The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VNX Operating Environment

vulnerability alert CVE-2013-3270

EMC VNX/Celerra Control Station: privilege escalation via nasadmin

Synthesis of the vulnerability

An attacker, who is member of the nasadmin group, can alter scripts of EMC VNX/Celerra Control Station, in order to escalate his privileges.
Impacted products: Celerra NS, VNX Operating Environment, VNX Series.
Severity: 1/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 16/05/2013.
Identifiers: CERTA-2013-AVI-320, CVE-2013-3270, ESA-2013-041, VIGILANCE-VUL-12841.

Description of the vulnerability

The EMC VNX Control Station and EMC Celerra Control Station products install scripts on the system. These scripts are run with root privileges.

However, these scripts are owned by the nasadmin group, and are writable.

An attacker, who is member of the nasadmin group, can therefore alter scripts of EMC VNX/Celerra Control Station, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2012-2282

EMC Celerra, VNX, VNXe: access to files via NFS

Synthesis of the vulnerability

An attacker can use a NFS client, and bypass access privileges, in order to access to hosted files of EMC Celerra, VNX and VNXe.
Impacted products: Celerra NS, VNX Operating Environment, VNX Series.
Severity: 3/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 12/07/2012.
Identifiers: BID-54414, CERTA-2012-AVI-389, CVE-2012-2282, ESA-2012-027, VIGILANCE-VUL-11765.

Description of the vulnerability

The EMC Celerra, VNX and VNXe products contain a NFS server, so Unix clients can access to data.

However, NFS access privileges to files and to directories are not correctly honored.

An attacker can therefore use a NFS client, and bypass access privileges, in order to access to hosted files.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-0021

Apache httpd: denial déni de service via mod_log_config

Synthesis of the vulnerability

When mod_log_config logs cookies, an attacker can send a special cookie, in order to stop Apache httpd in threaded MPM.
Impacted products: Apache httpd, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, OpenView NNM, HP-UX, Mandriva Linux, Solaris, RHEL, Slackware.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 27/01/2012.
Identifiers: 52256, BID-51705, c03231301, c03278391, CERTA-2012-AVI-225, CVE-2012-0021, DSA-2019-131, FEDORA-2012-1598, FEDORA-2012-1642, HPSBMU02748, HPSBUX02761, MDVSA-2012:012, RHSA-2012:0542-01, RHSA-2012:0543-01, SOL15889, SSA:2012-041-01, SSRT100772, SSRT100823, VIGILANCE-VUL-11322.

Description of the vulnerability

The mod_log_config module of Apache httpd is used to define the format of logged data. For example:
 - %a : the remote IP address
 - %D : the processing duration
 - %{var}C : the cookie named "var"
 - etc.

Clients send cookies as an HTTP header, such as:
  Cookie: var=hello

The mod_log_config module calls the apr_collapse_spaces() function to delete unneeded spaces. However, if a cookie has no name, a NULL pointer is dereferenced.

When mod_log_config logs cookies, an attacker can therefore send a special cookie, in order to stop Apache httpd in threaded MPM (a fatal error in a thread also stops other threads).
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2010-4651

GNU patch: file creation

Synthesis of the vulnerability

An attacker can invite the victim to use a malicious patch file, in order to create a file outside the current directory.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 06/01/2011.
Identifiers: 667529, BID-46768, CVE-2010-4651, DSA-2019-131, DSA-2142-1, FEDORA-2011-1269, FEDORA-2011-1272, SSA:2012-257-02, SUSE-SU-2018:1162-1, USN-2651-1, VIGILANCE-VUL-10251.

Description of the vulnerability

The GNU patch command uses a file describing modifications to apply on a path. Each file to be modified is indicated with the following syntax:
  "--- path/filename.origin"
  "+++ path/filename"

However, if the path contains "../", the file is created outside the current directory. Indeed, GNU patch does not check if files to modify are located inside the directory tree.

An attacker can therefore invite the victim to use a malicious patch file, in order to create a file outside the current directory.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2010-0408 CVE-2010-0425

Apache httpd: denials of service of of modules

Synthesis of the vulnerability

An attacker can generate a denial of service in mod_proxy_ajp and mod_isapi modules of Apache httpd.
Impacted products: Apache httpd, Debian, VNX Operating Environment, VNX Series, Fedora, HP-UX, Mandriva Linux, OpenSolaris, openSUSE, Solaris, RHEL, Slackware, SLES, VMware ACE.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 03/03/2010.
Revision date: 08/03/2010.
Identifiers: BID-38491, BID-38494, c02160663, CERTA-2010-AVI-112, CERTA-2010-AVI-122, CVE-2010-0408, CVE-2010-0425, DSA-2019-131, DSA-2035-1, FEDORA-2010-6055, FEDORA-2010-6131, HPSBUX02531, MDVSA-2010:053, RHSA-2010:0168-01, RHSA-2010:0396-01, SOS-10-002, SSA:2010-067-01, SSRT100108, SUSE-SR:2010:010, VIGILANCE-VUL-9487, VMSA-2010-0014, VMSA-2010-0014.1, VU#280613.

Description of the vulnerability

Two denials of service were announced in Apache httpd.

The mod_proxy_ajp module is used with Tomcat. When the client uses the Content-Length header, but does not send a body, the ap_proxy_ajp_request() function returns the error HTTP_INTERNAL_SERVER_ERROR, instead of HTTP_BAD_REQUEST. A timeout is then started, which creates a denial of service. [severity:2/4; BID-38491, CVE-2010-0408]

The mod_isapi module is used on Windows. However, by interrupting a query, this module is unloaded too soon, which forces the usage of an invalid pointer, and stops the service. [severity:2/4; CERTA-2010-AVI-112, CERTA-2010-AVI-122, CVE-2010-0425, SOS-10-002, VU#280613]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-2699

Apache httpd: denial of service under Solaris

Synthesis of the vulnerability

An attacker can open several sessions when Apache httpd is installed under Solaris, in order to stop it.
Impacted products: Apache httpd, VNX Operating Environment, VNX Series, HPE BAC, OpenSolaris.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 06/10/2009.
Identifiers: 47645, BID-36596, c03236227, CVE-2009-2699, DSA-2019-131, HPSBMU02753, SSRT100782, VIGILANCE-VUL-9074.

Description of the vulnerability

The port_getn() function is used to obtain information on events related to a port (multiplexed queue)

Under Solaris, this function can return the ETIME error, when a concurrent access occurs. However, the poll/unix/port.c file of Apache APR does not handle this error, which creates a deadlock.

An attacker can therefore open several parallel sessions when Apache httpd is installed under Solaris, in order to stop it.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-4769 CVE-2007-4772 CVE-2007-6067

PostgreSQL: several vulnerabilities

Synthesis of the vulnerability

A local attacker can create a denial of service or elevate his privileges via PostgreSQL.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, Tru64 UNIX, Mandriva Linux, NLD, OES, openSUSE, openSUSE Leap, Solaris, PostgreSQL, RHEL, SUSE Linux Enterprise Desktop, SLES, TurboLinux.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/01/2008.
Revisions dates: 11/01/2008, 06/03/2008.
Identifiers: 103197, 200559, c01420154, CERTA-2002-AVI-163, CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601, DSA-1460-1, DSA-1463-1, DSA-2019-131, FEDORA-2008-0478, FEDORA-2008-0552, HPSBTU02325, MDVSA-2008:004, openSUSE-SU-2016:0531-1, openSUSE-SU-2016:0578-1, RHSA-2008:0038-01, RHSA-2008:0039-01, RHSA-2008:0040-01, SSRT080006, SUSE-SA:2008:005, SUSE-SU-2016:0539-1, SUSE-SU-2016:0555-1, SUSE-SU-2016:0677-1, TLSA-2008-6, VIGILANCE-VUL-7475.

Description of the vulnerability

Several vulnerabilities affect PostgreSQL.

A local attacker can elevate his privileges via "expression indexes". Indeed, index functions are executed with "superuser" privileges during VACUUM and ANALYZE, and can contain privileged commands (SET ROLE and SET SESSION AUTHORIZATION). [severity:2/4; CVE-2007-6600]

An attacker can use a regular expression in order to create three denials of service (VIGILANCE-VUL-7643). Attacker needs a SQL access or has to use an application to transmit a regular expression to PostgreSQL. [severity:1/4; CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067]

In the default configuration, a local attacker can use the dblink feature to elevate his privileges. [severity:2/4; CVE-2007-6601]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-4769 CVE-2007-4772 CVE-2007-6067

Tcl: denials of service of regular expressions

Synthesis of the vulnerability

An attacker can use special regular expressions in order to create three denials of service in Tcl.
Impacted products: VNX Operating Environment, VNX Series, Mandriva Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, VMware ACE, ESX, ESXi, VMware Player, VMware Server, VMware Workstation.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 06/03/2008.
Identifiers: 1810264, CERTA-2008-AVI-005, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, DSA-2019-131, MDVSA-2008:059, openSUSE-SU-2016:0578-1, RHSA-2013:0122-01, SUSE-SU-2016:0555-1, VIGILANCE-VUL-7643, VMSA-2008-0009, VMSA-2008-0009.1, VMSA-2008-0009.2.

Description of the vulnerability

The Tcl program interprets programs written in Tcl language. It has three vulnerabilities.

An attacker can use a regular expression in order to create an infinite loop. [severity:1/4; CVE-2007-4772]

An attacker can use a regular expression in order to consume memory. [severity:1/4; CVE-2007-6067]

An attacker can use a regular expression in order to stop the service. [severity:1/4; CERTA-2008-AVI-005, CVE-2007-4769]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VNX Operating Environment: