The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun Solaris

vulnerability bulletin CVE-2016-1245

Quagga: buffer overflow via zebra IPv6 RA

Synthesis of the vulnerability

An attacker can generate a buffer overflow via zebra IPv6 RA of Quagga, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 18/10/2016.
Identifiers: bulletinapr2018, CVE-2016-1245, DLA-662-1, DSA-3695-1, FEDORA-2016-568c7ff4f6, FEDORA-2016-cae6456f63, openSUSE-SU-2016:2617-1, openSUSE-SU-2016:2646-1, RHSA-2017:0794-01, SUSE-SU-2016:2569-1, SUSE-SU-2016:2618-1, SUSE-SU-2017:2294-1, USN-3110-1, VIGILANCE-VUL-20893.

Description of the vulnerability

The Quagga product offers a zebra service.

However, if the size of IPv6 Router Advertisement data is greater than the size of the storage array, an overflow occurs on Linux.

An attacker can therefore generate a buffer overflow via zebra IPv6 RA of Quagga, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-7977

Ghostscript: privilege escalation via libfile

Synthesis of the vulnerability

An attacker can bypass restrictions via libfile of Ghostscript, in order to escalate his privileges.
Impacted products: Debian, Fedora, Oracle Communications, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: bulletinjul2018, cpujan2018, CVE-2016-7977, DLA-674-1, DLA-674-2, DSA-3691-1, DSA-3691-2, FEDORA-2016-1c13825502, FEDORA-2016-53e8aa35f6, RHSA-2017:0013-01, RHSA-2017:0014-01, USN-3148-1, VIGILANCE-VUL-20849.

Description of the vulnerability

An attacker can bypass restrictions via libfile of Ghostscript, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7976

Ghostscript: code execution via userparams

Synthesis of the vulnerability

An attacker can use a vulnerability via userparams of Ghostscript, in order to run code.
Impacted products: Debian, Fedora, Solaris, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: bulletinjul2018, CVE-2016-7976, DLA-674-1, DLA-674-2, DSA-3691-1, DSA-3691-2, FEDORA-2016-1c13825502, FEDORA-2016-53e8aa35f6, USN-3148-1, VIGILANCE-VUL-20848.

Description of the vulnerability

An attacker can use a vulnerability via userparams of Ghostscript, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7979

Ghostscript: code execution via initialize_dsc_parser

Synthesis of the vulnerability

An attacker can use a vulnerability via initialize_dsc_parser of Ghostscript, in order to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: bulletinjul2018, CVE-2016-7979, DLA-674-1, DLA-674-2, DSA-3691-1, DSA-3691-2, FEDORA-2016-1c13825502, FEDORA-2016-53e8aa35f6, openSUSE-SU-2016:2574-1, openSUSE-SU-2016:2648-1, openSUSE-SU-2016:2855-1, RHSA-2017:0013-01, RHSA-2017:0014-01, SUSE-SU-2016:2492-1, SUSE-SU-2016:2493-1, USN-3148-1, VIGILANCE-VUL-20840.

Description of the vulnerability

An attacker can use a vulnerability via initialize_dsc_parser of Ghostscript, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-8858

OpenSSH: denial of service via kex_input_kexinit

Synthesis of the vulnerability

An unauthenticated attacker can send some SSH messages to OpenSSH, in order to trigger a denial of service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, FreeBSD, AIX, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP, OpenBSD, OpenSSH, openSUSE Leap, Solaris, pfSense.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 11/10/2016.
Identifiers: bulletinoct2016, CVE-2016-8858, FreeBSD-SA-16:33.openssh, JSA10837, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0344-1, openSUSE-SU-2017:0674-1, pfSense-SA-17_03.webgui, SA136, VIGILANCE-VUL-20819.

Description of the vulnerability

The OpenSSH product uses the kex_input_kexinit() function during the initialization of the key exchange.

However, the ssh_dispatch_set() function is not called, which leads to the consumption of memory and CPU.

An unauthenticated attacker can therefore send some SSH messages to OpenSSH, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-7553

irssi: information disclosure via buf.pl

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via buf.pl of irssi, in order to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 11/10/2016.
Identifiers: bulletinjul2018, CVE-2016-7553, DLA-722-1, FEDORA-2016-0551065fe0, FEDORA-2016-a64716084e, openSUSE-SU-2016:2524-1, USN-3184-1, VIGILANCE-VUL-20815.

Description of the vulnerability

An attacker can bypass access restrictions to data via buf.pl of irssi, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0012

Jinja2: vulnerability

Synthesis of the vulnerability

A vulnerability of Jinja2 was announced.
Impacted products: openSUSE, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 06/10/2016.
Identifiers: CVE-2014-0012, openSUSE-SU-2016:2465-1, openSUSE-SU-2019:0244-1, USN-2301-1, VIGILANCE-VUL-20794.

Description of the vulnerability

A vulnerability of Jinja2 was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-7957 CVE-2016-7958

Wireshark: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Solaris, Wireshark.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/10/2016.
Identifiers: bulletinjul2018, CERTFR-2016-AVI-327, CVE-2016-7957, CVE-2016-7958, VIGILANCE-VUL-20773, wnpa-sec-2016-56, wnpa-sec-2016-57.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send a malicious L2CAP packet, in order to trigger a denial of service. [severity:2/4; CVE-2016-7957, wnpa-sec-2016-56]

An attacker can send a malicious NCP packet, in order to trigger a denial of service. [severity:2/4; CVE-2016-7958, wnpa-sec-2016-57]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-5407 CVE-2016-7942 CVE-2016-7943

X.Org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of X.Org.
Impacted products: Debian, Fedora, OpenBSD, openSUSE, openSUSE Leap, Solaris, Slackware, Ubuntu, XOrg Bundle ~ not comprehensive, libX11.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: intranet server.
Number of vulnerabilities in this bulletin: 13.
Creation date: 05/10/2016.
Identifiers: bulletinoct2016, CVE-2016-5407, CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7951, CVE-2016-7952, CVE-2016-7953, DLA-654-1, DLA-660-1, DLA-664-1, DLA-667-1, DLA-671-1, DLA-684-1, DLA-684-2, DLA-685-1, DLA-685-2, DLA-686-1, FEDORA-2016-0e7694c456, FEDORA-2016-21f0de504c, FEDORA-2016-3b41a9eaa8, FEDORA-2016-49d560da23, FEDORA-2016-5aa206bd16, FEDORA-2016-83040426d6, FEDORA-2016-8877cf648b, FEDORA-2016-a236cb3315, FEDORA-2016-b26b497381, FEDORA-2016-c1d4b1df79, FEDORA-2016-cabb6d7ef7, FEDORA-2016-d045c2c7b3, FEDORA-2016-d286ffb801, FEDORA-2016-ff5a2f4839, openSUSE-SU-2016:2600-1, openSUSE-SU-2016:3031-1, openSUSE-SU-2016:3033-1, openSUSE-SU-2016:3034-1, openSUSE-SU-2016:3036-1, openSUSE-SU-2016:3037-1, openSUSE-SU-2016:3059-1, SSA:2016-305-02, USN-3758-1, USN-3758-2, VIGILANCE-VUL-20768.

Description of the vulnerability

Several vulnerabilities were announced in X.Org libraries.

An attacker can force a read at an invalid address via libX11 XGetImage(), in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7942]

An attacker can force a read at an invalid address via libX11 XListFonts(), in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7943]

An attacker can generate an integer overflow via libXfixes, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7944]

An attacker can force a read at an invalid address via libXi, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7945]

An attacker can generate an infinite loop via libXi, in order to trigger a denial of service. [severity:1/4; CVE-2016-7946]

An attacker can generate an integer overflow via libXrandr, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7947]

An attacker can trigger a fatal error via libXrandr, in order to trigger a denial of service. [severity:1/4; CVE-2016-7948]

An attacker can generate a buffer overflow via libXrender, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7949]

An attacker can generate a buffer overflow via libXrender XRenderQueryFilters, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7950]

An attacker can force a read at an invalid address via libXtst XRecord, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7951]

An attacker can generate an infinite loop via libXtst XRecord, in order to trigger a denial of service. [severity:1/4; CVE-2016-7952]

An attacker can generate a memory corruption via libXv, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5407]

An attacker can force a read at an invalid address via libXvMC, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7953]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1246

Perl DBD-mysql: buffer overflow via bind_param

Synthesis of the vulnerability

An attacker can generate a buffer overflow via bind_param of Perl DBD-mysql, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Perl Module ~ not comprehensive, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: document.
Creation date: 04/10/2016.
Identifiers: bulletinjul2018, CVE-2016-1246, DLA-656-1, DSA-3684-1, FEDORA-2016-870236238e, FEDORA-2016-c0f589bd32, openSUSE-SU-2017:0252-1, USN-3103-1, VIGILANCE-VUL-20756.

Description of the vulnerability

An attacker can generate a buffer overflow via bind_param of Perl DBD-mysql, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Sun Solaris: