The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Spectrum Protect

vulnerability note CVE-2014-3570 CVE-2014-3571 CVE-2014-3572

OpenSSL: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ATA, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Cisco IP Phone, Cisco MeetingPlace, Cisco WSA, Clearswift Email Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, DB2 UDB, Domino, Notes, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, MBS, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, pfSense, Puppet, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 08/01/2015.
Identifiers: 1610582, 1699810, 1700997, 1902260, 1903541, 1973383, 55767, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, CERTFR-2015-AVI-008, CERTFR-2015-AVI-108, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2016, cpuoct2017, CTX216642, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FreeBSD-SA-15:01.openssl, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, SA40015, SA88, SB10108, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, USN-2459-1, VIGILANCE-VUL-15934, VU#243585.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can send a DTLS message, to force a NULL pointer to be dereferenced in dtls1_get_record(), in order to trigger a denial of service. [severity:2/4; CVE-2014-3571]

An attacker can send a DTLS message, to create a memory leak in dtls1_buffer_record(), in order to trigger a denial of service. [severity:1/4; CVE-2015-0206]

An attacker can force a TLS client to use ECDH instead of ECDHE (ephemeral). [severity:2/4; CVE-2014-3572]

An attacker can force a TLS client to use EXPORT_RSA instead of RSA (VIGILANCE-VUL-16301). [severity:2/4; CVE-2015-0204, VU#243585]

An attacker can authenticate without using a private key, in the case where the server trusts a certification authority publishing certificates with DH keys (rare case) (VIGILANCE-VUL-16300). [severity:2/4; CVE-2015-0205]

An attacker can change the fingerprint of a certificate, with no known consequence on security. [severity:1/4; CVE-2014-8275]

In some rare cases, the BN_sqr() function produces an invalid result, with no known consequence on security. [severity:1/4; CVE-2014-3570]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-3569

OpenSSL: NULL pointer dereference via ssl23_get_client_hello

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in ssl23_get_client_hello() of OpenSSL, in order to trigger a denial of service.
Impacted products: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ATA, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Cisco IP Phone, Cisco MeetingPlace, Cisco WSA, Clearswift Email Gateway, Debian, FreeBSD, HP-UX, Tivoli Storage Manager, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, MBS, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Slackware.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 29/12/2014.
Identifiers: 1973383, 9010028, ARUBA-PSA-2015-003, bulletinapr2017, bulletinjan2015, c04556853, CERTFR-2015-AVI-108, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuoct2017, CTX216642, CVE-2014-3569, DSA-3125-1, FreeBSD-SA-15:01.openssl, HPSBUX03244, JSA10679, MDVSA-2015:019, MDVSA-2015:062, NetBSD-SA2015-006, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, SA40015, SA88, SB10108, SSA:2015-009-01, SSRT101885, VIGILANCE-VUL-15882.

Description of the vulnerability

The OpenSSL library can be compiled with the no-ssl3 option, in order to disable SSLv3.

However, since the patch for the vulnerability VIGILANCE-VUL-15491, if OpenSSL is compiled with no-ssl3 and receives a SSL v3 Client Hello message, the ssl23_get_client_hello() function of the ssl/s23_srvr.c file uses a NULL pointer.

An attacker can therefore force a NULL pointer to be dereferenced in ssl23_get_client_hello() of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-4817

IBM Tivoli Storage Manager: altering files via BACKUPINITIATION

Synthesis of the vulnerability

A local attacker can alter backups of IBM Tivoli Storage Manager, in order to store a malicious program for example.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 19/11/2014.
Identifiers: 1686874, CVE-2014-4817, VIGILANCE-VUL-15672.

Description of the vulnerability

The IBM Tivoli Storage Manager product uses the BACKUPINITIATION directive to indicate users allowed to perform backups.

However, an attacker who is not authorized can replace saved files.

A local attacker can therefore alter backups of IBM Tivoli Storage Manager, in order to store a malicious program for example.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-0907

IBM TSM Client: privilege escalation via SetUID

Synthesis of the vulnerability

A local attacker can create a malicious library, which is loaded by a suid program of IBM TSM Client, in order to escalate his privileges.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 14/08/2014.
Identifiers: 1680454, CVE-2014-0907, VIGILANCE-VUL-15195.

Description of the vulnerability

The IBM TSM Client product installs several suid root programs.

However, they are compiled with a relative RPATH, so they accept to load libraries located from the current directory.

A local attacker can therefore create a malicious library, which is loaded by a suid program of IBM TSM Client, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-6335

IBM TSM for Space Management: read-write access via Backup-Archive

Synthesis of the vulnerability

An attacker can bypass access restrictions of IBM TSM for Space Management files, in order to read or alter data.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 14/08/2014.
Identifiers: 1680453, CVE-2013-6335, VIGILANCE-VUL-15194.

Description of the vulnerability

The IBM TSM Backup-Archive client restores files.

However, files of IBM TSM for Space Management are not restored with valid permissions.

An attacker can therefore bypass access restrictions of IBM TSM for Space Management files, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-0876

IBM TSM Client: buffer overflow of GUI

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the GUI of IBM TSM Client, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: user shell.
Creation date: 14/08/2014.
Identifiers: 1673318, CVE-2014-0876, VIGILANCE-VUL-15193.

Description of the vulnerability

The IBM TSM Client product can be installed on Windows or Macintosh.

However, if the size of data is greater than the size of the storage array, an overflow occurs in the GUI.

An attacker can therefore generate a buffer overflow in the GUI of IBM TSM Client, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0224

OpenSSL: man in the middle via ChangeCipherSpec

Synthesis of the vulnerability

An attacker can act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Impacted products: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, Provider-1, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ATA, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Management, IronPort Web, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, WebNS, Cisco WSA, MIMEsweeper, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, ECC, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, HP Operations, ProCurve Switch, HP Switch, HP-UX, AIX, Tivoli Storage Manager, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper UAC, MBS, MES, McAfee Web Gateway, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Polycom CMA, HDX, RealPresence Collaboration Server, Polycom VBP, RHEL, JBoss EAP by Red Hat, ACE Agent, ACE Server, RSA Authentication Agent, RSA Authentication Manager, SecurID, ROS, ROX, RuggedSwitch, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, InterScan Messaging Security Suite, InterScan Web Security Suite, TrendMicro ServerProtect, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: document.
Creation date: 05/06/2014.
Revision date: 05/06/2014.
Identifiers: 1676496, 1690827, aid-06062014, c04336637, c04347622, c04363613, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, CERTFR-2014-AVI-513, cisco-sa-20140605-openssl, cpuoct2016, CTX140876, CVE-2014-0224, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBHF03052, HPSBUX03046, JSA10629, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2015:0229-1, openSUSE-SU-2016:0640-1, RHSA-2014:0624-01, RHSA-2014:0625-01, RHSA-2014:0626-01, RHSA-2014:0627-01, RHSA-2014:0628-01, RHSA-2014:0629-01, RHSA-2014:0630-01, RHSA-2014:0631-01, RHSA-2014:0632-01, RHSA-2014:0633-01, RHSA-2014:0679-01, RHSA-2014:0680-01, SA40006, SA80, SB10075, sk101186, SOL15325, SPL-85063, SSA:2014-156-03, SSA-234763, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14844, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9, VU#978508.

Description of the vulnerability

The OpenSSL product implements SSL/TLS, which uses a handshake.

However, by using a handshake with a ChangeCipherSpec message, an attacker can force the usage of weak keys.

An attacker can therefore act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-6713

IBM Tivoli Storage Manager for Virtual Environments: information disclosure

Synthesis of the vulnerability

An attacker can use IBM Tivoli Storage Manager for Virtual Environments, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: user account.
Creation date: 27/05/2014.
Identifiers: 1673051, CVE-2013-6713, VIGILANCE-VUL-14803.

Description of the vulnerability

The Data Protection for VMware GUI interface of IBM Tivoli Storage Manager for Virtual Environments product is used to back up and restore VMs.

However, an attacker can bypass access restrictions to data, in order to back up and restore VMs he does not have access to.

An attacker can therefore use IBM Tivoli Storage Manager for Virtual Environments, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-0114

Apache Struts 1: code execution via ClassLoader

Synthesis of the vulnerability

An attacker can use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Impacted products: Struts, Debian, BIG-IP Hardware, TMOS, Fedora, SiteScope, IRAD, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, MBS, MES, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, Puppet, RHEL, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 26/05/2014.
Identifiers: 1672316, 1673982, 1674339, 1675822, 2016214, c04399728, c05324755, CERTFR-2014-AVI-382, cpuapr2017, cpujan2018, cpujan2019, cpuoct2017, cpuoct2018, CVE-2014-0114, DSA-2940-1, ESA-2014-080, FEDORA-2014-9380, HPSBGN03669, HPSBMU03090, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, MDVSA-2014:095, RHSA-2014:0474-01, RHSA-2014:0497-01, RHSA-2014:0500-01, RHSA-2014:0511-01, RHSA-2018:2669-01, SOL15282, SUSE-SU-2014:0902-1, swg22017525, VIGILANCE-VUL-14799, VMSA-2014-0008, VMSA-2014-0008.1, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The Apache Struts product is used to develop Java EE applications.

However, the "class" parameter is mapped to getClass(), and can be used to manipulate the ClassLoader.

An attacker can therefore use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-0963

IBM GSKit: infinite loop of SSL

Synthesis of the vulnerability

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Impacted products: DB2 UDB, Domino, I-Connect, Informix Server, Notes, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli Workload Scheduler.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 20/05/2014.
Identifiers: 1610582, 1671732, 1672724, 1673008, 1673018, 1673666, 1673696, 1674047, 1674824, 1674825, 1681114, 7042179, CVE-2014-0963, VIGILANCE-VUL-14775.

Description of the vulnerability

The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.

However, some SSL messages generate an infinite loop in GSKit.

An attacker can therefore send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Spectrum Protect: