Vulnerabilities Weekly Summary Ending August 18
By Jerry Adams on August 17, 2016
Ubuntu Security Notices regarding OpenSSH, OpenJDK and Fontconfig
Ubuntu released a few security notices this week regarding software affecting it’s operating systems:
OpenSSH
OpenSSH incorrectly handled password hashing when authenticating non-existing users which maybe exploited into a timing attack. Also OpenSSH did not limit password lengths which can cause a DoS attack (“USN-3061-1: OpenSSH vulnerabilities“, 2016 Aug. 15).
- CVE-2016-6210 – “User enumeration via covert timing channel”. (“CVE-2016-6210“, 2016 Aug. 8).
- CVE-2016-6515 – “The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.” (CVE.MITRE.org)
OpenJDK
Many vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability (“USN-3062-1: OpenJDK 7 vulnerabilities“, 2016 Aug. 16).
- CVE-2016-3458 – “Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.” (CVE.MITRE.org)
- CVE-2016-3500 – “Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.” (CVE.MITRE.org)
- CVE-2016-3508 – “Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. ” (CVE.MITRE.org)
- CVE-2016-3550 – “Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. ” (CVE.MITRE.org)
- CVE-2016-3598 – “Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.” (CVE.MITRE.org)
- CVE-2016-3606 – “Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.” (CVE.MITRE.org)
- CVE-2016-3610 – “Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.” (CVE.MITRE.org)
Fontconfig
Single vulnerability affecting Fontconfig which incorrectly handled cache files which may be exploited via a specially crafted cache file to allow a local attacker to elevate privileges (“USN-3063-1: Fontconfig vulnerability“, 2016 Aug. 17).
- CVE-2016-5384 – “fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.” (CVE.MITRE.org)
Juniper vulnerabilities affecting JunOS and SRX Series devices
- CVE-2016-1409 – “The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.” (CVE.MITRE.org) (“IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability…., 2016 Aug. 17).
- CVE-2016-1278 – “Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to “safe mode” authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the “request system software” command with the “partition” option.” (CVE.MITRE.org) (“2016-07 Security Bulletin: SRX Series: Upgrades using ‘partition’ option may allow unauthenticated root login…”, 2016 Aug. 17).
References
- (2016 Aug. 8). “CVE-2016-6210“. Canonical Ltd. Retrieved from http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6210.html
- (2016 Aug. 15). “USN-3061-1: OpenSSH vulnerabilities“. Canonical Ltd. Retrieved from http://www.ubuntu.com/usn/usn-3061-1/
- (2016 Aug. 16). “USN-3062-1: OpenJDK 7 vulnerabilities“. Canonical Ltd. Retrieved from http://www.ubuntu.com/usn/usn-3062-1/
- (2016 Aug. 17). “USN-3063-1: Fontconfig vulnerability”. Canonical Ltd. Retrieved from http://www.ubuntu.com/usn/usn-3063-1/
- (2016 Aug. 17). “IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (CVE-2016-1409)”. Juniper Networks, Inc. Retrieved from https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10749&cat=SECURITY_PRODUCTS&actp=LIST
- (2016 Aug. 17). “2016-07 Security Bulletin: SRX Series: Upgrades using ‘partition’ option may allow unauthenticated root login (CVE-2016-1278)”. Juniper Networks, Inc. Retrieved from https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753&cat=SECURITY_PRODUCTS&actp=LIST
- CVE.MITRE.org. CVE International in scope and free for public use in accordance with terms of use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.
Related Posts
-
CrushFTP CVE-2025-31161 Vulnerability
CrushFTP CVE-2025-31161 Vulnerability
4/11/2025 -
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
4/4/2025 -
Next.js Middleware CVE-2025-29927 Vulnerability
Next.js Middleware CVE-2025-29927 Vulnerability
4/4/2025