CVE-2015-6125
published 2015-12-09CVE-2015-6125: Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute…
PriorityP258critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
29.61%
98.0th percentile
Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Use After Free Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-26g4-3p64-cvvp: Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to
ghsa_unreviewed·2022-05-14
CVE-2015-6125 [HIGH] GHSA-26g4-3p64-cvvp: Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to
Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Use After Free Vulnerability."
Red Hat
ruby: OpenSSL extension hostname matching implementation violates RFC 6125
vendor_redhat·2015-03-30·CVSS 5.9
CVE-2015-1855 [MEDIUM] CWE-297 ruby: OpenSSL extension hostname matching implementation violates RFC 6125
ruby: OpenSSL extension hostname matching implementation violates RFC 6125
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
It was discovered that the Ruby OpenSSL extension was overly permissive when verifying host names against X.509 certificate names with wildcards. This could cause Ruby TLS/SSL clients to accept certain certificates as valid, which is a violation of the RFC 6125 recommendations.
Package: ruby193-ruby (CloudForms Management Engine 5.2) - Affected
Package: ruby (Red Hat Enter
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - December 2015
blogs_talos·2015-12-08·CVSS 5.0
[MEDIUM] Microsoft Patch Tuesday - December 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 71 vulnerabilities. Eight bulletins are rated "Critical" this month and address vulnerabilities in Graphics Component, Edge, Internet Explorer, Office, Silverlight, Uniscribe, and VBScript. The other four bulletins are rated "Important" and address vulnerabilities in Kernel Mode Drivers, Media Center, Windows, and Windows PGM.
### Bulletins Rated Critical MS15-124, MS15-125, MS15-126, MS15-127, MS15-128, MS15-129, MS15-130, and MS15-131 are rated as Critical.
MS15-124 and MS15-125 are this month's Edge and Internet Explorer security bulletin respectively. In total, 34 vulnerabilit
Talos
Microsoft Patch Tuesday - December 2015
blogs_talos·2015-12-08·CVSS 5.0
[MEDIUM] Microsoft Patch Tuesday - December 2015
## Microsoft Patch Tuesday - December 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 71 vulnerabilities. Eight bulletins are rated "Critical" this month and address vulnerabilities in Graphics Component, Edge, Internet Explorer, Office, Silverlight, Uniscribe, and VBScript. The other four bulletins are rated "Important" and address vulnerabilities in Kernel Mode Drivers, Media Center, Windows, and Windows PGM.
## Bulletins Rated Critical MS15-124, MS15-125, MS15-126, MS15-127, MS15-128, MS15-129, MS15-130, and MS15-131 are rated as Critical.
MS15-124 and MS15-125 are this month's Edge and Internet Explorer security bulle
Bugzilla
CVE-2015-7826 botan: acceptance of invalid certificate names
bugzilla·2016-02-24·CVSS 9.8
CVE-2015-7826 [CRITICAL] CVE-2015-7826 botan: acceptance of invalid certificate names
CVE-2015-7826 botan: acceptance of invalid certificate names
RFC 6125 specifies how to match a X.509v3 certificate against a DNS name for application usage.
Otherwise valid certificates using wildcards would be accepted as matching certain hostnames they should not according to RFC 6125. For example a certificate issued for ‘*.example.com’ should match ‘foo.example.com’ but not ‘example.com’ or ‘bar.foo.example.com’. Previously Botan would accept such a certificate as valid for ‘bar.foo.example.com’.
RFC 6125 also requires that when matching a X.509 certificate against a DNS name, the CN entry is only compared if no subjectAlternativeName entry is available. Previously X509_Certificate::matches_dns_name would always check both names.
External references:
http://botan.randombit.net/sec
Bugzilla
CVE-2015-1855 ruby: OpenSSL extension hostname matching implementation violates RFC 6125
bugzilla·2015-04-08·CVSS 4.3
CVE-2015-1855 [MEDIUM] CVE-2015-1855 ruby: OpenSSL extension hostname matching implementation violates RFC 6125
CVE-2015-1855 ruby: OpenSSL extension hostname matching implementation violates RFC 6125
Ruby OpenSSL hostname matching implementation violates RFC 6125.
- Wildcard matching code allowed multiple wildcards (e.g. *.*.*)
- Wildcards were mishandled for IDNA names (ala CVE-2014-1492)
Upstream patch:
https://github.com/ruby/openssl/commit/e9a7bcb8bf2902f907c148a00bbcf21d3fa79596
Discussion:
Created ruby tracking bugs for this issue:
Affects: fedora-all [bug 1209982]
---
Fixed upstream in Ruby versions: 2.0.0p645, 2.1.6, and 2.2.2
Upstream bug report:
https://bugs.ruby-lang.org/issues/9644
Upstream commit in ruby SVN:
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=50292
External References:
https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matchin
2015-12-09
Published