The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SunOS

computer vulnerability bulletin CVE-2015-5722

BIND: denial of service via DNSSEC Key

Synthesis of the vulnerability

An attacker can query BIND for a domain containing a malformed DNSSEC key, to force an assertion error in buffer.c, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 03/09/2015.
Identifiers: bulletinjul2015, c04800156, c04891218, c04923105, CERTFR-2015-AVI-389, CVE-2015-5722, DSA-3350-1, FEDORA-2015-14958, FEDORA-2015-15041, FEDORA-2015-15061, FreeBSD-SA-15:23.bind, HPSBUX03511, HPSBUX03522, HPSBUX03529, openSUSE-SU-2015:1597-1, openSUSE-SU-2015:1667-1, RHSA-2015:1705-01, RHSA-2015:1706-01, RHSA-2015:1707-01, RHSA-2016:0078-01, RHSA-2016:0079-01, SOL17181, SSA:2015-245-01, SSRT102248, SSRT102942, SSRT102967, SUSE-SU-2015:1480-1, SUSE-SU-2015:1481-1, SUSE-SU-2015:1496-1, SUSE-SU-2016:0227-1, USN-2728-1, VIGILANCE-VUL-17798.

Description of the vulnerability

The BIND product can be configured with DNSSEC.

In this case, when this client queries BIND for information about a domain, the BIND server validates the DNSSEC key of this domain. However, when this key is malformed, an assertion error occurs in the buffer.c file because developers did not except this case, which stops the process.

This vulnerability impacts recursive DNS servers. This vulnerability impacts authoritative servers, only when an attacker can control a zone served by this server.

An attacker can therefore query BIND for a domain containing a malformed DNSSEC key, to force an assertion error in buffer.c, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-5964

Django: privilege escalation via Session Flush

Synthesis of the vulnerability

An attacker can bypass restrictions in Session Flush of Django, in order to escalate his privileges.
Impacted products: Debian, Fedora, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 19/08/2015.
Identifiers: bulletinoct2015, CVE-2015-5964, DSA-3338-1, FEDORA-2015-1dd5bc998f, RHSA-2015:1766-01, RHSA-2015:1767-01, RHSA-2015:1894-01, USN-2720-1, VIGILANCE-VUL-17709.

Description of the vulnerability

An attacker can bypass restrictions in Session Flush of Django, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-5963

Django: denial of service via Session Store

Synthesis of the vulnerability

An attacker can generate a fatal error in Session Store of Django, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 19/08/2015.
Identifiers: bulletinoct2015, CVE-2015-5963, DSA-3338-1, FEDORA-2015-1dd5bc998f, openSUSE-SU-2015:1580-1, openSUSE-SU-2015:1598-1, RHSA-2015:1766-01, RHSA-2015:1767-01, RHSA-2015:1876-01, RHSA-2015:1894-01, USN-2720-1, VIGILANCE-VUL-17708.

Description of the vulnerability

An attacker can generate a fatal error in Session Store of Django, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-4491

gdk-pixbuf: buffer overflow of BMP

Synthesis of the vulnerability

An attacker can generate a buffer overflow in BMP of gdk-pixbuf, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/08/2015.
Identifiers: bulletinoct2015, CVE-2015-4491, DSA-3337-1, DSA-3337-2, FEDORA-2015-13925, FEDORA-2015-13926, FEDORA-2015-14010, FEDORA-2015-14011, openSUSE-SU-2015:1500-1, openSUSE-SU-2018:2287-1, RHSA-2015:1694-01, SSA:2015-244-01, SUSE-SU-2018:2145-1, USN-2722-1, VIGILANCE-VUL-17706.

Description of the vulnerability

An attacker can generate a buffer overflow in BMP of gdk-pixbuf, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-2721

Mozilla NSS: disabling Forward Secrecy of ECDHE_ECDSA

Synthesis of the vulnerability

An attacker can act as a Man-in-the-middle on an ECDHE_ECDSA exchange with a Mozilla NSS client, in order to disable the Forward Secrecy, which may ease the session decryption.
Impacted products: Debian, NSS, Solaris, RHEL.
Severity: 1/4.
Consequences: data reading, data creation/edition.
Provenance: intranet server.
Creation date: 18/08/2015.
Identifiers: 1086145, bulletinoct2015, CVE-2015-2721, DSA-3336-1, MFSA-2015-71, RHSA-2015:1664-01, VIGILANCE-VUL-17695.

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

During an ECDHE_ECDSA exchange, if the server does not send the ServerKeyExchange message, the TLS client must abort the handshake. However, NSS accepts it, and it uses the EC key from the ECDSA certificate, which prevents Forward Secrecy.

This vulnerability is a variant of VIGILANCE-VUL-16300.

An attacker can therefore act as a Man-in-the-middle on an ECDHE_ECDSA exchange with a Mozilla NSS client, in order to disable the Forward Secrecy, which may ease the session decryption.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-2730

Mozilla NSS: invalid ECDSA signature accepted

Synthesis of the vulnerability

An attacker can create an invalid ECDSA signature, but which is accepted by Mozilla NSS.
Impacted products: Debian, BIG-IP Hardware, TMOS, NSS, Solaris, RHEL.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 18/08/2015.
Identifiers: 1125025, bulletinoct2015, CVE-2015-2730, DSA-3336-1, MFSA-2015-64, RHSA-2015:1664-01, RHSA-2015:1699-01, SOL15955144, VIGILANCE-VUL-17694.

Description of the vulnerability

The Mozilla NSS product implements ECDSA (Elliptic Curve Digital Signature Algorithm) signatures.

However, a computation error during the multiplication leads to the acceptation of signatures which should be rejected.

An attacker can therefore create an invalid ECDSA signature, but which is accepted by Mozilla NSS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-6241 CVE-2015-6242 CVE-2015-6243

Wireshark: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Wireshark.
Impacted products: Debian, Fedora, openSUSE, Solaris, RHEL, Wireshark.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 13/08/2015.
Identifiers: 11309, 11358, 11373, 11381, 11389, bulletinoct2015, CERTFR-2015-AVI-350, CVE-2015-6241, CVE-2015-6242, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6247, CVE-2015-6248, CVE-2015-6249, DLA-497-1, DSA-3367-1, FEDORA-2015-13945, openSUSE-SU-2015:1428-1, openSUSE-SU-2015:1836-1, openSUSE-SU-2015:1836-2, RHSA-2015:2393-01, VIGILANCE-VUL-17666, wnpa-sec-2015-21, wnpa-sec-2015-22, wnpa-sec-2015-23, wnpa-sec-2015-24, wnpa-sec-2015-25, wnpa-sec-2015-26, wnpa-sec-2015-27, wnpa-sec-2015-28, wnpa-sec-2015-29.

Description of the vulnerability

Several vulnerabilities were announced in Wireshark.

An attacker can send a malicious packet, in order to trigger a denial of service in the Protocol Tree. [severity:2/4; 11309, CVE-2015-6241, wnpa-sec-2015-21]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 11373, CVE-2015-6242, wnpa-sec-2015-22]

An attacker can send a malicious packet, in order to trigger a denial of service. [severity:2/4; 11381, CVE-2015-6243, wnpa-sec-2015-23]

An attacker can send a malicious ZigBee packet, in order to trigger a denial of service. [severity:2/4; 11389, CVE-2015-6244, wnpa-sec-2015-24]

An attacker can generate an infinite loop with a GSM RLC/MAC packet, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6245, wnpa-sec-2015-25]

An attacker can send a malicious WaveAgent packet, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6246, wnpa-sec-2015-26]

An attacker can generate an infinite loop in OpenFlow, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6247, wnpa-sec-2015-27]

An attacker can send a malicious Ptvcursor packet, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6248, wnpa-sec-2015-28]

An attacker can send a malicious WCCP packet, in order to trigger a denial of service. [severity:2/4; 11358, CVE-2015-6249, wnpa-sec-2015-29]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-4473 CVE-2015-4474 CVE-2015-4475

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox/Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 12/08/2015.
Identifiers: 1185820, bulletinoct2016, CERTFR-2015-AVI-349, CVE-2015-4473, CVE-2015-4474, CVE-2015-4475, CVE-2015-4477, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4481, CVE-2015-4482, CVE-2015-4483, CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4490, CVE-2015-4491, CVE-2015-4492, CVE-2015-4493, DSA-3333-1, DSA-3410-1, FEDORA-2015-012399857d, FEDORA-2015-13397, FEDORA-2015-13436, FEDORA-2015-29dfba02ca, MFSA-2015-79, MFSA-2015-80, MFSA-2015-81, MFSA-2015-82, MFSA-2015-83, MFSA-2015-84, MFSA-2015-85, MFSA-2015-86, MFSA-2015-87, MFSA-2015-88, MFSA-2015-89, MFSA-2015-90, MFSA-2015-91, MFSA-2015-92, openSUSE-SU-2015:1389-1, openSUSE-SU-2015:1390-1, openSUSE-SU-2015:1453-1, openSUSE-SU-2015:1454-1, RHSA-2015:1586-01, RHSA-2015:1682-01, SSA:2015-226-01, SSA:2015-226-02, SUSE-SU-2015:1379-1, SUSE-SU-2015:1380-1, SUSE-SU-2015:1449-1, SUSE-SU-2015:1476-1, SUSE-SU-2015:1528-1, SUSE-SU-2015:2081-1, USN-2702-1, USN-2702-2, USN-2702-3, USN-2712-1, VIGILANCE-VUL-17644, ZDI-15-456.

Description of the vulnerability

Several vulnerabilities were announced in Firefox/Thunderbird.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4473, CVE-2015-4474, MFSA-2015-79]

An attacker can force a read at an invalid address with MP3, in order to trigger a denial of service. [severity:3/4; CVE-2015-4475, MFSA-2015-80]

An attacker can force the usage of a freed memory area in MediaStream, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4477, MFSA-2015-81]

An attacker can bypass security features in JavaScript, in order to escalate his privileges. [severity:3/4; CVE-2015-4478, MFSA-2015-82]

An attacker can generate a buffer overflow in libstagefright, in order to trigger a denial of service, and possibly to run code. These vulnerabilities are similar to those of VIGILANCE-VUL-17512. [severity:4/4; CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, MFSA-2015-83, ZDI-15-456]

An attacker can use Mozilla Maintenance Service, in order to overwrite a file. [severity:3/4; CVE-2015-4481, MFSA-2015-84]

An attacker can generate a buffer overflow in Updater MAR File, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-4482, MFSA-2015-85]

An attacker can bypass security features with a POST "feed:", in order to escalate his privileges. [severity:1/4; CVE-2015-4483, MFSA-2015-86]

An attacker can trigger a fatal error in JavaScript Shared Memory, in order to trigger a denial of service. [severity:2/4; CVE-2015-4484, MFSA-2015-87]

An attacker can generate a buffer overflow in gdk-pixbuf, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-17706). [severity:3/4; CVE-2015-4491, MFSA-2015-88]

An attacker can generate a buffer overflow in Libvpx, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-4485, CVE-2015-4486, MFSA-2015-89]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, MFSA-2015-90]

An attacker can bypass security features in CSP Specification, in order to escalate his privileges. [severity:2/4; CVE-2015-4490, MFSA-2015-91]

An attacker can force the usage of a freed memory area in XMLHttpRequest, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 1185820, CVE-2015-4492, MFSA-2015-92]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-3900

rubygems: vulnerability of api_endpoint

Synthesis of the vulnerability

A vulnerability in api_endpoint of rubygems was announced.
Impacted products: Fedora, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 11/08/2015.
Identifiers: bulletinoct2015, CVE-2015-3900, FEDORA-2015-12574, FEDORA-2015-13157, openSUSE-SU-2017:1128-1, RHSA-2015:1657-01, SUSE-SU-2017:1067-1, VIGILANCE-VUL-17620.

Description of the vulnerability

A vulnerability in api_endpoint of rubygems was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-7144

OpenStack Keystone: TLS Man-in-the-middle of s3_token

Synthesis of the vulnerability

An attacker can perform a Man-in-the-Middle when the paste.ini configuration contains "insecure" on OpenStack Keystone, in order to read or alter TLS session data.
Impacted products: Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 06/08/2015.
Identifiers: CVE-2014-7144, RHSA-2014:1783-01, RHSA-2014:1784-01, RHSA-2015:0020-01, USN-2705-1, VIGILANCE-VUL-17604.

Description of the vulnerability

An attacker can perform a Man-in-the-Middle when the paste.ini configuration contains "insecure" on OpenStack Keystone, in order to read or alter TLS session data.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SunOS: