILANCE-VUL-19834.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla Firefox/Thunderbird.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-2815, CVE-2016-2818, MFSA-2016-49]

An attacker can generate a buffer overflow via HTML5 Fragments, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-2819, MFSA-2016-50]

An attacker can force the usage of a freed memory area via Contenteditable, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-2821, MFSA-2016-51]

An attacker can use the SELECT element, in order to spoof the address bar. [severity:2/4; CVE-2016-2822, MFSA-2016-52]

An attacker can generate a buffer overflow via WebGL Shader, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-2824, MFSA-2016-53]

An attacker can bypass security features via location.host, in order to obtain sensitive information. [severity:1/4; CVE-2016-2825, MFSA-2016-54]

An attacker can bypass security features via Windows Updater, in order to escalate his privileges. [severity:3/4; CVE-2016-2826, MFSA-2016-55]

An attacker can force the usage of a freed memory area via WebGL Textures, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-2828, MFSA-2016-56]

Permission notifications use the wrong icon. [severity:1/4; CVE-2016-2829, MFSA-2016-57]

An attacker can bypass security features via Fullscreen And Persistent Pointerlock, in order to escalate his privileges. [severity:3/4; CVE-2016-2831, MFSA-2016-58]

An attacker can bypass security features via CSS Pseudo-classes Disabled Plugins, in order to obtain sensitive information. [severity:2/4; CVE-2016-2832, MFSA-2016-59]

An attacker can trigger a Cross Site Scripting via Java applets, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-2833, MFSA-2016-60]

An attacker can use several vulnerabilities of Mozilla NSS (VIGILANCE-VUL-19835). [severity:2/4; CVE-2016-2834, MFSA-2016-61]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-0718

Expat: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Expat, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Notes, Security Directory Server, WebSphere AS Traditional, openSUSE, openSUSE Leap, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/05/2016.
Identifiers: 1988026, 1990421, 1990658, 2000347, bulletinjul2016, CERTFR-2018-AVI-288, cpujul2018, CVE-2016-0718, DSA-3582-1, FEDORA-2016-0fd6ca526a, FEDORA-2016-60889583ab, FEDORA-2016-7c6e7a9265, HT206903, K52320548, openSUSE-SU-2016:1441-1, openSUSE-SU-2016:1523-1, RHSA-2016:2824-01, SSA:2016-359-01, SSA:2017-266-02, SSA:2018-124-01, SUSE-SU-2016:1508-1, SUSE-SU-2016:1512-1, TNS-2016-11, TNS-2018-08, USN-2983-1, USN-3013-1, VIGILANCE-VUL-19644.

Description of the vulnerability

An attacker can generate a buffer overflow of Expat, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-8325

OpenSSH: privilege escalation via UseLogin

Synthesis of the vulnerability

A local attacker can use UseLogin of OpenSSH, in order to escalate his privileges.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, AIX, Security Directory Server, Junos Space, NSM Central Manager, NSMXpress, OpenSSH, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 18/04/2016.
Identifiers: 2009389, bulletinoct2016, CERTFR-2016-AVI-279, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2015-8325, DSA-3550-1, FEDORA-2016-3f128cf0ce, FEDORA-2016-7f5004093e, FEDORA-2016-d31c00ca51, JSA10770, JSA10774, openSUSE-SU-2016:1455-1, RHSA-2016:2588-02, RHSA-2017:0641-01, SA121, SA126, SOL20911042, SSA:2016-219-03, USN-2966-1, VIGILANCE-VUL-19390.

Description of the vulnerability

The OpenSSH product can be configured with:
 - UseLogin=yes in sshd_config
 - PAM which reads environment variables via ~/.pam_environment

However, in this case, a local attacker can set the LD_PRELOAD variable to escalate his privileges during the call to /bin/login.

A local attacker can therefore use UseLogin of OpenSSH, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-7420 CVE-2015-7421

GSKit: two vulnerabilities of GDA

Synthesis of the vulnerability

An attacker can use several vulnerabilities of GSKit of IBM Tivoli Directory Server, Security Directory Server.
Impacted products: Security Directory Server, SPSS Modeler, Tivoli Workload Scheduler, WebSphere MQ.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/01/2016.
Identifiers: 1978182, 1982432, 1983690, CVE-2015-7420, CVE-2015-7421, T1023277, VIGILANCE-VUL-18820.

Description of the vulnerability

The GSKit component provides a pseudo random number generator.

In order to keep the PRNG output unpredictable, the PRNG internal state must be unpredictable, uncopyable and never restored. However, a user program can create child processes with the fork() system call that duplicates the whole virtual memory of the calling process. So the child processes starts with the same state than their parent and so may produce the same pseudo-random sequence.

The internal state of the GSKit PRNG is so duplicated. [severity:1/4; CVE-2015-7420]

The internal state of the "ICC PRNG" of GSKit is so duplicated. [severity:1/4; CVE-2015-7421]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.