Vulnerability Note VU#457759 glibc vulnerable to stack buffer overflow in DNS resolver Original Release date: 17 Feb 2016 | Last revised: 18 Feb 2016 Overview GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code. Description CWE-121 : Stack-based Buffer Overflow – CVE-2015-7547 According to a Google security blog post : “The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.” According to glibc developers, the vulnerable code was initially added in May 2008 as part of the development for glibc 2.9.
Vulnerability Note VU#916896 Oracle Outside In 8.5.2 contains multiple stack buffer overflows Original Release date: 20 Jan 2016 | Last revised: 20 Jan 2016 Overview Oracle Outside In versions 8.5.2 and earlier contain stack buffer overflow vulnerabilities in the parsers for WK4, Doc, and Paradox DB files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Vulnerability Note VU#456088 OpenSSH Client contains a client information leak vulnerability and buffer overflow Original Release date: 14 Jan 2016 | Last revised: 14 Jan 2016 Overview OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations.
Vulnerability Note VU#630239 Epiphany Cardio Server version 3.3 is vulnerable to SQL and LDAP injection Original Release date: 01 Dec 2015 | Last revised: 01 Dec 2015 Overview The Epiphany Cardio Server prior to version 4.0 is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights. Description Epiphany Cardio Server version 3.3 was reported as being vulnerable to the following issues: CWE-89 : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) – CVE-2015-6537 A SQL command may be inserted into the login page URL, causing the unauthenticated user to be logged in as an administrator. CWE-90 : Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’) – CVE-2015-6538 An LDAP query may be inserted into the login page URL, causing Cardio Server to perform an LDAP query to the IP address of the attacker’s choice
Vulnerability Note VU#966927 HP Client Autiomation and Radia Client Automation is vulnerable to remote code execution Original Release date: 20 Oct 2015 | Last revised: 20 Oct 2015 Overview Radia Client Automation (previously sold under the name HP Client Automation) agent prior to version 9.1 is vulnerable to arbitrary remote code execution. Description According to ZDI’s advisory for ZDI-15-363 , which has been assigned CVE-2015-7860: ” This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability.
Vulnerability Note VU#935424 Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability Original Release date: 20 Oct 2015 | Last revised: 20 Oct 2015 Overview Multiple vendor’s implementations of Virtual Machine Monitors (VMM) are vulnerable to a memory deduplication attack. Description As reported in the “Cross-VM ASL INtrospection (CAIN)” paper, an attacker with basic user rights within the attacking Virtual Machine (VM) can leverage memory deduplication within Virtual Machine Monitors (VMM)
Vulnerability Note VU#804060 Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information Original Release date: 24 Sep 2015 | Last revised: 24 Sep 2015 Overview RFC 6265 (previously RFC 2965) established HTTP State Management, also known as “cookies”. In most web browser implementations of RFC 6265, cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information. Description HTTP cookies have long been known to lead to potential security issues when managing HTTP state
Vulnerability Note VU#209512 Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities Original Release date: 11 Aug 2015 | Last revised: 11 Aug 2015 Overview Mobile Devices C4 OBD2 dongle, and potentially other rebranded devices, contains multiple vulnerabilities Description The Mobile Devices C4 OBD2 dongle is the base model for several rebranded consumer devices, such as the Metromile pay-by-mile insurance dongle. These devices are plugged into a vehicle’s on-board diagnostics port (OBD-II), usually located under the wheel. The device itself contains a GPS receiver, cellular chip, and on board microprocessors
VMware has issued a security bulletin regarding a privilege escalation attack affecting VMware 10 and 11, Player 6,7 and VMware Horizon Client for Windows prior to version 5.4.2 http://www.vmware.com/security/advisories/VMSA-2015-0005.html Summary VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability. 2. Relevant Releases VMware Workstation for Windows 11.x prior to version 11.1.1 VMware Workstation for Windows 10.x prior to version 10.0.7 VMware Player for Windows 7.x prior to version 7.1.1 VMware Player for Windows 6.x prior to version 6.0.7 VMware Horizon Client for Windows (with Local Mode Option) prior to version 5.4.2 3
Vulnerability Note VU#591120 Multiple SSL certificate authorities use email addresses as proof of domain ownership Original Release date: 27 Mar 2015 | Last revised: 27 Mar 2015 Overview Multiple SSL certificate authorities may issue certificates to a customer based solely on the control of certain email addresses.