The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Synology DiskStation Manager

vulnerability note CVE-2016-8707

ImageMagick: buffer overflow via convert

Synthesis of the vulnerability

An attacker can generate a buffer overflow via convert of ImageMagick, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/12/2016.
Identifiers: CVE-2016-8707, DLA-756-1, DSA-3799-1, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, openSUSE-SU-2016:3233-1, openSUSE-SU-2017:0023-1, SUSE-SU-2016:3258-1, TALOS-2016-0216, USN-3222-1, VIGILANCE-VUL-21344.

Description of the vulnerability

An attacker can generate a buffer overflow via convert of ImageMagick, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-8655

Linux kernel: use after free via packet_set_ring

Synthesis of the vulnerability

A local attacker with the CAP_NET_RAW capability can force the usage of a freed memory area via packet_set_ring() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Brocade vTM, Debian, Fedora, Android OS, Junos Space, Linux, openSUSE, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 1/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: privileged shell.
Creation date: 06/12/2016.
Identifiers: BSA-2016-204, BSA-2016-207, BSA-2016-216, BSA-2016-234, CERTFR-2016-AVI-395, CERTFR-2016-AVI-401, CERTFR-2016-AVI-404, CERTFR-2017-AVI-042, CVE-2016-8655, DLA-772-1, FEDORA-2016-107f03cc00, FEDORA-2016-5aff4a6bbc, FEDORA-2016-5cb5b4082d, JSA10838, openSUSE-SU-2016:3050-1, openSUSE-SU-2016:3058-1, openSUSE-SU-2016:3061-1, openSUSE-SU-2016:3077-1, RHSA-2017:0386-01, RHSA-2017:0387-01, SSA:2016-347-01, SUSE-SU-2016:3039-1, SUSE-SU-2016:3049-1, SUSE-SU-2016:3063-1, SUSE-SU-2017:0407-1, USN-3149-1, USN-3149-2, USN-3150-1, USN-3150-2, USN-3151-1, USN-3151-2, USN-3151-3, USN-3151-4, USN-3152-1, USN-3152-2, VIGILANCE-VUL-21271.

Description of the vulnerability

A local attacker with the CAP_NET_RAW capability can force the usage of a freed memory area via packet_set_ring() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-4412 CVE-2016-9847 CVE-2016-9848

phpMyAdmin: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, phpMyAdmin, Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 15.
Creation date: 25/11/2016.
Identifiers: CERTFR-2016-AVI-390, CVE-2016-4412, CVE-2016-9847, CVE-2016-9848, CVE-2016-9849, CVE-2016-9850, CVE-2016-9851, CVE-2016-9852, CVE-2016-9853, CVE-2016-9854, CVE-2016-9855, CVE-2016-9856, CVE-2016-9857, CVE-2016-9858, CVE-2016-9859, CVE-2016-9860, CVE-2016-9861, CVE-2016-9862, CVE-2016-9863, CVE-2016-9864, CVE-2016-9865, CVE-2016-9866, DLA-1415-1, DLA-1821-1, DLA-757-1, DLA-834-1, FEDORA-2016-2424eeca35, FEDORA-2016-6576a8536b, FEDORA-2016-7fc142da66, openSUSE-SU-2016:3007-1, PMASA-2016-57, PMASA-2016-58, PMASA-2016-59, PMASA-2016-60, PMASA-2016-61, PMASA-2016-62, PMASA-2016-63, PMASA-2016-64, PMASA-2016-65, PMASA-2016-66, PMASA-2016-67, PMASA-2016-68, PMASA-2016-69, PMASA-2016-70, PMASA-2016-71, VIGILANCE-VUL-21206.

Description of the vulnerability

Several vulnerabilities were announced in phpMyAdmin.

An attacker can deceive the user, in order to redirect him to a malicious site. [severity:1/4; CVE-2016-4412, PMASA-2016-57]

An attacker can bypass security features via blowfish_secret, in order to obtain sensitive information. [severity:2/4; CVE-2016-9847, PMASA-2016-58]

An attacker can bypass security features via HttpOnly Cookies, in order to obtain sensitive information. [severity:1/4; CVE-2016-9848, PMASA-2016-59]

An attacker can bypass security features via Null Byte, in order to escalate his privileges. [severity:2/4; CVE-2016-9849, PMASA-2016-60]

An attacker can bypass security features via Allow/deny Rules, in order to escalate his privileges. [severity:2/4; CVE-2016-9850, PMASA-2016-61]

An attacker can bypass security features via Logout Timeout, in order to escalate his privileges. [severity:1/4; CVE-2016-9851, PMASA-2016-62]

An attacker can bypass security features via Full Path Disclosure, in order to obtain sensitive information. [severity:1/4; CVE-2016-9852, CVE-2016-9853, CVE-2016-9854, CVE-2016-9855, PMASA-2016-63]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-9856, CVE-2016-9857, PMASA-2016-64]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2016-9858, CVE-2016-9859, CVE-2016-9860, PMASA-2016-65]

An attacker can deceive the user, in order to redirect him to a malicious site. [severity:1/4; CVE-2016-9861, PMASA-2016-66]

An attacker can use a vulnerability via BBCode, in order to run code. [severity:2/4; CVE-2016-9862, PMASA-2016-67]

An attacker can trigger a fatal error via Table Partitioning, in order to trigger a denial of service. [severity:2/4; CVE-2016-9863, PMASA-2016-68]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4; CVE-2016-9864, PMASA-2016-69]

An attacker can use a vulnerability via PMA_safeUnserialize, in order to run code. [severity:2/4; CVE-2016-9865, PMASA-2016-70]

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2016-9866, PMASA-2016-71]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7426 CVE-2016-7427 CVE-2016-7428

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Blue Coat CAS, Cisco ASR, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco MeetingPlace, Cisco Unity ~ precise, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, HP-UX, AIX, Security Directory Server, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, Data ONTAP 7-Mode, NTP.org, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 10.
Creation date: 21/11/2016.
Identifiers: 2009389, bulletinoct2016, CERTFR-2017-AVI-090, cisco-sa-20161123-ntpd, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312, FEDORA-2016-7209ab4e02, FEDORA-2016-c198d15316, FEDORA-2016-e8a8561ee7, FreeBSD-SA-16:39.ntp, HPESBHF03883, HPESBUX03706, HPESBUX03885, JSA10776, JSA10796, K51444934, K55405388, K87922456, MBGSA-1605, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2016:3280-1, pfSense-SA-17_03.webgui, RHSA-2017:0252-01, SA139, SSA:2016-326-01, TALOS-2016-0130, TALOS-2016-0131, TALOS-2016-0203, TALOS-2016-0204, USN-3349-1, VIGILANCE-VUL-21170, VU#633847.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can force an assertion error, in order to trigger a denial of service. [severity:2/4; CVE-2016-9311, TALOS-2016-0204]

An attacker can bypass security features via Mode 6, in order to obtain sensitive information. [severity:2/4; CVE-2016-9310, TALOS-2016-0203]

An attacker can trigger a fatal error via Broadcast Mode Replay, in order to trigger a denial of service. [severity:2/4; CVE-2016-7427, TALOS-2016-0131]

An attacker can trigger a fatal error via Broadcast Mode Poll Interval, in order to trigger a denial of service. [severity:2/4; CVE-2016-7428, TALOS-2016-0130]

An attacker can send malicious UDP packets, in order to trigger a denial of service on Windows. [severity:2/4; CVE-2016-9312]

An unknown vulnerability was announced via Zero Origin Timestamp. [severity:2/4; CVE-2016-7431]

An attacker can force a NULL pointer to be dereferenced via _IO_str_init_static_internal(), in order to trigger a denial of service. [severity:2/4; CVE-2016-7434]

An unknown vulnerability was announced via Interface selection. [severity:2/4; CVE-2016-7429]

An attacker can trigger a fatal error via Client Rate Limiting, in order to trigger a denial of service. [severity:2/4; CVE-2016-7426]

An unknown vulnerability was announced via Reboot Sync. [severity:2/4; CVE-2016-7433]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-8869 CVE-2016-8870 CVE-2016-9081

Joomla Core: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core, Synology DSM.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/10/2016.
Revision date: 27/10/2016.
Identifiers: CERTFR-2016-AVI-360, CVE-2016-8869, CVE-2016-8870, CVE-2016-9081, VIGILANCE-VUL-20947.

Description of the vulnerability

Several vulnerabilities were announced in Joomla Core.

An attacker can create an account, even if registration has been disabled. [severity:3/4; CVE-2016-8870]

An attacker can register with elevated privileges. [severity:3/4; CVE-2016-8869]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-9081]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-5195

Linux kernel: privilege escalation via Copy On Write, Dirty COW

Synthesis of the vulnerability

A local attacker can generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: SNS, Cisco ATA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Cisco CUCM, Debian, NetWorker, BIG-IP Hardware, TMOS, Fedora, Android OS, HP Operations, HP Switch, Junos Space, NSM Central Manager, NSMXpress, Linux, McAfee Email Gateway, openSUSE, openSUSE Leap, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, HDX, RealPresence Resource Manager, Polycom VBP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: user shell.
Creation date: 20/10/2016.
Identifiers: 1384344, 494072, c05341463, CERTFR-2016-AVI-353, CERTFR-2016-AVI-356, CERTFR-2016-AVI-357, CERTFR-2016-AVI-370, CERTFR-2017-AVI-001, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20161026-linux, cpujul2018, CVE-2016-5195, Dirty COW, DLA-670-1, DSA-3696-1, ESA-2016-170, FEDORA-2016-c3558808cd, FEDORA-2016-db4b75b352, HPESBGN03742, HPSBHF03682, JSA10770, JSA10774, K10558632, openSUSE-SU-2016:2583-1, openSUSE-SU-2016:2584-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:2649-1, PAN-SA-2017-0003, PAN-SA-2017-0013, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2016:2098-01, RHSA-2016:2105-01, RHSA-2016:2106-01, RHSA-2016:2110-01, RHSA-2016:2118-01, RHSA-2016:2120-01, RHSA-2016:2124-01, RHSA-2016:2126-01, RHSA-2016:2127-01, RHSA-2016:2128-01, RHSA-2016:2132-01, RHSA-2016:2133-01, RHSA-2018:0180-01, SB10177, SB10178, SSA:2016-305-01, STORM-2016-006, SUSE-SU-2016:2585-1, SUSE-SU-2016:2592-1, SUSE-SU-2016:2593-1, SUSE-SU-2016:2596-1, SUSE-SU-2016:2614-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, USN-3104-1, USN-3104-2, USN-3105-1, USN-3105-2, USN-3106-1, USN-3106-2, USN-3106-3, USN-3106-4, USN-3107-1, USN-3107-2, VIGILANCE-VUL-20923, VU#243144.

Description of the vulnerability

The Linux kernel supports the Copy On Write operation, which is used to copy memory only when it is modified.

However, a local attacker can manipulate the memory, so the COW operation writes in Read Only memory.

A local attacker can therefore generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-3492 CVE-2016-3495 CVE-2016-5507

Oracle MySQL: vulnerabilities of October 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle MySQL.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, openSUSE Leap, Solaris, Percona Server, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 29.
Creation date: 18/10/2016.
Revision date: 19/10/2016.
Identifiers: bulletinapr2017, CERTFR-2016-AVI-351, cpuoct2016, CVE-2016-3492, CVE-2016-3495, CVE-2016-5507, CVE-2016-5584, CVE-2016-5598, CVE-2016-5609, CVE-2016-5612, CVE-2016-5616-REJECT, CVE-2016-5617-REJECT, CVE-2016-5624, CVE-2016-5625, CVE-2016-5626, CVE-2016-5627, CVE-2016-5628, CVE-2016-5629, CVE-2016-5630, CVE-2016-5631, CVE-2016-5632, CVE-2016-5633, CVE-2016-5634, CVE-2016-5635, CVE-2016-6663, CVE-2016-6664, CVE-2016-7440, CVE-2016-8283, CVE-2016-8284, CVE-2016-8286, CVE-2016-8287, CVE-2016-8288, CVE-2016-8289, CVE-2016-8290, DLA-708-1, DSA-3706-1, DSA-3711-1, FEDORA-2016-9b83c6862d, FEDORA-2016-c7e60a9fd4, K73828041, openSUSE-SU-2016:2746-1, openSUSE-SU-2016:2769-1, openSUSE-SU-2016:2788-1, openSUSE-SU-2016:3025-1, openSUSE-SU-2016:3028-1, RHSA-2016:2130-01, RHSA-2016:2131-01, RHSA-2016:2595-02, RHSA-2016:2749-01, RHSA-2016:2927-01, RHSA-2016:2928-01, RHSA-2017:0184-01, RHSA-2017:2192-01, SSA:2016-305-03, SUSE-SU-2016:2780-1, SUSE-SU-2016:2932-1, SUSE-SU-2016:2933-1, USN-3109-1, VIGILANCE-VUL-20891.

Description of the vulnerability

Several vulnerabilities were announced in Oracle MySQL.

An attacker can use a vulnerability via Server: Error Handling, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5617-REJECT, CVE-2016-6664]

An attacker can use a vulnerability via Server: MyISAM, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5616-REJECT, CVE-2016-6663]

An attacker can use a vulnerability via Server: Packaging, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5625]

An attacker can use a vulnerability via Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-5609]

An attacker can use a vulnerability via Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-5612]

An attacker can use a vulnerability via Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-5624]

An attacker can use a vulnerability via Server: GIS, in order to trigger a denial of service. [severity:2/4; CVE-2016-5626]

An attacker can use a vulnerability via Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-5627]

An attacker can use a vulnerability via Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-3492]

An attacker can use a vulnerability via Connector/Python, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-5598]

An attacker can use a vulnerability via Server: Security: Encryption, in order to obtain information. [severity:2/4; CVE-2016-7440]

An attacker can use a vulnerability via Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-5628]

An attacker can use a vulnerability via Server: Federated, in order to trigger a denial of service. [severity:2/4; CVE-2016-5629]

An attacker can use a vulnerability via Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-3495]

An attacker can use a vulnerability via Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-5630]

An attacker can use a vulnerability via Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-5507]

An attacker can use a vulnerability via Server: Memcached, in order to trigger a denial of service. [severity:2/4; CVE-2016-5631]

An attacker can use a vulnerability via Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-5632]

An attacker can use a vulnerability via Server: Performance Schema, in order to trigger a denial of service. [severity:2/4; CVE-2016-5633]

An attacker can use a vulnerability via Server: RBR, in order to trigger a denial of service. [severity:2/4; CVE-2016-5634]

An attacker can use a vulnerability via Server: Security: Audit, in order to trigger a denial of service. [severity:2/4; CVE-2016-5635]

An attacker can use a vulnerability via Server: InnoDB, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-8289]

An attacker can use a vulnerability via Server: Replication, in order to trigger a denial of service. [severity:2/4; CVE-2016-8287]

An attacker can use a vulnerability via Server: Performance Schema, in order to trigger a denial of service. [severity:2/4; CVE-2016-8290]

An attacker can use a vulnerability via Server: Security: Encryption, in order to obtain information. [severity:2/4; CVE-2016-5584]

An attacker can use a vulnerability via Server: Types, in order to trigger a denial of service. [severity:2/4; CVE-2016-8283]

An attacker can use a vulnerability via Server: InnoDB Plugin, in order to alter information. [severity:1/4; CVE-2016-8288]

An attacker can use a vulnerability via Server: Security: Privileges, in order to obtain information. [severity:1/4; CVE-2016-8286]

An attacker can use a vulnerability via Server: Replication, in order to trigger a denial of service. [severity:1/4; CVE-2016-8284]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7124 CVE-2016-7125 CVE-2016-7126

PHP 5: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.
Impacted products: Debian, BIG-IP Hardware, TMOS, openSUSE, openSUSE Leap, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 19/08/2016.
Identifiers: 70436, 71894, 72024, 72142, 72627, 72663, 72681, 72697, 72708, 72710, 72730, 72749, 72750, 72771, 72790, 72799, 72807, 72836, 72837, 72838, 72848, 72849, 72850, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, DLA-749-1, DSA-3689-1, K54308010, openSUSE-SU-2016:2337-1, openSUSE-SU-2016:2451-1, RHSA-2016:2750-01, SOL35232053, SOL54308010, SSA:2016-252-01, SUSE-SU-2016:2328-1, SUSE-SU-2016:2408-1, SUSE-SU-2016:2459-1, SUSE-SU-2016:2460-1, SUSE-SU-2016:2460-2, SUSE-SU-2016:2683-1, SUSE-SU-2016:2683-2, USN-3095-1, VIGILANCE-VUL-20436.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.

An attacker can generate an integer overflow via bzdecompress, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72837]

An attacker can force the usage of a freed memory area via unserialize, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70436]

An attacker can create a memory leak via microtime, in order to trigger a denial of service. [severity:1/4; 72024]

An attacker can inject data in PHP Session. [severity:2/4; 72681, CVE-2016-7125]

An attacker can generate a buffer overflow via zif_cal_from_jd, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 71894]

An attacker can generate an integer overflow via curl_escape, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72807]

An attacker can generate an integer overflow via sql_regcase, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72838]

An attacker can create a memory leak via exif_process_IFD_in_TIFF, in order to trigger a denial of service. [severity:1/4; 72627, CVE-2016-7128]

An attacker can generate a buffer overflow via mb_ereg, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72710]

An attacker can generate an integer overflow via php_snmp_parse_oid, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72708]

An attacker can generate an integer overflow via base64_decode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72836]

An attacker can generate an integer overflow via quoted_printable_encode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72848]

An attacker can generate an integer overflow via urlencode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72849]

An attacker can generate an integer overflow via php_uuencode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72850]

An attacker can use a Protocol Downgrade on ftps://, in order to read or alter data. [severity:2/4; 72771]

An attacker can generate a memory corruption via wddx_serialize_value, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72142]

An attacker can force a read at an invalid address via wddx_deserialize, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72749, CVE-2016-7129]

An attacker can force a NULL pointer to be dereferenced via wddx_deserialize, in order to trigger a denial of service. [severity:1/4; 72750, 72790, 72799, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132]

An attacker can use a vulnerability via __wakeup(), in order to run code. [severity:2/4; 72663, CVE-2016-7124]

An attacker can generate a buffer overflow via select_colors(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72697, CVE-2016-7126]

An attacker can generate a buffer overflow via imagegammacorrect(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72730, CVE-2016-7127]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-10329 CVE-2016-10330 CVE-2016-10331

Synology Photo Station: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Synology Photo Station.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 03/08/2016.
Revision date: 04/08/2016.
Identifiers: CVE-2016-10329, CVE-2016-10330, CVE-2016-10331, VIGILANCE-VUL-20301.

Description of the vulnerability

Several vulnerabilities were announced in Synology Photo Station.

An attacker can use a vulnerability via Command Injection, in order to run code. [severity:2/4; CVE-2016-10329]

An attacker can copy a file, in order to obtain sensitive information. [severity:2/4; CVE-2016-10330]

An attacker can traverse directories, in order to read a file outside the root path. [severity:2/4; CVE-2016-10331]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-6255

libupnp: file creation via POST

Synthesis of the vulnerability

An attacker can send a POST query to an application linked to libupnp, in order to create a file on the system.
Impacted products: Debian, Fedora, openSUSE Leap, Synology DSM, Synology DS***, Synology RS***.
Severity: 3/4.
Consequences: data creation/edition.
Provenance: intranet client.
Creation date: 25/07/2016.
Identifiers: CVE-2016-6255, DLA-597-1, DLA-747-1, DSA-3736-1, FEDORA-2017-2c29702300, FEDORA-2017-3bd0b2e2c0, openSUSE-SU-2017:1485-1, VIGILANCE-VUL-20204.

Description of the vulnerability

The libupnp library implements the Universal Plug and Play protocol.

However, if there is no registered handler for an HTTP POST request, the default behavior is to write its content in a local file.

An attacker can therefore send a POST query to an application linked to libupnp, in order to create a file on the system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Synology DiskStation Manager: