Computer Security
[EN] securityvulns.ru no-pyccku


HP ArcSight Enterprise Security Manager and Logger security vulnerabilities
Published:15.03.2015
Source:
SecurityVulns ID:14305
Type:remote
Threat Level:
5/10
Affected:HP : ArcSight Logger 6.01
 HP : ArcSight Enterprise Security Manager 6.8
CVE:CVE-2014-7885 (Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.)
 CVE-2014-7884 (Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN03249 rev.1 - HP ArcSight Enterprise Security Manager and Logger, Multiple Remote Vulnerabilities (15.03.2015)

Xen multiple security vulnerabilities
Published:15.03.2015
Source:
SecurityVulns ID:14307
Type:local
Threat Level:
6/10
Description:Information leakage, DoS, privilege escalation.
Affected:XEN : Xen 3.2
 XEN : Xen 4.5
CVE:CVE-2015-2151 (The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.)
 CVE-2015-2045 (The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.)
 CVE-2015-2044 (The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3181-1] xen security update (15.03.2015)

Linux kernel multiple security vulnerabilities
updated since 07.03.2015
Published:15.03.2015
Source:
SecurityVulns ID:14292
Type:library
Threat Level:
7/10
Description:DoS, information disclosure, privilege escalation.
Affected:LINUX : kernel 3.18
CVE:CVE-2015-1593 (The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.)
 CVE-2015-1465 (The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.)
 CVE-2015-1421 (Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.)
 CVE-2015-1420 (Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.)
 CVE-2015-0239 (The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.)
 CVE-2014-9683 (Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.)
 CVE-2014-9644 (The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.)
 CVE-2014-9585 (The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.)
 CVE-2014-9584 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.)
 CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.)
 CVE-2014-8160 (net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.)
 CVE-2014-8159 (The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.)
 CVE-2014-7822 (The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.)
 CVE-2013-7421 (The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.)
Original documentdocumentUBUNTU, [USN-2530-1] Linux kernel vulnerability (15.03.2015)
 documentUBUNTU, [USN-2511-1] Linux kernel vulnerabilities (07.03.2015)
 documentHector Marco, CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four (07.03.2015)
 documentDEBIAN, [SECURITY] [DSA 3170-1] linux security update (07.03.2015)

eCryptfs crypto vulnerabilities
Published:15.03.2015
Source:
SecurityVulns ID:14308
Type:local
Threat Level:
4/10
Description:Passphrase hash is stored without salt.
Affected:ECRYPTFS : ecryptfs 3.4
CVE:CVE-2014-9687 (eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.)
Original documentdocumentUBUNTU, [USN-2524-1] eCryptfs vulnerability (15.03.2015)

libssh2 DoS
Published:15.03.2015
Source:
SecurityVulns ID:14309
Type:library
Threat Level:
5/10
Description:Uninitialized memory access in SSH client code.
Affected:LIBSSH : libssh 1.4
CVE:CVE-2015-1782 (The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3182-1] libssh2 security update (15.03.2015)

GnuPG / libgcrypt multiple security vulnerabilities
updated since 15.03.2015
Published:09.04.2015
Source:
SecurityVulns ID:14304
Type:library
Threat Level:
6/10
Description:Use-after-free, backside channels information disclosure.
Affected:GNU : GnuPG 1.4
CVE:CVE-2015-1607
 CVE-2015-1606
 CVE-2015-0837
 CVE-2014-3591
Original documentdocumentUBUNTU, [USN-2554-1] GnuPG vulnerabilities (09.04.2015)
 documentDEBIAN, [SECURITY] [DSA 3184-1] gnupg security update (15.03.2015)

Apache multiple security vulnerabilities
updated since 15.03.2015
Published:16.04.2015
Source:
SecurityVulns ID:14306
Type:remote
Threat Level:
6/10
Description:mod_headers restrictions bypass, mod_cache DoS, mod_lua restrictions bypass and DoS, mod_proxy_fcgi DoS, mod_gnutls restrictions bypass.
Affected:APACHE : Apache 2.4
CVE:CVE-2015-2091 (The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.)
 CVE-2015-0228 (The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.)
 CVE-2014-8109 (mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.)
 CVE-2014-3583 (The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.)
 CVE-2014-3581 (The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.)
 CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such.")
Original documentdocumentNicholas Lemonias., Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information Security Corp (16.04.2015)
 documentNicholas Lemonias., Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c (16.04.2015)
 documentDEBIAN, [SECURITY] [DSA 3177-1] mod-gnutls security update (15.03.2015)
 documentUBUNTU, [USN-2523-1] Apache HTTP Server vulnerabilities (15.03.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod