The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VirusScan

vulnerability announce CVE-2015-8577

VirusScan Enterprise: bypassing BOP

Synthesis of the vulnerability

An attacker can use the BOP feature of VirusScan Enterprise, in order to ease the development of an exploit for a vulnerability in a software protected by BOP.
Impacted products: VirusScan.
Severity: 1/4.
Creation date: 09/12/2015.
Identifiers: CVE-2015-8577, SB10142, VIGILANCE-VUL-18482.

Description of the vulnerability

The VirusScan Enterprise product offers the BOP (Buffer Overflow Protection) feature.

However, this feature allocates memory with RWX permissions at a predictable address in the memory space of the protected process. This thus eases the development of an exploit for a vulnerability in this process.

An attacker can therefore use the BOP feature of VirusScan Enterprise, in order to ease the development of an exploit for a vulnerability in a software protected by BOP.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-0286 CVE-2015-0287 CVE-2015-0289

OpenSSL 0.9/1.0.0/1.0.1: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 0.9/1.0.0/1.0.1.
Impacted products: Arkoon FAST360, ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ASR, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS XE Cisco, Cisco IPS, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, WebNS, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, hMailServer, HP-UX, AIX, IRAD, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, MBS, McAfee Email Gateway, ePO, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, Puppet, RHEL, JBoss EAP by Red Hat, Base SAS Software, SAS SAS/CONNECT, Slackware, Splunk Enterprise, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 19/03/2015.
Identifiers: 1701334, 1902519, 1960491, 1964410, 1975397, 55767, 7043086, 9010031, ARUBA-PSA-2015-007, bulletinapr2015, c04679334, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-169, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, CERTFR-2016-AVI-303, cisco-sa-20150320-openssl, cisco-sa-20150408-ntpd, cpuapr2017, cpuoct2016, cpuoct2017, CTX216642, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, DSA-3197-1, DSA-3197-2, FEDORA-2015-4300, FEDORA-2015-4303, FG-IR-15-008, FreeBSD-SA-15:06.openssl, HPSBUX03334, JSA10680, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2015:0554-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, RHSA-2015:0715-01, RHSA-2015:0716-01, RHSA-2015:0752-01, RHSA-2015:0800-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, SA40001, SA92, SB10110, SOL16301, SOL16302, SOL16317, SOL16319, SOL16320, SOL16321, SOL16323, SPL-98351, SPL-98531, SSA:2015-111-09, SSRT102000, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, SUSE-SU-2016:0678-1, TNS-2015-04, USN-2537-1, VIGILANCE-VUL-16429.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 0.9/1.0.0/1.0.1.

An attacker can force a read at an invalid address in ASN1_TYPE_cmp, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can generate a memory corruption in ASN.1, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0287]

An attacker can force a NULL pointer to be dereferenced in PKCS#7, in order to trigger a denial of service. [severity:2/4; CVE-2015-0289]

An attacker can generate a memory corruption with base64 data, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-0292]

An attacker can generate an OPENSSL_assert, in order to trigger a denial of service. [severity:2/4; CVE-2015-0293]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-0288

OpenSSL: NULL pointer dereference via X509_to_X509_REQ

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in X509_to_X509_REQ() of OpenSSL, in order to trigger a denial of service.
Impacted products: Arkoon FAST360, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ASR, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS XE Cisco, Cisco IPS, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, WebNS, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, hMailServer, HP-UX, AIX, IRAD, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, MBS, McAfee Email Gateway, ePO, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, pfSense, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Splunk Enterprise, Stonesoft NGFW/VPN, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 09/03/2015.
Identifiers: 1701334, 1964410, 55767, 9010031, c04679334, CERTFR-2015-AVI-089, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2015-AVI-177, CERTFR-2015-AVI-259, CERTFR-2016-AVI-303, cisco-sa-20150320-openssl, cisco-sa-20150408-ntpd, cpuoct2017, CTX216642, CVE-2015-0288, DSA-3197-1, DSA-3197-2, FEDORA-2015-4300, FEDORA-2015-4303, FEDORA-2015-6855, FreeBSD-SA-15:06.openssl, HPSBUX03334, JSA10680, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-007, NTAP-20150323-0002, openSUSE-SU-2015:0554-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0640-1, RHSA-2015:0715-01, RHSA-2015:0716-01, RHSA-2015:0752-01, RHSA-2015:0800-01, SA40001, SB10110, SOL16301, SOL16302, SOL16317, SOL16319, SOL16320, SOL16321, SOL16323, SPL-98351, SPL-98531, SSA:2015-111-09, SSRT102000, SUSE-SU-2015:0541-1, SUSE-SU-2015:0553-1, SUSE-SU-2015:0553-2, SUSE-SU-2015:0578-1, TNS-2015-04, USN-2537-1, VIGILANCE-VUL-16342.

Description of the vulnerability

The OpenSSL product processes X.509 certificates.

However, the X509_to_X509_REQ() function does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in X509_to_X509_REQ() of OpenSSL, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-0138 CVE-2015-0204

OpenSSL, LibReSSL, Mono, JSSE: weakening TLS encryption via FREAK

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Impacted products: Arkoon FAST360, ArubaOS, Avaya Ethernet Routing Switch, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Cisco ATA, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IronPort Email, IronPort Web, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Cisco IP Phone, Cisco MeetingPlace, Cisco WSA, Clearswift Email Gateway, Debian, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, Chrome, HPE NNMi, HP-UX, AIX, DB2 UDB, IRAD, Security Directory Server, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Juniper SBR, Domino, Notes, MBS, McAfee Email Gateway, ePO, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows (platform) ~ not comprehensive, Data ONTAP, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, Java OpenJDK, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Java Oracle, Solaris, Tuxedo, WebLogic, pfSense, Puppet, RHEL, Base SAS Software, SAS SAS/CONNECT, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 04/03/2015.
Revision date: 09/03/2015.
Identifiers: 122007, 1450666, 1610582, 1647054, 1698613, 1699051, 1699810, 1700225, 1700997, 1701485, 1902260, 1903541, 1963275, 1968485, 1973383, 55767, 7014463, 7022958, 9010028, ARUBA-PSA-2015-003, bulletinjan2015, c04556853, c04679334, c04773241, CERTFR-2015-AVI-108, CERTFR-2015-AVI-117, CERTFR-2015-AVI-146, CERTFR-2016-AVI-303, cisco-sa-20150310-ssl, cpuapr2017, cpujul2018, cpuoct2017, CTX216642, CVE-2015-0138, CVE-2015-0204, DSA-3125-1, FEDORA-2015-0512, FEDORA-2015-0601, FG-IR-15-007, FREAK, FreeBSD-SA-15:01.openssl, HPSBMU03345, HPSBUX03244, HPSBUX03334, JSA10679, MDVSA-2015:019, MDVSA-2015:062, MDVSA-2015:063, NetBSD-SA2015-006, NetBSD-SA2015-007, NTAP-20150205-0001, openSUSE-SU-2015:0130-1, openSUSE-SU-2016:0640-1, RHSA-2015:0066-01, RHSA-2015:0800-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SA40015, SA88, SA91, SB10108, SB10110, SOL16120, SOL16123, SOL16124, SOL16126, SOL16135, SOL16136, SOL16139, SP-CAAANXD, SPL-95203, SPL-95206, SSA:2015-009-01, SSRT101885, SSRT102000, SUSE-SU-2015:1073-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, T1022075, USN-2459-1, VIGILANCE-VUL-16301, VN-2015-003_FREAK, VU#243585.

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

Several cryptographic algorithms can be negotiated, such as algorithms allowed for USA export (less than 512 bits).

An attacker, located as a Man-in-the-Middle, can inject during the session initialization a message choosing an export algorithm. This message should generate an error, however some TLS clients accept it.

Note: the variant related to Windows is described in VIGILANCE-VUL-16332.

An attacker, located as a Man-in-the-Middle, can therefore force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-0235

glibc: buffer overflow of gethostbyname, GHOST

Synthesis of the vulnerability

An attacker can for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code. Several programs using the gethostbyname() function are vulnerable with a similar attack vector.
Impacted products: Arkoon FAST360, GAiA, CheckPoint IP Appliance, Provider-1, SecurePlatform, CheckPoint Security Gateway, CheckPoint VSX-1, Cisco ASR, Cisco Catalyst, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco CUCM, XenServer, Clearswift Email Gateway, Debian, Unisphere EMC, VNX Operating Environment, VNX Series, Exim, BIG-IP Hardware, TMOS, HPE BSM, HP Operations, Performance Center, Junos Space, MBS, McAfee Email and Web Security, McAfee Email Gateway, McAfee MOVE AntiVirus, McAfee NSP, McAfee NTBA, McAfee NGFW, VirusScan, McAfee Web Gateway, NetIQ Sentinel, openSUSE, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, PHP, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, Polycom VBP, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, WordPress Core.
Severity: 4/4.
Creation date: 27/01/2015.
Revision date: 27/01/2015.
Identifiers: 198850, 199399, c04577814, c04589512, CERTFR-2015-AVI-043, cisco-sa-20150128-ghost, cpujul2015, cpujul2017, cpuoct2016, cpuoct2017, CTX200437, CVE-2015-0235, DSA-3142-1, ESA-2015-030, ESA-2015-041, GHOST, HPSBGN03270, HPSBGN03285, JSA10671, K16057, KM01391662, MDVSA-2015:039, openSUSE-SU-2015:0162-1, openSUSE-SU-2015:0184-1, PAN-SA-2015-0002, RHSA-2015:0090-01, RHSA-2015:0092-01, RHSA-2015:0099-01, RHSA-2015:0101-01, RHSA-2015:0126-01, SB10100, sk104443, SOL16057, SSA:2015-028-01, SSA-994726, SUSE-SU-2015:0158-1, USN-2485-1, VIGILANCE-VUL-16060, VU#967332.

Description of the vulnerability

The glibc library provides two functions to obtain the IP address of a server from its DNS name:
  struct hostent *gethostbyname(const char *name);
  struct hostent *gethostbyname2(const char *name, int af);

For example:
  he = gethostbyname("www.example.com");

These functions also accept to directly process an IP address:
  he = gethostbyname("192.168.1.1");

However, a malformed IPv4 address, which is too long such as 192.168.111111.1 (more than 1024 byte long) triggers an overflow in the __nss_hostname_digits_dots() function.

An attacker can therefore for example send an email using a long IPv4 address, to force the messaging server to resolve this address, and to generate a buffer overflow in gethostbyname() of the glibc, in order to trigger a denial of service, and possibly to execute code.

Several programs using the gethostbyname() function are vulnerable (exim, php, pppd, procmail) with a similar attack vector. The following programs are apparently not vulnerable: apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, squid, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2014-3568

OpenSSL: option no-ssl3 useless

Synthesis of the vulnerability

An attacker can still use SSLv3, even if OpenSSL was compiled with no-ssl3.
Impacted products: ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, FreeBSD, hMailServer, ProCurve Switch, HP Switch, HP-UX, Tivoli Workload Scheduler, McAfee Email and Web Security, McAfee Email Gateway, ePO, VirusScan, McAfee Web Gateway, NetBSD, OpenSSL, openSUSE, openSUSE Leap, Solaris, Puppet, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Creation date: 15/10/2014.
Identifiers: 1691140, 1696383, c04492722, c04616259, CERTFR-2014-AVI-435, CERTFR-2014-AVI-509, CERTFR-2015-AVI-024, CERTFR-2016-AVI-303, CTX216642, CVE-2014-3568, DSA-3053-1, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FreeBSD-SA-14:23.openssl, HPSBHF03300, HPSBUX03162, NetBSD-SA2014-015, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1426-1, openSUSE-SU-2016:0640-1, SA87, SB10091, SSA:2014-288-01, SSRT101767, SUSE-SU-2014:1357-1, SUSE-SU-2014:1361-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, VIGILANCE-VUL-15491, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2.

Description of the vulnerability

The OpenSSL library can be compiled with the no-ssl3 option, in order to disable SSLv3.

However, this option does not work.

An attacker can therefore still use SSLv3, even if OpenSSL was compiled with no-ssl3.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2014-3567

OpenSSL: memory leak via Session Ticket

Synthesis of the vulnerability

An attacker can use a malicious Session Ticket, to create a memory leak in OpenSSL, in order to trigger a denial of service.
Impacted products: StormShield, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, FreeBSD, hMailServer, ProCurve Switch, HP Switch, HP-UX, AIX, Tivoli Workload Scheduler, MBS, McAfee Email and Web Security, McAfee Email Gateway, ePO, VirusScan, McAfee Web Gateway, NetBSD, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Solaris, Puppet, RHEL, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Creation date: 15/10/2014.
Identifiers: 1691140, 1696383, c04492722, c04616259, CERTFR-2014-AVI-435, CERTFR-2014-AVI-509, CERTFR-2015-AVI-024, CERTFR-2016-AVI-303, CTX216642, CVE-2014-3567, DSA-3053-1, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FreeBSD-SA-14:23.openssl, HPSBHF03300, HPSBUX03162, MDVSA-2014:203, MDVSA-2015:062, NetBSD-SA2014-015, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1426-1, openSUSE-SU-2016:0640-1, RHSA-2014:1652-01, RHSA-2014:1653-01, RHSA-2014:1692-01, RHSA-2015:0126-01, SA87, SB10091, SOL15723, SP-CAAANST, SPL-91947, SPL-91948, SSA:2014-288-01, SSRT101767, STORM-2014-003, SUSE-SU-2014:1357-1, SUSE-SU-2014:1361-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, USN-2385-1, VIGILANCE-VUL-15490, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2.

Description of the vulnerability

The OpenSSL product implements a SSL/TLS/DTLS client/server.

When the server receives a session ticket, it checks its integrity. However, if this ticket is invalid, the memory allocated for its processing is never freed.

An attacker can therefore use a malicious Session Ticket, to create a memory leak in OpenSSL, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2014-3513

OpenSSL: memory leak via SRTP

Synthesis of the vulnerability

An attacker can create a memory leak in OpenSSL compiled by default with SRTP, in order to trigger a denial of service.
Impacted products: ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, FreeBSD, hMailServer, ProCurve Switch, HP Switch, AIX, Tivoli Workload Scheduler, MBS, McAfee Email and Web Security, McAfee Email Gateway, ePO, VirusScan, McAfee Web Gateway, NetBSD, OpenBSD, OpenSSL, openSUSE, Solaris, Puppet, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Creation date: 15/10/2014.
Identifiers: 1691140, 1696383, c04616259, CERTFR-2014-AVI-435, CERTFR-2014-AVI-509, CERTFR-2015-AVI-024, CVE-2014-3513, DSA-3053-1, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FreeBSD-SA-14:23.openssl, HPSBHF03300, MDVSA-2015:062, NetBSD-SA2014-015, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1426-1, RHSA-2014:1652-01, RHSA-2014:1653-01, RHSA-2014:1692-01, SA87, SB10091, SOL15722, SSA:2014-288-01, SUSE-SU-2014:1357-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, USN-2385-1, VIGILANCE-VUL-15489, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2.

Description of the vulnerability

The OpenSSL library supports the SRTP extension, which is enabled by default (except if OPENSSL_NO_SRTP is used).

However, when the OpenSSL server receives a special Handshake message (even if SRTP is not used), an allocated memory area of 64kb is never freed.

An attacker can therefore create a memory leak in OpenSSL compiled by default with SRTP, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2014-3566

SSL 3.0: decrypting session, POODLE

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information.
Impacted products: SES, SNS, Apache httpd, Arkoon FAST360, ArubaOS, Asterisk Open Source, BES, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ACE, ASA, AsyncOS, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, IronPort Email, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, WebNS, Clearswift Email Gateway, Clearswift Web Gateway, CUPS, Debian, Black Diamond, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, F-Secure AV, hMailServer, HPE BSM, HP Data Protector, HPE NNMi, HP Operations, ProCurve Switch, SiteScope, HP Switch, TippingPoint IPS, HP-UX, AIX, Security Directory Server, SPSS Data Collection, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, WS_FTP Server, IVE OS, Juniper J-Series, Junos OS, Junos Space, Junos Space Network Management Platform, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Domino, Notes, MBS, McAfee Email and Web Security, McAfee Email Gateway, ePO, VirusScan, McAfee Web Gateway, IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, Windows Vista, NETASQ, NetBSD, NetIQ Sentinel, NetScreen Firewall, ScreenOS, nginx, OpenSSL, openSUSE, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle Identity Management, Oracle OIT, Solaris, Tuxedo, WebLogic, Palo Alto Firewall PA***, PAN-OS, Polycom CMA, HDX, RealPresence Collaboration Server, RealPresence Distributed Media Application, Polycom VBP, Postfix, SSL protocol, Puppet, RHEL, JBoss EAP by Red Hat, RSA Authentication Manager, ROS, ROX, RuggedSwitch, Slackware, Spectracom SecureSync, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, WindRiver Linux.
Severity: 3/4.
Creation date: 15/10/2014.
Identifiers: 10923, 1589583, 1595265, 1653364, 1657963, 1663874, 1687167, 1687173, 1687433, 1687604, 1687611, 1690160, 1690185, 1690342, 1691140, 1692551, 1695392, 1696383, 1699051, 1700706, 2977292, 3009008, 7036319, aid-10142014, AST-2014-011, bulletinapr2015, bulletinjan2015, bulletinjan2016, bulletinjul2015, bulletinjul2016, bulletinoct2015, c04486577, c04487990, c04492722, c04497114, c04506802, c04510230, c04567918, c04616259, c04626982, c04676133, c04776510, CERTFR-2014-ALE-007, CERTFR-2014-AVI-454, CERTFR-2014-AVI-509, CERTFR-2015-AVI-169, CERTFR-2016-AVI-303, cisco-sa-20141015-poodle, cpujul2017, CTX216642, CVE-2014-3566, DSA-3053-1, DSA-3253-1, DSA-3489-1, ESA-2014-178, ESA-2015-098, ESXi500-201502001, ESXi500-201502101-SG, ESXi510-201503001, ESXi510-201503001-SG, ESXi510-201503101-SG, ESXi550-201501001, ESXi550-201501101-SG, FEDORA-2014-12989, FEDORA-2014-12991, FEDORA-2014-13012, FEDORA-2014-13017, FEDORA-2014-13040, FEDORA-2014-13069, FEDORA-2014-13070, FEDORA-2014-13444, FEDORA-2014-13451, FEDORA-2014-13764, FEDORA-2014-13777, FEDORA-2014-13781, FEDORA-2014-13794, FEDORA-2014-14234, FEDORA-2014-14237, FEDORA-2014-15379, FEDORA-2014-15390, FEDORA-2014-15411, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2015-9090, FEDORA-2015-9110, FreeBSD-SA-14:23.openssl, FSC-2014-8, HPSBGN03256, HPSBGN03305, HPSBGN03332, HPSBHF03156, HPSBHF03300, HPSBMU03152, HPSBMU03184, HPSBMU03213, HPSBMU03416, HPSBUX03162, HPSBUX03194, JSA10656, MDVSA-2014:203, MDVSA-2014:218, MDVSA-2015:062, NetBSD-SA2014-015, nettcp_advisory, openSUSE-SU-2014:1331-1, openSUSE-SU-2014:1384-1, openSUSE-SU-2014:1395-1, openSUSE-SU-2014:1426-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1586-1, openSUSE-SU-2017:0980-1, PAN-SA-2014-0005, POODLE, RHSA-2014:1652-01, RHSA-2014:1653-01, RHSA-2014:1692-01, RHSA-2014:1920-01, RHSA-2014:1948-01, RHSA-2015:0010-01, RHSA-2015:0011-01, RHSA-2015:0012-01, RHSA-2015:1545-01, RHSA-2015:1546-01, SA83, SB10090, SB10104, sk102989, SOL15702, SP-CAAANKE, SP-CAAANST, SPL-91947, SPL-91948, SSA:2014-288-01, SSA-396873, SSA-472334, SSRT101767, STORM-2014-02-FR, SUSE-SU-2014:1357-1, SUSE-SU-2014:1361-1, SUSE-SU-2014:1386-1, SUSE-SU-2014:1387-1, SUSE-SU-2014:1387-2, SUSE-SU-2014:1409-1, SUSE-SU-2015:0010-1, SUSE-SU-2016:1457-1, SUSE-SU-2016:1459-1, T1021439, TSB16540, USN-2839-1, VIGILANCE-VUL-15485, VMSA-2015-0001, VMSA-2015-0001.1, VMSA-2015-0001.2, VN-2014-003, VU#577193.

Description of the vulnerability

An SSL/TLS session can be established using several protocols:
 - SSL 2.0 (obsolete)
 - SSL 3.0
 - TLS 1.0
 - TLS 1.1
 - TLS 1.2

An attacker can downgrade the version to SSLv3. However, with SSL 3.0, an attacker can change the padding position with a CBC encryption, in order to progressively guess clear text fragments.

This vulnerability is named POODLE (Padding Oracle On Downgraded Legacy Encryption).

An attacker, located as a Man-in-the-Middle, can therefore decrypt a SSL 3.0 session, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2014-0160

OpenSSL: information disclosure via Heartbeat

Synthesis of the vulnerability

An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Impacted products: Tomcat, ArubaOS, i-Suite, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, ARCserve Backup, ASA, Cisco Catalyst, IOS XE Cisco, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Cisco IP Phone, Cisco Unity ~ precise, XenDesktop, MIMEsweeper, Clearswift Email Gateway, Clearswift Web Gateway, Debian, ECC, PowerPath, ArcGIS ArcView, ArcGIS for Desktop, ArcGIS for Server, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, HP Diagnostics, LoadRunner, Performance Center, AIX, WebSphere MQ, WS_FTP Server, IVE OS, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SA, Juniper UAC, LibreOffice, MBS, McAfee Email Gateway, ePO, GroupShield, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows 8, Windows RT, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, Opera, Solaris, pfSense, HDX, RealPresence Collaboration Server, Polycom VBP, Puppet, RHEL, RSA Authentication Manager, SIMATIC, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, ASE, OfficeScan, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware Player, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Creation date: 08/04/2014.
Identifiers: 1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951.

Description of the vulnerability

The Heartbeat extension of TLS (RFC 6520) provides a keep-alive feature, without performing a renegotiation. It exchanges random data in a payload.

Version 1.0.1 of OpenSSL implements Heartbeat, which is enabled by default. The [d]tls1_process_heartbeat() function manages Heartbeat messages. However, it does not check the size of random data, and continues to read after the end of the payload, and then sends the full memory area (up to 64kb) to the peer (client or server).

An attacker can therefore use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VirusScan: