The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VNX Series

computer vulnerability note CVE-2016-3458 CVE-2016-3485 CVE-2016-3498

Oracle Java: vulnerabilities of July 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, AIX, Domino, Notes, IRAD, SPSS Statistics, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, JAXP, ePO, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, JavaFX, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 13.
Creation date: 20/07/2016.
Identifiers: 1988339, 1988894, 1988978, 1989049, 1989337, 1990031, 1990448, 1991383, 1991909, 1991910, 1991911, 1991913, 1991997, 1995792, 1995799, 2001630, 2007242, 486953, CERTFR-2016-AVI-243, cpujul2016, CVE-2016-3458, CVE-2016-3485, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610, DLA-579-1, DSA-3641-1, ESA-2016-099, FEDORA-2016-588e386aaa, FEDORA-2016-c07d18b2a5, FEDORA-2016-c60d35c46c, openSUSE-SU-2016:2050-1, openSUSE-SU-2016:2051-1, openSUSE-SU-2016:2052-1, openSUSE-SU-2016:2058-1, RHSA-2016:1458-01, RHSA-2016:1475-01, RHSA-2016:1476-01, RHSA-2016:1477-01, RHSA-2016:1504-01, RHSA-2016:1587-01, RHSA-2016:1588-01, RHSA-2016:1589-01, RHSA-2016:1776-01, SB10166, SOL05016441, SOL25075696, SUSE-SU-2016:1997-1, SUSE-SU-2016:2012-1, SUSE-SU-2016:2261-1, SUSE-SU-2016:2286-1, SUSE-SU-2016:2347-1, SUSE-SU-2016:2348-1, SUSE-SU-2016:2726-1, USN-3043-1, USN-3062-1, USN-3077-1, VIGILANCE-VUL-20169, ZDI-16-445, ZDI-16-446, ZDI-16-447, ZDI-16-448.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Communications.

An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3587, ZDI-16-448]

An attacker can use a vulnerability via Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3606, ZDI-16-447]

An attacker can use a vulnerability via Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3598, ZDI-16-446]

An attacker can use a vulnerability via Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3610, ZDI-16-445]

An attacker can use a vulnerability via Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3552]

An attacker can use a vulnerability via Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3511]

An attacker can use a vulnerability via Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3503]

An attacker can use a vulnerability via JavaFX, in order to trigger a denial of service. [severity:2/4; CVE-2016-3498]

An attacker can use a vulnerability via JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2016-3500]

An attacker can use a vulnerability via JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2016-3508]

An attacker can use a vulnerability via CORBA, in order to alter information. [severity:2/4; CVE-2016-3458]

An attacker can use a vulnerability via Hotspot, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-3550]

An attacker can use a vulnerability via Networking, in order to alter information. [severity:1/4; CVE-2016-3485]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0686 CVE-2016-0687 CVE-2016-0695

Oracle Java: multiple vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, Avamar, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, AIX, Domino, Notes, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, JAXP, ePO, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Number of vulnerabilities in this bulletin: 9.
Creation date: 20/04/2016.
Identifiers: 1982223, 1982566, 1984075, 1984678, 1985466, 1985875, 1987778, 484398, 486953, bulletinjan2017, CERTFR-2016-AVI-135, cpuapr2016, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, DLA-451-1, DSA-3558-1, ESA-2016-052, ESA-2016-099, FEDORA-2016-33ccc205e7, openSUSE-SU-2016:1222-1, openSUSE-SU-2016:1230-1, openSUSE-SU-2016:1235-1, openSUSE-SU-2016:1262-1, openSUSE-SU-2016:1265-1, RHSA-2016:0650-01, RHSA-2016:0651-01, RHSA-2016:0675-01, RHSA-2016:0676-01, RHSA-2016:0677-01, RHSA-2016:0678-01, RHSA-2016:0679-01, RHSA-2016:0701-01, RHSA-2016:0702-01, RHSA-2016:0708-01, RHSA-2016:0716-01, RHSA-2016:0723-01, RHSA-2016:1039-01, SB10159, SOL33285044, SOL73112451, SOL81223200, SUSE-SU-2016:1248-1, SUSE-SU-2016:1250-1, SUSE-SU-2016:1299-1, SUSE-SU-2016:1300-1, SUSE-SU-2016:1303-1, SUSE-SU-2016:1378-1, SUSE-SU-2016:1379-1, SUSE-SU-2016:1388-1, SUSE-SU-2016:1458-1, SUSE-SU-2016:1475-1, USN-2963-1, USN-2964-1, USN-2972-1, VIGILANCE-VUL-19416, ZDI-16-376.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3443, ZDI-16-376]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0687]

An attacker can use a vulnerability of Serialization, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0686]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3427]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3449]

An attacker can use a vulnerability of Security, in order to obtain information. [severity:2/4; CVE-2016-0695]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2016-3425]

An attacker can use a vulnerability of 2D, in order to trigger a denial of service. [severity:2/4; CVE-2016-3422]

An attacker can use a vulnerability of JCE, in order to obtain information. [severity:1/4; CVE-2016-3426]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-7547

glibc: buffer overflow of getaddrinfo

Synthesis of the vulnerability

An attacker, who owns a malicious DNS server, can reply with long data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Impacted products: ArubaOS, Blue Coat CAS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco Wireless IP Phone, Cisco Wireless Controller, XenDesktop, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, QRadar SIEM, Trinzic, NSM Central Manager, NSMXpress, McAfee Email Gateway, McAfee MOVE AntiVirus, VirusScan, McAfee Web Gateway, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RealPresence Distributed Media Application, Polycom VBP, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 16/02/2016.
Revision date: 17/02/2016.
Identifiers: 046146, 046151, 046153, 046155, 046158, 1977665, 478832, 479427, 479906, 480572, 480707, 480708, ARUBA-PSA-2016-001, BSA-2016-003, BSA-2016-004, CERTFR-2016-AVI-066, CERTFR-2016-AVI-071, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20160218-glibc, CTX206991, CVE-2015-7547, ESA-2016-020, ESA-2016-027, ESA-2016-028, ESA-2016-029, ESA-2016-030, FEDORA-2016-0480defc94, FEDORA-2016-0f9e9a34ce, JSA10774, KB #4858, openSUSE-SU-2016:0490-1, openSUSE-SU-2016:0510-1, openSUSE-SU-2016:0511-1, openSUSE-SU-2016:0512-1, PAN-SA-2016-0021, RHSA-2016:0175-01, RHSA-2016:0176-01, RHSA-2016:0225-01, SA114, SB10150, SOL47098834, SSA:2016-054-02, SSA-301706, SUSE-SU-2016:0470-1, SUSE-SU-2016:0471-1, SUSE-SU-2016:0472-1, SUSE-SU-2016:0473-1, USN-2900-1, VIGILANCE-VUL-18956, VMSA-2016-0002, VMSA-2016-0002.1, VN-2016-003.

Description of the vulnerability

The glibc library implements a DNS resolver (libresolv).

An application can thus call the getaddrinfo() function, which queries DNS servers. When the AF_UNSPEC type is used in the getaddrinfo() call, two DNS A and AAAA queries are sent simultaneously. However, this special case, and a case with AF_INET6 are not correctly managed, and lead to an overflow if the reply coming from the DNS server is larger than 2048 bytes.

An attacker, who owns a malicious DNS server, can therefore reply with large data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-0235

glibc: buffer overflow of gethostbyname, GHOST

Synthesis of the vulnerability

An attacker can for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code. Several programs using the gethostbyname() function are vulnerable with a similar attack vector.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, Provider-1, SecurePlatform, CheckPoint Security Gateway, CheckPoint VSX-1, Cisco ASR, Cisco Catalyst, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco CUCM, XenServer, Clearswift Email Gateway, Debian, Unisphere EMC, VNX Operating Environment, VNX Series, Exim, BIG-IP Hardware, TMOS, HPE BSM, HP Operations, Performance Center, Junos Space, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, openSUSE, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, PHP, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, Polycom VBP, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, WordPress Core.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet server.
Creation date: 27/01/2015.
Revision date: 27/01/2015.
Identifiers: 198850, 199399, c04577814, c04589512, CERTFR-2015-AVI-043, cisco-sa-20150128-ghost, cpujul2015, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CTX200437, CVE-2015-0235, DSA-3142-1, ESA-2015-030, ESA-2015-041, GHOST, HPSBGN03270, HPSBGN03285, JSA10671, K16057, KM01391662, MDVSA-2015:039, openSUSE-SU-2015:0162-1, openSUSE-SU-2015:0184-1, PAN-SA-2015-0002, RHSA-2015:0090-01, RHSA-2015:0092-01, RHSA-2015:0099-01, RHSA-2015:0101-01, RHSA-2015:0126-01, SB10100, sk104443, SOL16057, SSA:2015-028-01, SSA-994726, SUSE-SU-2015:0158-1, USN-2485-1, VIGILANCE-VUL-16060, VU#967332.

Description of the vulnerability

The glibc library provides two functions to obtain the IP address of a server from its DNS name:
  struct hostent *gethostbyname(const char *name);
  struct hostent *gethostbyname2(const char *name, int af);

For example:
  he = gethostbyname("www.example.com");

These functions also accept to directly process an IP address:
  he = gethostbyname("192.168.1.1");

However, a malformed IPv4 address, which is too long such as 192.168.111111.1 (more than 1024 byte long) triggers an overflow in the __nss_hostname_digits_dots() function.

An attacker can therefore for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code.

Several programs using the gethostbyname() function are vulnerable (exim, php, pppd, procmail) with a similar attack vector. The following programs are apparently not vulnerable: apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, squid, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-6278

bash: command execution in the function parser

Synthesis of the vulnerability

An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, openSUSE Leap, Solaris, RSA Authentication Manager, ROX, RuggedSwitch, Slackware, Stonesoft NGFW/VPN, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 29/09/2014.
Identifiers: 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, CTX200217, CTX200223, CVE-2014-6278, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2015:164, openSUSE-SU-2014:1310-1, openSUSE-SU-2016:2961-1, SB10085, sk102673, SOL15629, SSA:2014-272-01, SSA-860967, T1021272, USN-2380-1, VIGILANCE-VUL-15421, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9.

Description of the vulnerability

The bash interpreter can use functions.

However, when bash parses the source code to create the function, it directly executes commands located at some places.

This vulnerability can be used with the same attack vector than VIGILANCE-VUL-15399.

An attacker can therefore define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-6277

bash: memory corruption in the function parser

Synthesis of the vulnerability

An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, openSUSE Leap, Solaris, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, RSA Authentication Manager, ROX, RuggedSwitch, Slackware, Stonesoft NGFW/VPN, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 29/09/2014.
Identifiers: 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, CTX200217, CTX200223, CVE-2014-6277, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2015:164, openSUSE-SU-2014:1310-1, openSUSE-SU-2016:2961-1, SB10085, sk102673, SOL15629, SSA:2014-272-01, SSA-860967, T1021272, USN-2380-1, VIGILANCE-VUL-15420, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9.

Description of the vulnerability

The bash interpreter can use functions.

However, when bash parses the source code to create the function, it corrupts its memory.

This vulnerability can be used with the same attack vector than VIGILANCE-VUL-15399.

An attacker can therefore define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-7186 CVE-2014-7187

bash: two denial of service

Synthesis of the vulnerability

An attacker can use several vulnerabilities of bash.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, Solaris, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, RHEL, RSA Authentication Manager, ROX, RuggedSwitch, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/09/2014.
Identifiers: 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, CTX200217, CTX200223, CVE-2014-7186, CVE-2014-7187, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2015:164, openSUSE-SU-2014:1229-1, openSUSE-SU-2014:1242-1, openSUSE-SU-2014:1248-1, openSUSE-SU-2014:1308-1, openSUSE-SU-2014:1310-1, RHSA-2014:1311-01, RHSA-2014:1312-01, RHSA-2014:1354-01, RHSA-2014:1865-01, SB10085, sk102673, SOL15629, SSA-860967, SUSE-SU-2014:1247-1, SUSE-SU-2014:1247-2, T1021272, USN-2364-1, VIGILANCE-VUL-15419, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9.

Description of the vulnerability

Several vulnerabilities were announced in bash.

An attacker can force a read at an invalid address in redir_stack, in order to trigger a denial of service. [severity:1/4; CVE-2014-7186]

An attacker can generate a buffer overflow of one byte in word_lineno, in order to trigger a denial of service, and possibly to execute code. [severity:1/4; CVE-2014-7187]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-7169

bash: code execution via Function Variable

Synthesis of the vulnerability

An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, Cisco ASR, Cisco ACE, ASA, IOS XE Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Secure ACS, Cisco CUCM, Cisco Unified CCX, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiManager, FortiManager Virtual Appliance, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, Solaris, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, RHEL, RSA Authentication Manager, ROX, RuggedSwitch, Slackware, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/09/2014.
Identifiers: 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, cisco-sa-20140926-bash, CTX200217, CTX200223, CVE-2014-3659-REJECT, CVE-2014-7169, DSA-3035-1, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, FEDORA-2014-11514, FEDORA-2014-11527, FEDORA-2014-12202, FG-IR-14-030, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2014:190, MDVSA-2015:164, openSUSE-SU-2014:1229-1, openSUSE-SU-2014:1242-1, openSUSE-SU-2014:1248-1, openSUSE-SU-2014:1308-1, openSUSE-SU-2014:1310-1, pfSense-SA-14_18.packages, RHSA-2014:1306-01, RHSA-2014:1311-01, RHSA-2014:1312-01, RHSA-2014:1354-01, RHSA-2014:1865-01, SB10085, sk102673, SOL15629, SSA:2014-268-01, SSA:2014-268-02, SSA-860967, SUSE-SU-2014:1247-1, SUSE-SU-2014:1247-2, T1021272, USN-2363-1, USN-2363-2, VIGILANCE-VUL-15401, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9, VN-2014-002.

Description of the vulnerability

The bulletin VIGILANCE-VUL-15399 describes a vulnerability of bash.

However, the offered patch (VIGILANCE-SOL-36695) is incomplete. An variant of the initial attack can thus still be used to execute code or to create a file.

In this case, the code is run when the variable is parsed (which is not necessarily an environment variable), and not when the shell starts. The impact may thus be lower, but this was not confirmed.

An attacker can therefore define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-6271

bash: code execution via Environment Variable, ShellShock

Synthesis of the vulnerability

An attacker can define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, Cisco ASR, Cisco ACE, ASA, IOS XE Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Secure ACS, Cisco CUCM, Cisco Unified CCX, XenServer, Clearswift Email Gateway, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiManager, FortiManager Virtual Appliance, HP Operations, AIX, IVE OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper UAC, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NGFW, McAfee Web Gateway, openSUSE, Solaris, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, RHEL, RSA Authentication Manager, ROX, RuggedSwitch, Slackware, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, ESX, vCenter Server, VMware vSphere.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 24/09/2014.
Identifiers: 1141597, 193355, 193866, 194029, 194064, 194669, 480931, c04475942, c04479492, CERTFR-2014-ALE-006, CERTFR-2014-AVI-403, CERTFR-2014-AVI-415, CERTFR-2014-AVI-480, cisco-sa-20140926-bash, CTX200217, CTX200223, CVE-2014-6271, DSA-3032-1, ESA-2014-111, ESA-2014-123, ESA-2014-124, ESA-2014-125, ESA-2014-126, ESA-2014-127, ESA-2014-128, ESA-2014-133, ESA-2014-136, ESA-2014-150, ESA-2014-151, ESA-2014-152, ESA-2014-162, FEDORA-2014-11360, FEDORA-2014-11503, FG-IR-14-030, HPSBGN03138, HPSBMU03144, JSA10648, JSA10661, MDVSA-2014:186, MDVSA-2015:164, openSUSE-SU-2014:1226-1, openSUSE-SU-2014:1238-1, openSUSE-SU-2014:1308-1, openSUSE-SU-2014:1310-1, pfSense-SA-14_18.packages, RHSA-2014:1293-01, RHSA-2014:1294-01, RHSA-2014:1295-01, RHSA-2014:1354-01, SB10085, ShellShock, sk102673, SOL15629, SSA:2014-267-01, SSA-860967, SUSE-SU-2014:1212-1, SUSE-SU-2014:1213-1, SUSE-SU-2014:1214-1, SUSE-SU-2014:1223-1, T1021272, USN-2362-1, VIGILANCE-VUL-15399, VMSA-2014-0010, VMSA-2014-0010.10, VMSA-2014-0010.11, VMSA-2014-0010.12, VMSA-2014-0010.13, VMSA-2014-0010.2, VMSA-2014-0010.4, VMSA-2014-0010.7, VMSA-2014-0010.8, VMSA-2014-0010.9, VN-2014-002, VU#252743.

Description of the vulnerability

When bash interpreter is started, environment variables of the parent process are transfered to the current process. For example:
  export A=test
  bash
  echo $A

Functions can also be transfered through environment variables. For example:
  export F='() { echo bonjour; }'
  bash
  F

However, bash loads functions by interpreting the full environment variable. If an environment variable starts with "() {" and ends with "; command", then the command is run when the shell is started.

The main attack vectors are:
 - CGI scripts (Apache mod_cgi, mod_cgid) on a web server (variables: HTTP_header, REMOTE_HOST, SERVER_PROTOCOL)
 - OpenSSH via AcceptEnv (variables : TERM, ForceCommand avec SSH_ORIGINAL_COMMAND)

An attacker can therefore define a special environment variable, which is transmitted (via CGI or OpenSSH for example) to bash, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0224

OpenSSL: man in the middle via ChangeCipherSpec

Synthesis of the vulnerability

An attacker can act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Impacted products: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, Provider-1, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ATA, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Management, IronPort Web, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, WebNS, Cisco WSA, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, ECC, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, HP Operations, ProCurve Switch, HP Switch, HP-UX, AIX, Tivoli Storage Manager, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper UAC, McAfee Web Gateway, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Polycom CMA, HDX, RealPresence Collaboration Server, Polycom VBP, RHEL, JBoss EAP by Red Hat, ACE Agent, ACE Server, RSA Authentication Agent, RSA Authentication Manager, SecurID, ROS, ROX, RuggedSwitch, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, InterScan Messaging Security Suite, InterScan Web Security Suite, TrendMicro ServerProtect, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: document.
Creation date: 05/06/2014.
Revision date: 05/06/2014.
Identifiers: 1676496, 1690827, aid-06062014, c04336637, c04347622, c04363613, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, CERTFR-2014-AVI-513, cisco-sa-20140605-openssl, cpuoct2016, CTX140876, CVE-2014-0224, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBHF03052, HPSBUX03046, JSA10629, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2015:0229-1, openSUSE-SU-2016:0640-1, RHSA-2014:0624-01, RHSA-2014:0625-01, RHSA-2014:0626-01, RHSA-2014:0627-01, RHSA-2014:0628-01, RHSA-2014:0629-01, RHSA-2014:0630-01, RHSA-2014:0631-01, RHSA-2014:0632-01, RHSA-2014:0633-01, RHSA-2014:0679-01, RHSA-2014:0680-01, SA40006, SA80, SB10075, sk101186, SOL15325, SPL-85063, SSA:2014-156-03, SSA-234763, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14844, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9, VU#978508.

Description of the vulnerability

The OpenSSL product implements SSL/TLS, which uses a handshake.

However, by using a handshake with a ChangeCipherSpec message, an attacker can force the usage of weak keys.

An attacker can therefore act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VNX Series: