The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VNX Operating Environment

computer vulnerability announce CVE-2013-3270

EMC VNX/Celerra Control Station: privilege escalation via nasadmin

Synthesis of the vulnerability

An attacker, who is member of the nasadmin group, can alter scripts of EMC VNX/Celerra Control Station, in order to escalate his privileges.
Severity: 1/4.
Creation date: 16/05/2013.
Identifiers: CERTA-2013-AVI-320, CVE-2013-3270, ESA-2013-041, VIGILANCE-VUL-12841.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The EMC VNX Control Station and EMC Celerra Control Station products install scripts on the system. These scripts are run with root privileges.

However, these scripts are owned by the nasadmin group, and are writable.

An attacker, who is member of the nasadmin group, can therefore alter scripts of EMC VNX/Celerra Control Station, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2012-2282

EMC Celerra, VNX, VNXe: access to files via NFS

Synthesis of the vulnerability

An attacker can use a NFS client, and bypass access privileges, in order to access to hosted files of EMC Celerra, VNX and VNXe.
Severity: 3/4.
Creation date: 12/07/2012.
Identifiers: BID-54414, CERTA-2012-AVI-389, CVE-2012-2282, ESA-2012-027, VIGILANCE-VUL-11765.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The EMC Celerra, VNX and VNXe products contain a NFS server, so Unix clients can access to data.

However, NFS access privileges to files and to directories are not correctly honored.

An attacker can therefore use a NFS client, and bypass access privileges, in order to access to hosted files.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2012-0021

Apache httpd: denial déni de service via mod_log_config

Synthesis of the vulnerability

When mod_log_config logs cookies, an attacker can send a special cookie, in order to stop Apache httpd in threaded MPM.
Severity: 2/4.
Creation date: 27/01/2012.
Identifiers: 52256, BID-51705, c03231301, c03278391, CERTA-2012-AVI-225, CVE-2012-0021, DSA-2019-131, FEDORA-2012-1598, FEDORA-2012-1642, HPSBMU02748, HPSBUX02761, MDVSA-2012:012, RHSA-2012:0542-01, RHSA-2012:0543-01, SOL15889, SSA:2012-041-01, SSRT100772, SSRT100823, VIGILANCE-VUL-11322.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The mod_log_config module of Apache httpd is used to define the format of logged data. For example:
 - %a : the remote IP address
 - %D : the processing duration
 - %{var}C : the cookie named "var"
 - etc.

Clients send cookies as an HTTP header, such as:
  Cookie: var=hello

The mod_log_config module calls the apr_collapse_spaces() function to delete unneeded spaces. However, if a cookie has no name, a NULL pointer is dereferenced.

When mod_log_config logs cookies, an attacker can therefore send a special cookie, in order to stop Apache httpd in threaded MPM (a fatal error in a thread also stops other threads).
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2010-4651

GNU patch: file creation

Synthesis of the vulnerability

An attacker can invite the victim to use a malicious patch file, in order to create a file outside the current directory.
Severity: 1/4.
Creation date: 06/01/2011.
Identifiers: 667529, BID-46768, CVE-2010-4651, DSA-2019-131, DSA-2142-1, FEDORA-2011-1269, FEDORA-2011-1272, SSA:2012-257-02, SUSE-SU-2018:1162-1, USN-2651-1, VIGILANCE-VUL-10251.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The GNU patch command uses a file describing modifications to apply on a path. Each file to be modified is indicated with the following syntax:
  "--- path/filename.origin"
  "+++ path/filename"

However, if the path contains "../", the file is created outside the current directory. Indeed, GNU patch does not check if files to modify are located inside the directory tree.

An attacker can therefore invite the victim to use a malicious patch file, in order to create a file outside the current directory.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2010-0408 CVE-2010-0425

Apache httpd: denials of service of of modules

Synthesis of the vulnerability

An attacker can generate a denial of service in mod_proxy_ajp and mod_isapi modules of Apache httpd.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/03/2010.
Revision date: 08/03/2010.
Identifiers: BID-38491, BID-38494, c02160663, CERTA-2010-AVI-112, CERTA-2010-AVI-122, CVE-2010-0408, CVE-2010-0425, DSA-2019-131, DSA-2035-1, FEDORA-2010-6055, FEDORA-2010-6131, HPSBUX02531, MDVSA-2010:053, RHSA-2010:0168-01, RHSA-2010:0396-01, SOS-10-002, SSA:2010-067-01, SSRT100108, SUSE-SR:2010:010, VIGILANCE-VUL-9487, VMSA-2010-0014, VMSA-2010-0014.1, VU#280613.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Two denials of service were announced in Apache httpd.

The mod_proxy_ajp module is used with Tomcat. When the client uses the Content-Length header, but does not send a body, the ap_proxy_ajp_request() function returns the error HTTP_INTERNAL_SERVER_ERROR, instead of HTTP_BAD_REQUEST. A timeout is then started, which creates a denial of service. [severity:2/4; BID-38491, CVE-2010-0408]

The mod_isapi module is used on Windows. However, by interrupting a query, this module is unloaded too soon, which forces the usage of an invalid pointer, and stops the service. [severity:2/4; CERTA-2010-AVI-112, CERTA-2010-AVI-122, CVE-2010-0425, SOS-10-002, VU#280613]
Full Vigil@nce bulletin... (Free trial)

security note CVE-2009-2699

Apache httpd: denial of service under Solaris

Synthesis of the vulnerability

An attacker can open several sessions when Apache httpd is installed under Solaris, in order to stop it.
Severity: 2/4.
Creation date: 06/10/2009.
Identifiers: 47645, BID-36596, c03236227, CVE-2009-2699, DSA-2019-131, HPSBMU02753, SSRT100782, VIGILANCE-VUL-9074.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The port_getn() function is used to obtain information on events related to a port (multiplexed queue)

Under Solaris, this function can return the ETIME error, when a concurrent access occurs. However, the poll/unix/port.c file of Apache APR does not handle this error, which creates a deadlock.

An attacker can therefore open several parallel sessions when Apache httpd is installed under Solaris, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2007-4769 CVE-2007-4772 CVE-2007-6067

PostgreSQL: several vulnerabilities

Synthesis of the vulnerability

A local attacker can create a denial of service or elevate his privileges via PostgreSQL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/01/2008.
Revisions dates: 11/01/2008, 06/03/2008.
Identifiers: 103197, 200559, c01420154, CERTA-2002-AVI-163, CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601, DSA-1460-1, DSA-1463-1, DSA-2019-131, FEDORA-2008-0478, FEDORA-2008-0552, HPSBTU02325, MDVSA-2008:004, openSUSE-SU-2016:0531-1, openSUSE-SU-2016:0578-1, RHSA-2008:0038-01, RHSA-2008:0039-01, RHSA-2008:0040-01, SSRT080006, SUSE-SA:2008:005, SUSE-SU-2016:0539-1, SUSE-SU-2016:0555-1, SUSE-SU-2016:0677-1, TLSA-2008-6, VIGILANCE-VUL-7475.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities affect PostgreSQL.

A local attacker can elevate his privileges via "expression indexes". Indeed, index functions are executed with "superuser" privileges during VACUUM and ANALYZE, and can contain privileged commands (SET ROLE and SET SESSION AUTHORIZATION). [severity:2/4; CVE-2007-6600]

An attacker can use a regular expression in order to create three denials of service (VIGILANCE-VUL-7643). Attacker needs a SQL access or has to use an application to transmit a regular expression to PostgreSQL. [severity:1/4; CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]

In the default configuration, a local attacker can use the dblink feature to elevate his privileges. [severity:2/4; CVE-2007-6601]
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2007-4769 CVE-2007-4772 CVE-2007-6067

Tcl: denials of service of regular expressions

Synthesis of the vulnerability

An attacker can use special regular expressions in order to create three denials of service in Tcl.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 06/03/2008.
Identifiers: 1810264, CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, DSA-2019-131, MDVSA-2008:059, openSUSE-SU-2016:0578-1, RHSA-2013:0122-01, SUSE-SU-2016:0555-1, VIGILANCE-VUL-7643, VMSA-2008-0009, VMSA-2008-0009.1, VMSA-2008-0009.2.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Tcl program interprets programs written in Tcl language. It has three vulnerabilities.

An attacker can use a regular expression in order to create an infinite loop. [severity:1/4; CVE-2007-4772]

An attacker can use a regular expression in order to consume memory. [severity:1/4; CVE-2007-6067]

An attacker can use a regular expression in order to stop the service. [severity:1/4; CERTA-2008-AVI-005, CVE-2007-4769]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VNX Operating Environment: