The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WindRiver VxWorks

vulnerability note CVE-2014-5209

NTP.org: information disclosure via GET_RESTRICT

Synthesis of the vulnerability

An attacker can use the GET_RESTRICT private message of NTP.org, in order to obtain sensitive information.
Impacted products: BIG-IP Hardware, TMOS, AIX, Meinberg NTP Server, NTP.org, VxWorks.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 03/08/2016.
Identifiers: CVE-2014-5209, SOL44942017, VIGILANCE-VUL-20304.

Description of the vulnerability

The NTP.org product implements the GET_RESTRICT private query (on XNTPD_OLD and XNTPD), which obtains the list of servers with restrictions.

However, an attacker can use this list to obtain IP addresses.

An attacker can therefore use the GET_RESTRICT private message of NTP.org, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-2775

ISC BIND: infinite loop via lwresd

Synthesis of the vulnerability

An attacker can generate an infinite loop via lwresd of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, Fedora, HP-UX, AIX, BIND, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, VxWorks.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 19/07/2016.
Identifiers: AA-01393, bulletinjul2016, c05321107, CVE-2016-2775, DLA-645-1, FEDORA-2016-007efacd1c, FEDORA-2016-2941b3264e, FEDORA-2016-3fba74e7f5, FEDORA-2016-53f0c65f40, openSUSE-SU-2017:1063-1, RHSA-2017:2533-01, SSA:2016-204-01, SUSE-SU-2017:0998-1, SUSE-SU-2017:0999-1, SUSE-SU-2017:1027-1, VIGILANCE-VUL-20144.

Description of the vulnerability

The ISC BIND product implements the "lightweight resolver protocol" in the lwresd daemon, or in named when named.conf contains the "lwres" section.

However, if getrrsetbyname() is called to resolve a long relative name (combined with a search list entry), an infinite recursion occurs in lwresd/lwres.

An attacker can therefore generate an infinite loop via lwresd of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-4953 CVE-2016-4954 CVE-2016-4955

NTP.org: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Cisco ACE, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco MeetingPlace, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Meinberg NTP Server, Data ONTAP, NTP.org, openSUSE, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 5.
Creation date: 03/06/2016.
Identifiers: 9010095, bulletinapr2016, CERTFR-2016-AVI-209, cisco-sa-20160603-ntpd, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957, FEDORA-2016-89e0874533, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:24.ntp, hpesbhf03757, ICSA-16-175-03, K03331206, K64505405, K82644737, NTAP-20160722-0001, openSUSE-SU-2016:1583-1, openSUSE-SU-2016:1636-1, SOL03331206, SSA:2016-155-01, SUSE-SU-2016:1563-1, SUSE-SU-2016:1568-1, SUSE-SU-2016:1584-1, SUSE-SU-2016:1602-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-19790, VU#321640.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can force ntpd to use "interleaved" mode, in order to trigger a denial of service. [severity:1/4; CVE-2016-4956, VU#321640]

An attacker can send a spoofed CRYPTO_NAK packet, in order to trigger a denial of service. [severity:1/4; CVE-2016-4955, VU#321640]

An attacker can send spoofed packets, in order to partially corrupt the state ot the target server. [severity:1/4; CVE-2016-4954, VU#321640]

An attacker can send a malicious CRYPTO-NAK packet, in order to invalidate the cryptographic protection layer. [severity:1/4; CVE-2016-4953, VU#321640]

An attacker can send a malicious CRYPTO-NAK packet, the validity of which is wrongly checked, in order to trigger a denial of service. [severity:3/4; CVE-2016-4957, VU#321640]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-2105 CVE-2016-2106 CVE-2016-2107

OpenSSL: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: SDS, SES, SNS, Tomcat, Mac OS X, StormShield, Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, Android OS, HP Operations, HP Switch, AIX, IRAD, QRadar SIEM, IBM System x Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, MariaDB ~ precise, McAfee NSM, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP, NETASQ, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, pfSense, Pulse Connect Secure, Puppet, Python, RHEL, JBoss EAP by Red Hat, SAS Management Console, Shibboleth SP, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, VxWorks, X2GoClient.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 03/05/2016.
Identifiers: 1982949, 1985850, 1987779, 1993215, 1995099, 1998797, 2003480, 2003620, 2003673, 510853, 9010083, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-151, CERTFR-2016-AVI-153, CERTFR-2018-AVI-160, cisco-sa-20160504-openssl, cpuapr2017, cpujan2018, cpujul2016, cpujul2017, cpujul2018, cpuoct2016, cpuoct2017, cpuoct2018, CTX212736, CTX233832, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, DLA-456-1, DSA-3566-1, ESA-2017-142, FEDORA-2016-05c567df1a, FEDORA-2016-1e39d934ed, FEDORA-2016-e1234b65a2, FG-IR-16-026, FreeBSD-SA-16:17.openssl, HPESBGN03728, HPESBHF03756, HT206903, JSA10759, K23230229, K36488941, K51920288, K75152412, K93600123, MBGSA-1603, MIGR-5099595, MIGR-5099597, NTAP-20160504-0001, openSUSE-SU-2016:1237-1, openSUSE-SU-2016:1238-1, openSUSE-SU-2016:1239-1, openSUSE-SU-2016:1240-1, openSUSE-SU-2016:1241-1, openSUSE-SU-2016:1242-1, openSUSE-SU-2016:1243-1, openSUSE-SU-2016:1273-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:0487-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2016:0722-01, RHSA-2016:0996-01, RHSA-2016:1137-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, RHSA-2016:2073-01, SA123, SA40202, SB10160, SOL23230229, SOL36488941, SOL51920288, SOL75152412, SP-CAAAPPQ, SPL-119440, SPL-121159, SPL-123095, SSA:2016-124-01, STORM-2016-002, SUSE-SU-2016:1206-1, SUSE-SU-2016:1228-1, SUSE-SU-2016:1231-1, SUSE-SU-2016:1233-1, SUSE-SU-2016:1267-1, SUSE-SU-2016:1290-1, SUSE-SU-2016:1360-1, SUSE-SU-2018:0112-1, TNS-2016-10, USN-2959-1, VIGILANCE-VUL-19512, VN-2016-006, VN-2016-007.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. This vulnerability was initially fixed in versions 1.0.1o and 1.0.2c, but it was not disclosed at that time. [severity:3/4; CVE-2016-2108]

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. [severity:3/4; CVE-2016-2107]

An attacker can generate a buffer overflow in EVP_EncodeUpdate(), which is mainly used by command line applications, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2105]

An attacker can generate a buffer overflow in EVP_EncryptUpdate(), which is difficult to reach, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2106]

An attacker can trigger an excessive memory usage in d2i_CMS_bio(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2109]

An attacker can force a read at an invalid address in applications using X509_NAME_oneline(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-2176]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-0702 CVE-2016-0705 CVE-2016-0797

OpenSSL: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, XenServer, Debian, PowerPath, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, HP Switch, AIX, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, WebSphere MQ, Juniper J-Series, Junos OS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, McAfee Web Gateway, Meinberg NTP Server, Data ONTAP, Snap Creator Framework, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, Puppet, RHEL, JBoss EAP by Red Hat, ROX, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu, VxWorks, WinSCP, X2GoClient.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 01/03/2016.
Revision date: 07/03/2016.
Identifiers: 000008897, 046178, 046208, 1979498, 1979602, 1987779, 1993210, 2003480, 2003620, 2003673, 2012827, 2013020, 2014202, 2014651, 2014669, 2015080, 2016039, 7043086, 9010066, 9010067, 9010072, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CTX208403, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842, DSA-3500-1, ESA-2016-080, FEDORA-2016-2802690366, FEDORA-2016-e1234b65a2, FEDORA-2016-e6807b3394, FreeBSD-SA-16:12.openssl, HPESBHF03741, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10722, JSA10759, K22334603, K52349521, K93122894, MBGSA-1602, NTAP-20160301-0001, NTAP-20160303-0001, NTAP-20160321-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:1211-1, openSUSE-SU-2017:1212-1, PAN-SA-2016-0020, PAN-SA-2016-0028, PAN-SA-2016-0030, RHSA-2016:0301-01, RHSA-2016:0302-01, RHSA-2016:0303-01, RHSA-2016:0304-01, RHSA-2016:0305-01, RHSA-2016:0306-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, RHSA-2016:1519-01, RHSA-2016:2073-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA117, SA40168, SB10156, SOL22334603, SOL40524634, SOL52349521, SOL79215841, SOL93122894, SSA:2016-062-02, SSA-623229, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2016-03, USN-2914-1, VIGILANCE-VUL-19060, VN-2016-004, VU#583776.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle on a server supporting SSLv2 and EXPORT ciphers (this configuration is considered as weak since several years), in order to read or write data in the session. [severity:2/4; CVE-2016-0800, VU#583776]

An attacker can force the usage of a freed memory area when OpenSSL processes a DSA private key (this scenario is rare), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0705]

An attacker can read a memory fragment via SRP_VBASE_get_by_user, in order to obtain sensitive information. [severity:1/4; CVE-2016-0798]

An attacker can force a NULL pointer to be dereferenced in BN_hex2bn(), in order to trigger a denial of service. [severity:1/4; CVE-2016-0797]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the BIO_*printf() functions, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-0799]

An attacker can use cache conflicts on Intel Sandy-Bridge, in order to obtain RSA keys. [severity:1/4; CVE-2016-0702]

An attacker can use a very large string (size INT_MAX), to generate a memory corruption in the internal doapr_outch() function, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2842]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-0703 CVE-2016-0704

OpenSSL: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, BIG-IP Hardware, TMOS, FreeBSD, HP Switch, IRAD, Juniper J-Series, Junos OS, Junos Space, Juniper Network Connect, NSM Central Manager, NSMXpress, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, Pulse Connect Secure, Pulse Secure Client, Pulse Secure SBR, RHEL, SUSE Linux Enterprise Desktop, SLES, Nessus, VxWorks.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/03/2016.
Identifiers: 046178, 046208, 1979498, 9010067, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CVE-2016-0703, CVE-2016-0704, FreeBSD-SA-16:12.openssl, HPESBHF03741, JSA10759, NTAP-20160303-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0720-1, PAN-SA-2016-0030, RHSA-2016:0372-01, SA117, SA40168, SOL95463126, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, VIGILANCE-VUL-19061.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

The 2_srvr.c file did not enforce that clear-key-length is zero for non-export ciphers, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0703]

The 2_srvr.c file overwrite some byte dur the Bleichenbacher protection, so an attacker can act as a Man-in-the-Middle on SSLv2, in order to read or write data in the session. [severity:2/4; CVE-2016-0704]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3197

OpenSSL: using disabled SSLv2 ciphers

Synthesis of the vulnerability

An attacker can connect to a SSLv2 server with disabled ciphers in OpenSSL, in order to create a TLS session which is not secure.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Brocade Network Advisor, Brocade vTM, ASA, AsyncOS, Cisco ESA, Cisco IPS, Nexus by Cisco, NX-OS, Cisco CUCM, Cisco Manager Attendant Console, Cisco IP Phone, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Tivoli Storage Manager, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee Email Gateway, Data ONTAP, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Puppet, RHEL, JBoss EAP by Red Hat, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, VxWorks, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 28/01/2016.
Identifiers: 2003480, 2003620, 2003673, 9010060, BSA-2016-004, bulletinjan2016, c05390893, CERTFR-2016-AVI-041, cisco-sa-20160129-openssl, cpuoct2016, cpuoct2017, CVE-2015-3197, FEDORA-2016-527018d2ff, FEDORA-2016-e1234b65a2, FreeBSD-SA-16:11.openssl, HPESBHF03703, JSA10759, NTAP-20160201-0001, openSUSE-SU-2016:0362-1, openSUSE-SU-2016:0442-1, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, SA111, SB10203, SOL33209124, SOL64009378, SSA:2016-034-03, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, VIGILANCE-VUL-18837, VN-2016-002.

Description of the vulnerability

The OpenSSL library disables by default SSLv2, excepted if the SSL_OP_NO_SSLv2 option is used.

SSLv2 cipher algorithms can be disabled on the server. However, a malicious client can still use these algorithms.

An attacker can therefore connect to a SSLv2 server with disabled ciphers in OpenSSL, in order to create a TLS session which is not secure.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0701

OpenSSL: obtaining private exponent via DH Small Subgroups

Synthesis of the vulnerability

In some special configurations, an attacker can find the private DH exponent of the OpenSSL peer, in order to decrypt other sessions.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, ASA, AsyncOS, Cisco ESA, Cisco IPS, Nexus by Cisco, NX-OS, Cisco CUCM, Cisco Manager Attendant Console, Cisco IP Phone, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, HP Switch, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, Data ONTAP, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE, Oracle Communications, Solaris, Puppet, stunnel, Ubuntu, VxWorks.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Creation date: 28/01/2016.
Identifiers: 1979602, 2003480, 2003620, 2003673, 9010060, BSA-2016-005, bulletinjan2018, c05390893, CERTFR-2016-AVI-041, cisco-sa-20160129-openssl, cpuoct2017, CVE-2016-0701, FEDORA-2016-527018d2ff, HPESBHF03703, JSA10759, NTAP-20160201-0001, openSUSE-SU-2016:0637-1, SA111, SOL33209124, SOL64009378, USN-2883-1, VIGILANCE-VUL-18836, VN-2016-002, VU#257823.

Description of the vulnerability

Since version 1.0.2, the OpenSSL library can generate DH unsafe parameters of style X9.42 (subgroup size "q"), to support the RFC 5114.

In this case, an attacker can find the private DH exponent of the peer, if the DH key is reused. The DH key is reused in the following cases:
 - SSL_CTX_set_tmp_dh() or SSL_set_tmp_dh() is used without the option SSL_OP_SINGLE_DH_USE set, which is rare.
 - SSL_CTX_set_tmp_dh_callback() or SSL_set_tmp_dh_callback() is used in an undocumented mode.
 - Static DH ciphersuites are used.

In some special configurations, an attacker can therefore find the private DH exponent of the OpenSSL peer, in order to decrypt other sessions.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-7599

Wind River VxWorks: integer overflow of RPC

Synthesis of the vulnerability

An attacker can generate an integer overflow in the RPC service of Wind River VxWorks, in order to trigger a denial of service, and possibly to run code.
Impacted products: VxWorks.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 16/12/2015.
Identifiers: CVE-2015-7599, VIGILANCE-VUL-18540.

Description of the vulnerability

The Wind River VxWorks product offers a RPC service.

However, if an integer is too large, it overflows in sym.svcauthsw, and an allocated memory area is too short.

An attacker can therefore generate an integer overflow in the RPC service of Wind River VxWorks, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-7691 CVE-2015-7692 CVE-2015-7701

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: ArubaOS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco Unity ~ precise, Debian, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, McAfee Web Gateway, Meinberg NTP Server, NetBSD, NTP.org, openSUSE, openSUSE Leap, Solaris, pfSense, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 16.
Creation date: 22/10/2015.
Identifiers: 045915, ARUBA-PSA-2015-010, BSA-2016-004, BSA-2016-005, bulletinjan2016, c05270839, CERTFR-2015-AVI-449, CERTFR-2018-AVI-545, cisco-sa-20151021-ntp, CVE-2015-5196-REJECT, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871, DSA-3388-1, FEDORA-2015-77bfbc1bcd, FEDORA-2016-34bc10a2c8, FreeBSD-SA-15:25.ntp, HPSBHF03646, JSA10711, JSA10898, NetBSD-SA2016-001, ntp_advisory4, openSUSE-SU-2015:2016-1, openSUSE-SU-2016:1423-1, RHSA-2015:1930-01, RHSA-2015:2520-01, RHSA-2016:0780-01, RHSA-2016:2583-02, SA103, SB10164, SOL10600056, SOL17515, SOL17516, SOL17517, SOL17518, SOL17521, SOL17522, SOL17524, SOL17525, SOL17526, SOL17527, SOL17528, SOL17529, SOL17530, SOL17566, SSA:2015-302-03, SSA-396873, SSA-472334, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, Synology-SA-18:13, Synology-SA-18:14, TALOS-2015-0052, TALOS-2015-0054, TALOS-2015-0055, TALOS-2015-0062, TALOS-2015-0063, TALOS-2015-0064, TALOS-2015-0065, TALOS-2015-0069, USN-2783-1, VIGILANCE-VUL-18162, VN-2015-009.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can bypass the authentication in crypto-NAK, in order to escalate his privileges. [severity:3/4; CVE-2015-7871, TALOS-2015-0069]

An attacker can trigger a fatal error in decodenetnum, in order to trigger a denial of service. [severity:2/4; CVE-2015-7855]

An attacker can generate a buffer overflow in Password, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7854, TALOS-2015-0065]

An attacker can generate a buffer overflow in refclock, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7853, TALOS-2015-0064]

An attacker can generate a memory corruption in atoascii, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7852, TALOS-2015-0063]

An attacker can traverse directories in saveconfig, in order to read a file outside the root path. [severity:2/4; CVE-2015-7851, TALOS-2015-0062]

An attacker can trigger a fatal error in logfile-keyfile, in order to trigger a denial of service. [severity:2/4; CVE-2015-7850, TALOS-2015-0055]

An attacker can force the usage of a freed memory area in Trusted Key, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7849, TALOS-2015-0054]

An attacker can force a read at an invalid address with a Mode packet, in order to trigger a denial of service. [severity:2/4; CVE-2015-7848, TALOS-2015-0052]

An attacker can create a memory leak in CRYPTO_ASSOC, in order to trigger a denial of service. [severity:2/4; CVE-2015-7701]

An authenticated attacker can use pidfile/driftfile, to corrupt a file with its privileges (VIGILANCE-VUL-17747). [severity:2/4; CVE-2015-5196-REJECT, CVE-2015-7703]

An attacker can trigger a fatal error in the ntp client, in order to trigger a denial of service. [severity:2/4; CVE-2015-7704]

An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2015-7705]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7691]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7692]

An unknown vulnerability was announced in Autokey. [severity:2/4; CVE-2015-7702]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WindRiver VxWorks: