The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Unisphere EMC

vulnerability bulletin CVE-2016-9586 CVE-2016-9952 CVE-2016-9953

cURL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cURL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/12/2016.
Identifiers: APPLE-SA-2017-07-19-2, cpuoct2018, CVE-2016-9586, CVE-2016-9952, CVE-2016-9953, DLA-1568-1, DLA-767-1, DSA-2019-114, FEDORA-2016-86d2b5aefb, FEDORA-2016-edbb33ab2e, HT207615, HT207922, JSA10874, openSUSE-SU-2017:1105-1, RHSA-2018:3558-01, STORM-2019-002, USN-3441-1, USN-3441-2, VIGILANCE-VUL-21435.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in cURL.

An attacker can generate a buffer overflow via float numbers, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-9586]

On WinCE platforms, an attacker can tamper with X.501 names in the X.509 certificate validation process, in order to spoof a server. [severity:2/4; CVE-2016-9952]

On WinCE platforms, an attacker can raise a read only buffer overflow in the X.509 certificate validation process, in order to read the server process memory or crash it. [severity:2/4; CVE-2016-9953]
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2016-8615 CVE-2016-8616 CVE-2016-8617

Curl: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Curl.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 02/11/2016.
Identifiers: 2001818, 2009692, bulletinapr2018, CERTFR-2019-AVI-325, cpuoct2018, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, DLA-711-1, DSA-2019-114, DSA-3705-1, FEDORA-2016-e8e8cdb4ed, HT207423, JSA10874, JSA10951, K01006862, K10196624, K26899353, K44503763, K46123931, K52828640, MIGR-5099570, openSUSE-SU-2016:2768-1, RHSA-2018:3558-01, SSA:2016-308-01, STORM-2019-002, SUSE-SU-2016:2699-1, SUSE-SU-2016:2714-1, USN-3123-1, VIGILANCE-VUL-20989.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Curl.

An attacker can bypass access restrictions via Cookie Injection, in order to read or alter data. [severity:2/4; CVE-2016-8615]

An attacker can bypass security features via Case Insensitive Password Comparison, in order to escalate his privileges. [severity:2/4; CVE-2016-8616]

An attacker can generate a memory corruption via Multiplication, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8617]

An attacker can force the usage of a freed memory area via curl_maprintf(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8618]

An attacker can force the usage of a freed memory area via krb5, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8619]

An attacker can generate a buffer overflow via Glob Parser, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8620]

An attacker can force a read at an invalid address via Curl_getdate, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-8621]

An attacker can generate an integer overflow via URL Unescape, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8622]

An attacker can force the usage of a freed memory area via Shared Cookies, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-8623]

An attacker can bypass security features via URL Parsing, in order to obtain sensitive information. [severity:2/4; CVE-2016-8624]

An attacker can bypass security features via IDNA 2003, in order to obtain sensitive information. [severity:2/4; CVE-2016-8625]
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2016-1000031

Apache Commons FileUpload: read-write access

Synthesis of the vulnerability

An attacker can bypass access restrictions of Apache Commons FileUpload, in order to read or alter files.
Severity: 3/4.
Creation date: 18/10/2016.
Identifiers: 2009844, 2011428, 2011689, 528262, 7018113, 7043863, 7048591, CERTFR-2018-AVI-531, cisco-sa-20181107-struts-commons-fileupload, cpuapr2019, cpujan2019, cpujul2019, cpuoct2019, CVE-2016-1000031, DSA-2018-210, openSUSE-SU-2019:1399-1, SUSE-SU-2019:1212-2, SUSE-SU-2019:1214-1, SUSE-SU-2019:14044-1, TRA-2016-12, VIGILANCE-VUL-20892, ZDI-16-570.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several products use Apache Commons FileUpload.

However, data unserialized by the DiskFileItem class are not checked.

An attacker can therefore bypass access restrictions of Apache Commons FileUpload, in order to read or alter files.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2016-7167

libcurl: integer overflow via curl_escape

Synthesis of the vulnerability

An attacker can generate an integer overflow via functions of the curl_escape() family of libcurl, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 14/09/2016.
Identifiers: bulletinoct2016, cpuoct2018, CVE-2016-7167, DLA-1568-1, DLA-625-1, DSA-2019-114, FEDORA-2016-7a2ed52d41, FEDORA-2016-80f4f71eff, HT207423, JSA10874, openSUSE-SU-2016:2768-1, RHSA-2017:2016-01, RHSA-2018:3558-01, SSA:2016-259-01, STORM-2019-002, SUSE-SU-2016:2699-1, SUSE-SU-2016:2714-1, USN-3123-1, VIGILANCE-VUL-20606.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The libcurl library provides the curl_escape(), curl_easy_escape(), curl_unescape() and curl_easy_unescape() functions to convert special characters.

However, if the requested size is too large, an integer overflows, and an allocated memory area is too short.

An attacker can therefore generate an integer overflow via functions of the curl_escape() family of libcurl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-0889

EMC Unisphere for VMAX Virtual Appliance: file upload

Synthesis of the vulnerability

An attacker can upload a malicious file on EMC Unisphere for VMAX Virtual Appliance, in order for example to upload a Trojan.
Severity: 3/4.
Creation date: 06/04/2016.
Revision date: 15/04/2016.
Identifiers: 481003, CVE-2016-0889, ESA-2016-036, VIGILANCE-VUL-19309.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The EMC Unisphere for VMAX Virtual Appliance product offers a web service.

It can be used to upload a file. However, this file can be uploaded in an arbitrary directory on the server with root privileges, and then executed.

An attacker can therefore upload a malicious file on EMC Unisphere for VMAX Virtual Appliance, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2016-0793

WildFly: file reading WEB-INF/META-INF

Synthesis of the vulnerability

An attacker can read a WEB-INF/META-INF file of WildFly, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 04/04/2016.
Identifiers: 1305937, 499009, BSA-2017-314, CVE-2016-0793, ESA-2017-056, VIGILANCE-VUL-19295.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The WildFly product uses a filter to forbid the WEB-INF/META-INF files to be read.

However, on Windows, an attacker can use lowercase characters, to bypass file access restrictions of WEB-INF/META-INF.

An attacker can therefore read a WEB-INF/META-INF file of WildFly, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2016-3115

OpenSSH: injection of xauth commands

Synthesis of the vulnerability

An attacker, who has an account with OpenSSH, but which is restricted and without a shell access, can transmit xauth commands via OpenSSH, in order to read/write a file with his own privileges.
Severity: 1/4.
Creation date: 10/03/2016.
Identifiers: 000008913, 499797, bulletinapr2016, CERTFR-2016-AVI-097, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-3115, DLA-1500-1, DLA-1500-2, ESA-2017-025, FEDORA-2016-188267b485, FEDORA-2016-bb59db3c86, FEDORA-2016-d339d610c1, FEDORA-2016-fc1cc33e05, FreeBSD-SA-16:14.openssh, JSA10774, K93532943, NTAP-20160519-0001, openSUSE-SU-2016:1455-1, RHSA-2016:0465-01, RHSA-2016:0466-01, SA121, SA126, SOL93532943, SSA:2016-070-01, USN-2966-1, VIGILANCE-VUL-19152.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The xauth utility manages credentials of the user to access to X11.

When X11Forwarding is enabled in sshd_config, the OpenSSH daemon transmits credentials to xauth. However, OpenSSH does not filter line feeds contained in these credentials. So xauth commands can thus be transmitted to xauth. These commands can read/write a file with user's privileges, or to connect to a port.

An attacker, who has an account with OpenSSH, but which is restricted and without a shell access, can therefore transmit xauth commands via OpenSSH, in order to read/write a file with his own privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2015-7547

glibc: buffer overflow of getaddrinfo

Synthesis of the vulnerability

An attacker, who owns a malicious DNS server, can reply with long data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Severity: 4/4.
Creation date: 16/02/2016.
Revision date: 17/02/2016.
Identifiers: 046146, 046151, 046153, 046155, 046158, 1977665, 478832, 479427, 479906, 480572, 480707, 480708, ARUBA-PSA-2016-001, BSA-2016-003, BSA-2016-004, CERTFR-2016-AVI-066, CERTFR-2016-AVI-071, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20160218-glibc, CTX206991, CVE-2015-7547, ESA-2016-020, ESA-2016-027, ESA-2016-028, ESA-2016-029, ESA-2016-030, FEDORA-2016-0480defc94, FEDORA-2016-0f9e9a34ce, JSA10774, KB #4858, openSUSE-SU-2016:0490-1, openSUSE-SU-2016:0510-1, openSUSE-SU-2016:0511-1, openSUSE-SU-2016:0512-1, PAN-SA-2016-0021, RHSA-2016:0175-01, RHSA-2016:0176-01, RHSA-2016:0225-01, SA114, SB10150, SOL47098834, SSA:2016-054-02, SSA-301706, SUSE-SU-2016:0470-1, SUSE-SU-2016:0471-1, SUSE-SU-2016:0472-1, SUSE-SU-2016:0473-1, USN-2900-1, VIGILANCE-VUL-18956, VMSA-2016-0002, VMSA-2016-0002.1, VN-2016-003.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The glibc library implements a DNS resolver (libresolv).

An application can thus call the getaddrinfo() function, which queries DNS servers. When the AF_UNSPEC type is used in the getaddrinfo() call, two DNS A and AAAA queries are sent simultaneously. However, this special case, and a case with AF_INET6 are not correctly managed, and lead to an overflow if the reply coming from the DNS server is larger than 2048 bytes.

An attacker, who owns a malicious DNS server, can therefore reply with large data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2010-5107 CVE-2010-5298 CVE-2011-0020

EMC Unisphere Central: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of EMC Unisphere Central.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 125.
Creation date: 28/01/2015.
Revision date: 30/01/2015.
Identifiers: 197382, CVE-2010-5107, CVE-2010-5298, CVE-2011-0020, CVE-2011-0064, CVE-2011-3389, CVE-2012-2137, CVE-2012-5885, CVE-2012-6085, CVE-2012-6548, CVE-2012-6549, CVE-2013-0160, CVE-2013-0216, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1772, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2013-2002, CVE-2013-2005, CVE-2013-2634, CVE-2013-2635, CVE-2013-4242, CVE-2014-0015, CVE-2014-0076, CVE-2014-0092, CVE-2014-0138, CVE-2014-0139, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-1533, CVE-2014-1534, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2014-1541, CVE-2014-1545, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428, CVE-2014-2483, CVE-2014-2490, CVE-2014-3470, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3613, CVE-2014-3620, CVE-2014-3638, CVE-2014-3639, CVE-2014-4208, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4223, CVE-2014-4227, CVE-2014-4244, CVE-2014-4247, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4265, CVE-2014-4266, CVE-2014-4268, CVE-2014-4330, CVE-2014-5139, CVE-2015-0512, ESA-2015-002, VIGILANCE-VUL-16070.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in EMC Unisphere Central.

They are related to the following embedded components:
 - PostgreSQL (CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, VIGILANCE-VUL-12607, VIGILANCE-VUL-12606)
 - Apache Tomcat (CVE-2012-5885, VIGILANCE-VUL-12113)
 - SSL3.0/TLS1.0 (CVE-2011-3389, VIGILANCE-VUL-11014)
 - SUSE Kernel (CVE-2013-1767, CVE-2012-2137, CVE-2012-6548, CVE-2013-1797, CVE-2013-0231,CVE-2013-1774, CVE-2013-1848, CVE-2013-0311, CVE-2013-2634, CVE-2013-0268, CVE-2013-0913, CVE-2013-1772, CVE-2013-0216, CVE-2013-1792, CVE-2012-6549, CVE-2013-2635, CVE-2013-0914, CVE-2013-1796, CVE-2013-0160, CVE-2013-1860, CVE-2013-0349, CVE-2013-1798, VIGILANCE-VUL-11014, VIGILANCE-VUL-12462, VIGILANCE-VUL-11721, VIGILANCE-VUL-12488, VIGILANCE-VUL-12547, VIGILANCE-VUL-12380, VIGILANCE-VUL-12470, VIGILANCE-VUL-12546, VIGILANCE-VUL-12441, VIGILANCE-VUL-12545, VIGILANCE-VUL-12389, VIGILANCE-VUL-12499, VIGILANCE-VUL-12382, VIGILANCE-VUL-12379, VIGILANCE-VUL-12491, VIGILANCE-VUL-12500, VIGILANCE-VUL-12287, VIGILANCE-VUL-12528, VIGILANCE-VUL-12454)
 - Libgcrypt (CVE-2013-4242, VIGILANCE-VUL-13167)
 - cURL/libcURL (CVE-2014-0138, CVE-2014-0139, CVE-2014-0015, CVE-2014-3613, CVE-2014-3620, VIGILANCE-VUL-14473, VIGILANCE-VUL-14474, VIGILANCE-VUL-14151, VIGILANCE-VUL-15326)
 - OpenSSL (CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, VIGILANCE-VUL-14585, VIGILANCE-VUL-14462, VIGILANCE-VUL-14846, VIGILANCE-VUL-14690, VIGILANCE-VUL-14845, VIGILANCE-VUL-14844, VIGILANCE-VUL-14847, VIGILANCE-VUL-15130, VIGILANCE-VUL-15489, VIGILANCE-VUL-15490, VIGILANCE-VUL-15491, VIGILANCE-VUL-15485)
 - GNU Privacy Guard (GPG2) (CVE-2012-6085, VIGILANCE-VUL-12275)
 - Java Runtime Environment (CVE-2014-2403, CVE-2014-0446, CVE-2014-0457, CVE-2014-0453, CVE-2014-2412, CVE-2014-2398, CVE-2014-0458, CVE-2014-2397, CVE-2014-0460, CVE-2014-0429, CVE-2014-2428, CVE-2014-2423, CVE-2014-2420, CVE-2014-0448, CVE-2014-0459, CVE-2014-2427, CVE-2014-2414, CVE-2014-0461, CVE-2014-0454, CVE-2014-2422, CVE-2014-0464, CVE-2014-2401, CVE-2014-0456, CVE-2014-0455, CVE-2014-0451, CVE-2014-0449, CVE-2014-0432, CVE-2014-0463, CVE-2014-2410, CVE-2014-2413, CVE-2014-2421, CVE-2014-2409, CVE-2014-2402, CVE-2014-0452, CVE-2014-4220, CVE-2014-2490, CVE-2014-4266, CVE-2014-4219, CVE-2014-2483, CVE-2014-4263, CVE-2014-4264, CVE-2014-4268, CVE-2014-4252, CVE-2014-4223, CVE-2014-4247, CVE-2014-4218, CVE-2014-4221, CVE-2014-4262, CVE-2014-4227, CVE-2014-4208, CVE-2014-4209, CVE-2014-4265, CVE-2014-4244, CVE-2014-4216, VIGILANCE-VUL-14599, VIGILANCE-VUL-15051)
 - OpenSSH (CVE-2010-5107, VIGILANCE-VUL-11256)
 - Network Security Services (NSS) (CVE-2014-1545, CVE-2014-1541, CVE-2014-1534, CVE-2014-1533, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, VIGILANCE-VUL-14869, VIGILANCE-VUL-14870)
 - Xorg-X11 (CVE-2013-2005, CVE-2013-2002, VIGILANCE-VUL-12858)
 - GnuTLS (CVE-2014-0092, VIGILANCE-VUL-14349)
 - Pango (CVE-2011-0020, CVE-2011-0064)
 - D-Bus (CVE-2014-3638,CVE-2014-3639, VIGILANCE-VUL-15358)
 - Perl (CVE-2014-4330, VIGILANCE-VUL-15412)

An attacker can also deceive the user, in order to redirect him to a malicious site (CVE-2015-0512).
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2015-0235

glibc: buffer overflow of gethostbyname, GHOST

Synthesis of the vulnerability

An attacker can for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code. Several programs using the gethostbyname() function are vulnerable with a similar attack vector.
Severity: 4/4.
Creation date: 27/01/2015.
Revision date: 27/01/2015.
Identifiers: 198850, 199399, c04577814, c04589512, CERTFR-2015-AVI-043, cisco-sa-20150128-ghost, cpujul2015, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CTX200437, CVE-2015-0235, DSA-3142-1, ESA-2015-030, ESA-2015-041, GHOST, HPSBGN03270, HPSBGN03285, JSA10671, K16057, KM01391662, MDVSA-2015:039, openSUSE-SU-2015:0162-1, openSUSE-SU-2015:0184-1, PAN-SA-2015-0002, RHSA-2015:0090-01, RHSA-2015:0092-01, RHSA-2015:0099-01, RHSA-2015:0101-01, RHSA-2015:0126-01, SB10100, sk104443, SOL16057, SSA:2015-028-01, SSA-994726, SUSE-SU-2015:0158-1, USN-2485-1, VIGILANCE-VUL-16060, VU#967332.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The glibc library provides two functions to obtain the IP address of a server from its DNS name:
  struct hostent *gethostbyname(const char *name);
  struct hostent *gethostbyname2(const char *name, int af);

For example:
  he = gethostbyname("www.example.com");

These functions also accept to directly process an IP address:
  he = gethostbyname("192.168.1.1");

However, a malformed IPv4 address, which is too long such as 192.168.111111.1 (more than 1024 byte long) triggers an overflow in the __nss_hostname_digits_dots() function.

An attacker can therefore for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code.

Several programs using the gethostbyname() function are vulnerable (exim, php, pppd, procmail) with a similar attack vector. The following programs are apparently not vulnerable: apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, squid, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.