The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TMOS

vulnerability announce CVE-2017-6147

F5 BIG-IP: denial of service via SSL Forward Proxy

Synthesis of the vulnerability

An attacker can generate a fatal error via SSL Forward Proxy of F5 BIG-IP, in order to trigger a denial of service.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 18/09/2017.
Identifiers: CVE-2017-6147, K43945001, VIGILANCE-VUL-23852.

Description of the vulnerability

An attacker can generate a fatal error via SSL Forward Proxy of F5 BIG-IP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-3735

OpenSSL: out-of-bounds memory reading via X.509 IPAddressFamily

Synthesis of the vulnerability

An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Mac OS X, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, WebSphere MQ, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Percona Server, XtraDB Cluster, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WindRiver Linux, X2GoClient.
Severity: 1/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 29/08/2017.
Identifiers: 2011879, 2013026, 2014367, bulletinapr2018, cpuapr2018, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3735, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, HT208331, HT208394, ibm10715641, ibm10738249, JSA10851, K21462542, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:3221-01, SA157, SB10211, SUSE-SU-2017:2968-1, SUSE-SU-2017:2981-1, SUSE-SU-2018:0112-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-23636.

Description of the vulnerability

An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-1000112

Linux kernel: memory corruption via UFO

Synthesis of the vulnerability

An attacker can generate a memory corruption via UFO of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 11/08/2017.
Identifiers: CERTFR-2017-AVI-263, CERTFR-2017-AVI-264, CERTFR-2017-AVI-277, CERTFR-2017-AVI-293, CERTFR-2017-AVI-311, CERTFR-2017-AVI-338, CERTFR-2017-AVI-375, CERTFR-2017-AVI-400, CVE-2017-1000112, DSA-3981-1, FEDORA-2017-4336d64e21, FEDORA-2017-73f71456d7, FEDORA-2018-884a105c04, JSA10838, K60250153, openSUSE-SU-2017:2169-1, openSUSE-SU-2017:2171-1, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, RHSA-2017:3200-01, SUSE-SU-2017:2131-1, SUSE-SU-2017:2142-1, SUSE-SU-2017:2150-1, SUSE-SU-2017:2286-1, SUSE-SU-2017:2525-1, SUSE-SU-2017:2694-1, SUSE-SU-2017:2956-1, SUSE-SU-2017:3265-1, USN-3384-1, USN-3384-2, USN-3385-1, USN-3385-2, USN-3386-1, USN-3386-2, VIGILANCE-VUL-23509.

Description of the vulnerability

An attacker can generate a memory corruption via UFO of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-1000111

Linux kernel: buffer overflow via AF_PACKET

Synthesis of the vulnerability

An attacker can generate a buffer overflow via AF_PACKET of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Junos Space, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 11/08/2017.
Identifiers: CERTFR-2017-AVI-263, CERTFR-2017-AVI-264, CERTFR-2017-AVI-277, CERTFR-2017-AVI-293, CERTFR-2017-AVI-375, CERTFR-2017-AVI-400, CVE-2017-1000111, DLA-1099-1, DSA-3981-1, FEDORA-2017-4336d64e21, FEDORA-2017-73f71456d7, FEDORA-2018-884a105c04, JSA10838, K44309215, openSUSE-SU-2017:2169-1, openSUSE-SU-2017:2171-1, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, RHSA-2017:3200-01, SUSE-SU-2017:2131-1, SUSE-SU-2017:2142-1, SUSE-SU-2017:2150-1, SUSE-SU-2017:2286-1, SUSE-SU-2017:2956-1, USN-3384-1, USN-3384-2, USN-3385-1, USN-3385-2, USN-3386-1, USN-3386-2, VIGILANCE-VUL-23508.

Description of the vulnerability

An attacker can generate a buffer overflow via AF_PACKET of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-11628

PHP: buffer overflow via zend_ini_do_op

Synthesis of the vulnerability

An attacker can generate a buffer overflow via zend_ini_do_op() of PHP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 26/07/2017.
Identifiers: 74603, CVE-2017-11628, DLA-1066-1, DSA-4080-1, DSA-4081-1, FEDORA-2017-5ade380ab2, FEDORA-2017-b674dc22ad, FEDORA-2017-b8bb4b86e2, K75543432, openSUSE-SU-2017:2337-1, openSUSE-SU-2017:2366-1, RHSA-2018:1296-01, SUSE-SU-2017:2303-1, USN-3382-1, USN-3382-2, VIGILANCE-VUL-23362.

Description of the vulnerability

An attacker can generate a buffer overflow via zend_ini_do_op() of PHP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-7542

Linux kernel: infinite loop via ip6_find_1stfragopt

Synthesis of the vulnerability

An attacker can generate an infinite loop via ip6_find_1stfragopt() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 24/07/2017.
Identifiers: CERTFR-2017-AVI-277, CERTFR-2017-AVI-282, CERTFR-2017-AVI-288, CERTFR-2017-AVI-293, CERTFR-2017-AVI-311, CERTFR-2017-AVI-375, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-400, CVE-2017-7542, DLA-1099-1, DSA-3927-1, FEDORA-2017-39b5facda0, FEDORA-2017-544eef948f, K84024430, openSUSE-SU-2017:2110-1, openSUSE-SU-2017:2112-1, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, RHSA-2018:0169-01, SUSE-SU-2017:2286-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2389-1, SUSE-SU-2017:2525-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:2956-1, USN-3583-1, USN-3583-2, VIGILANCE-VUL-23331.

Description of the vulnerability

An attacker can generate an infinite loop via ip6_find_1stfragopt() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-6144

F5 BIG-IP PEM: Man-in-the-Middle via TAC Database

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via TAC Database on F5 BIG-IP PEM, in order to read or write data in the session.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 17/07/2017.
Identifiers: CVE-2017-6144, K81601350, VIGILANCE-VUL-23269.

Description of the vulnerability

The F5 BIG-IP PEM product uses the TLS protocol, in order to create secure sessions.

However, the X.509 certificate and the service identity are not correctly checked.

An attacker can therefore act as a Man-in-the-Middle via TAC Database on F5 BIG-IP PEM, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-6145

F5 BIG-IP: privilege escalation via iControl REST

Synthesis of the vulnerability

An attacker can bypass restrictions via iControl REST of F5 BIG-IP, in order to escalate his privileges.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 13/07/2017.
Identifiers: CERTFR-2017-AVI-216, CVE-2017-6145, K22317030, VIGILANCE-VUL-23246.

Description of the vulnerability

An attacker can bypass restrictions via iControl REST of F5 BIG-IP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-6141

F5 BIG-IP: denial of service via SSL Session Ticket

Synthesis of the vulnerability

An attacker can generate a fatal error via SSL Session Ticket of F5 BIG-IP, in order to trigger a denial of service.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 13/07/2017.
Identifiers: CERTFR-2017-AVI-216, CVE-2017-6141, K21154730, VIGILANCE-VUL-23245.

Description of the vulnerability

An attacker can generate a fatal error via SSL Session Ticket of F5 BIG-IP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Junos OS, Junos Space, SRX-Series, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, JSA10917, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TMOS: