AusCERT - Security Bulletins

Subscribe to AusCERT - Security Bulletins hírcsatorna
AusCERT Security Bulletins contain information about threats, vulnerabilities, patches and workarounds of an IT security nature that AusCERT believes would be of interest to our members (and the public).
Frissítve: 20 perc 12 másodperc
2017. június 26.

(26/06/2017) ESB-2017.1598 - [Debian] expat: Denial of service - Remote with user interaction

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1598 expat security update 26 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: expat Publisher: Debian Operating System: Debian GNU/Linux 9 Debian GNU/Linux 8 Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-9233 CVE-2016-9063 Reference: ASB-2016.0107 Original Bulletin: http://www.debian.org/security/2017/dsa-3898 --------------------------BEGIN INCLUDED TEXT-------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3898-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2016-9063 CVE-2017-9233 Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. CVE-2017-9233 Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. For the oldstable distribution (jessie), these problems have been fixed in version 2.1.0-6+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 2.2.0-2+deb9u1. For the stable distribution (stretch), CVE-2016-9063 was already fixed before the initial release. For the testing distribution (buster), these problems have been fixed in version 2.2.1-1 or earlier version. For the unstable distribution (sid), these problems have been fixed in version 2.2.1-1 or earlier version. We recommend that you upgrade your expat packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllPu2xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QizA//Wp2hSrXtkneSAlLbQb4sZ7I0t2YI/8oDEURDiT8mIP7Gh0lUGFgamIuv cQrODrz2TT2duCXLc7eNpnPNwESwza3sH0hnwbodrvevsv9Q2sjbyNAMkqpjxgXT UUJqRKZLJNM0KMVLpch2+MT3lQadtMQ2ycvtR3ZfQP80v2/LAFL/HoHYXTiVUBTX CCP6k7V9JRhDPhJDUXNT7XFBofqHRleXIMEKpShpuVWcVEgwvg6uSGgwUJzI+Ein 1f865XK10EjZGI0OcJWBrQGPhT5a1dVnLdYLfrgXhivYT0zoIpbuk9A/q4haUidU rLXI8MMB2ENtzPul6xuxBFeIinQqyYfz2O1mAo0YUiX+1k1KcFXEEnzfH+jXY006 yfLeRKqPj5yxc+ifcCqyvVsvRhBrVgYXH//cFXGIC91+0xHtTzcJMhIE2cbDbclY AG7nSH0O8PSW+UGQS+gQ9APSzWzCDLrWjMKrThqMSXRxcIbZiR+UickBZOyoc1+q /OUidu5gCqm5x+r4dVa5EjSH5IY/X2l3yypa1YtyT1MA2sqPBWEOitL2WuwUBv3X 4bBJcr+lfoLr3POX5yjL9gG1l2Wz4Ox46iWBUAW/VLgfpXukjKHBt6N8H6H4E6Ur tKC3fWH6sMLUrfQlpDyWyxrLRsDmzCvQBjUj9nEYhmaotALAups= =7QAw -----END PGP SIGNATURE----- --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWVB30ox+lLeg9Ub1AQjL2RAAoeOhyjqZef35D5Y5ucglUxGRSKb+UI7c chccKJFicsvZx0XJ62TN4v5lXpUvfEvMVMmjNcDKwb0cOc8PHsMDIs5u5j1Sdq1m UQPEACRbudM/I8ILKQEux3993v3QfWbPVgcOBLI5jXsGylpD/w3I5Z9U0xEv+/yr 6vTW4tbDh5eQJ8T3oVQZ+AdVG1/f9HhTW40ZRcyf02uzBLVZ2Yi0HdqcidnIeRNa umLiJXNSMydVPd363r/5wPtZgLcqDMObg+/XzkYDAit8iKX6Ib1R24FpwE/N0jW5 E5UBrJtg/vJ9eJXP+as3OiXnY09Qkj8mBin20m7Mwd7KLaGwvx4QY1FB0VTHLnVG AvIHpS+ZC/E3bj6rC5t/RgXyccsCwZVTO6w/X3MhNifO9rD/b29Ja2OEGurXc/aW 2GcsFT60CJi5lY88+HUvSqFRy7NbGbBRJsfkZlTfk/ZnA9zYsgbx0aMp9vSCtrzu QRe1+g8d0bqSebgZoSzBGdKphfkfz822
2017. június 26.

(26/06/2017) ESB-2017.1597 - [Win][UNIX] drupal7: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1597 drupal7 security update 26 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: drupal7 Publisher: Debian Operating System: Windows UNIX specific Impact/Access: Provide Misleading Information -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-6922 CVE-2015-7943 Reference: ESB-2017.1559 Original Bulletin: http://www.debian.org/security/2017/dsa-3897 --------------------------BEGIN INCLUDED TEXT-------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3897-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal7 CVE ID : CVE-2015-7943 CVE-2017-6922 Debian Bug : 865498 Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability. More information can be found at https://www.drupal.org/SA-CORE-2015-004 CVE-2017-6922 Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files uploaded by anonymous users into a private file system can be accessed by other anonymous users leading to an access bypass vulnerability. More information can be found at https://www.drupal.org/SA-CORE-2017-003 For the oldstable distribution (jessie), these problems have been fixed in version 7.32-1+deb8u9. For the stable distribution (stretch), these problems have been fixed in version 7.52-2+deb9u1. For the stable distribution (stretch), CVE-2015-7943 was already fixed before the initial release. We recommend that you upgrade your drupal7 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllN9+FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RsPw/+OI+sKb7Tug9hTpQSFiBNVkBqUCd3pvBofmVvu+peF/YTIL6iY/b9Gi5o Q86Jzj9Fnnv8rRVgVDuWWsUMi+hOcu8DzUEiEFB181rsU52xJX+CI5jvgjTRqr3R JFC8iGEELc09bUccmfBzujYx7XvUkUrodhjxhdphfi2cLIs9l10RYZGQZMpKTG8A MzC60GUCCWLbn20pvS2FgLPQSbMatS6kfT76xU7v2zpI78UDhuefqD9cFCqMNpA8 7sYyqIp+cLSS4abzfQFPjzbxqrsRlRwyS5WRIbFwxGefBJWDigDEOgwmAvjiHC17 lv6j7dgzdzJaGmsVdGjiKnG8GXMly5Jk7zA+c52LEkm9d5HsYX6mXwF6XLJypQT3 jDBpmBzyuZvBs8fZNNOv2Ym5X81BSDRx4LvFGMrkfrucZ6GEIHtxs4gPN4n/nfy8 +yhWG7tPqhnQQTyEV1aSBK5h0YwEpCkxRNEB4C8MjA69E8AhzEgu8bdiiKnGSjWP lZzkOs1gFgM+J5CR1RdxNWRvuR3Evf3H7QH5aanYAGBlCwG08NoN0DHgmK1NaScK kCD7wOWqe1eZxpjpP9KpZrloOBr1rLl5IDEUffDakNfzXnrFyNEnBth7sCvUimfR ash56i1MHn7n39RflEqZ1cctr/Wf4fnsBcTbVNRTKLSL+GG1hAs= =qpVD -----END PGP SIGNATURE----- --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWVB3s4x+lLeg9Ub1AQiMgg//acbXls13PTQUoAAO0r124s4aDA/kFK5E rkNb31953OHqyRyRcaVTbTcJqRXIGmpTp4qMGmHgtg4ajl8qe9p5s25mKvc/VUsG fVyWv+WC6DqhmuDE8EioYV1AXuPn8V4uRXopxTVB+kAjowtWxFBRBqQiJ0ZGDnuC UlLZYIB0eLnFqPBy3rGTVp34jL02w7+0sSpH87oFZf3sfZH/z8k96Of/DtQCW0IO LehbDhuAtFOIR0U6J/dys0iVRSVYS7ReqM9E+iQhSA3YVJ6+x2gslp07x3XNg3MA CHiI+/e1drEeUroqFfhHEFEU4HKcbtNZJL8FqnRpBmtCVinEr2XGJMz/FVoa7myF lO/6Dg5iM3micTNsrWdY+hYTCTJKsXW6eujMC9sZ5PM1jORBEA6mRq8+EAO4gZt2 iFzdkzAfzw0BJY/Dv9qaAELaGyfWyQNKWJV6ZAsWE5iNvlochChwqqzFzq9+k3Qi f3BhuNgOm4xdWpZ4WCGsVhlsUvsxI8DJ
2017. június 26.

(26/06/2017) ESB-2017.1596 - [Win] Microsoft Malware Protection Engine: Execute arbitrary code/commands - Remote/unauthenticated

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1596 CVE-2017-8558 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability 26 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Malware Protection Engine Publisher: Microsoft Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-8558 Original Bulletin: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558 --------------------------BEGIN INCLUDED TEXT-------------------- CVE-2017-8558 Microsoft Malware Protection Engine Remote Code Execution Vulnerability Security Vulnerability Published: 06/23/2017 MITRE CVE-2017-8558 A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine. There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server. If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited. All systems running an affected version of antimalware software are primarily at risk. The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files. Note: Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. Exploitability Assessment The following table provides an exploitability assessment for this vulnerability at the time of original publication. Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service No No Not Applicable Not Applicable Not Applicable Affected Products The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle. Product Platform Impact Severity Microsoft Endpoint Protection Remote Code Execution Critical Microsoft Forefront Endpoint Protection Remote Code Execution Critical Microsoft Forefront Endpoint Protection 2010 Remote Code Execution Critical Microsoft Security Essentials Remote Code Execution Critical Windows Defender Windows 10 Version 1703 for 32-bit Systems Remote Code Execution Critical Windows Defender Windows 10 Version 1511 for 32-bit Systems Remote Code Execution Critical Windows Defender Windows 10 for 32-bit Systems Remote Code Execution Critical Windows Defender Windows 8.1 for 32-bit systems Remote Code Execution Critical Windows Defender Windows 7 for 32-bit Systems Service Pack 1 Remote Code Execution Critical Windows Defender Windows Server 2008 for 32-bit Systems Service Pack 2 Remote Code Execution Critical Windows Defender Windows Server 2008 for 32-bit Systems Service Pack 2 Remote Code Execution Critical (Server Core installation) Windows Defender Windows 10 Version 1607 for 32-bit Systems Remote Code Execution Critical Windows Intune Endpoint Protection Remote Code Execution Critical Mitigations Only x86 or 32-bit based versions of the Malware Protection Engine are affected. Workarounds Microsoft has not identified any workarounds for this vulnerability. FAQ References Identification Last version of the Microsoft Malware Protection Engine affected by this vulnerability Version 1.1.13804.0 First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.13903.0 Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment. How often are the Microsoft Malware Protection Engine and malware definitions updated? Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed. Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time. What is the Microsoft Malware Protection Engine? The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features. Where can I find more information about Microsoft antimalware technology? For more information, visit the Microsoft Malware Protection Center website. Suggested Actions Verify that the update is installed Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products. For more information on how to verify the version number for the Microsoft Malware Protection Engine that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781. For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.13903.0 or later. If necessary, install the update Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment. For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. End users that do not wish to wait can manually update their antimalware software. For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781. Acknowledgments Tavis Ormandy of Google Project Zero See acknowledgments for more information. Disclaimer The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWVB3c4x+lLeg9Ub1AQhHoA/+PiHdNWVNR38uTnSfR81Z93dXWWO0i8E/ a+W7seeq2EVZ1Y+zsyBhilvRJYEKG1a5xxm/bZeMubr8G00HR/FMR+sPyVwdgKB/ Rwy/vuXt8bQOWUSQi0lKamcNRplXBYXtHHzZaN9w/Jt88EAcp9TcNIMLES9Cly/f n7I1qk3/latyKPAsCz1ttRZTwgWbC22t0rMaFHkm89znwrl7z7WbSggfgebPAt8u n+DWcRWzhKsYZM6rUDlRV98WCwolbkQoXt4NWJS98qcujqvIk8sQsrUBBCFTqMyt LTY9oOyEtOcrxqN3/75orWBSi26lMmQE8m++67Njj1xhtTXmX30sHpw+v+NmjUTb u17bbKSX9wDK9Oye7tNXefM0jO9+2Hi2XblIATwwc7T8Ax7UipOwYKTITLP2smGa x+I65FhE6xOnVJKVhXITWDulywfaDYFGH0Fm6Vx/Id0yKPMQBXA78qPpJl2/wmbF bEmd/AzOvt4sTOv8PBVR9SJFcBj/XCJ+
2017. június 26.

(26/06/2017) ESB-2017.1595 - [SUSE] tomcat: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1595 SUSE Security Update: Security update for tomcat 26 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tomcat Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-5648 CVE-2017-5647 CVE-2016-8745 CVE-2016-8735 CVE-2016-6816 CVE-2016-6797 CVE-2016-6796 CVE-2016-6794 CVE-2016-5388 CVE-2016-5018 CVE-2016-3092 CVE-2016-0762 Reference: ASB-2017.0059 ASB-2017.0047 ESB-2017.1560 ESB-2017.1544 Original Bulletin: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html --------------------------BEGIN INCLUDED TEXT-------------------- An update that fixes 12 vulnerabilities is now available. An update that fixes 12 vulnerabilities is now available. An update that fixes 12 vulnerabilities is now available. SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1660-1 Rating: important References: #1007853 #1007854 #1007855 #1007857 #1007858 #1011805 #1011812 #1015119 #1033447 #1033448 #986359 #988489 Cross-References: CVE-2016-0762 CVE-2016-3092 CVE-2016-5018 CVE-2016-5388 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 CVE-2017-5648 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: Tomcat was updated to version 7.0.78, fixing various bugs and security issues. For full details see https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2016-0762: A realm timing attack in tomcat was fixed which could disclose existence of users (bsc#1007854) - CVE-2016-3092: Usage of vulnerable FileUpload package could have resulted in denial of service (bsc#986359) - CVE-2016-5018: A security manager bypass via a Tomcat utility method that was accessible to web applications was fixed. (bsc#1007855) - CVE-2016-5388: Setting HTTP_PROXY environment variable via Proxy header (bsc#988489) - CVE-2016-6794: A tomcat system property disclosure was fixed. (bsc#1007857) - CVE-2016-6796: A tomcat security manager bypass via manipulation of the configuration parameters for the JSP Servlet. (bsc#1007858) - CVE-2016-6797: A tomcat unrestricted access to global resources via ResourceLinkFactory was fixed. (bsc#1007853) - CVE-2016-6816: A HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests was fixed. (bsc#1011812) - CVE-2016-8735: A Remote code execution vulnerability in JmxRemoteLifecycleListener was fixed (bsc#1011805) - CVE-2016-8745: A Tomcat Information Disclosure in the error handling of send file code for the NIO HTTP connector was fixed. (bsc#1015119) - CVE-2017-5647: A tomcat information disclosure in pipelined request processing was fixed. (bsc#1033448) - CVE-2017-5648: A tomcat information disclosure due to using incorrect facade objects was fixed (bsc#1033447) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1027=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1027=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): tomcat-7.0.78-7.13.4 tomcat-admin-webapps-7.0.78-7.13.4 tomcat-docs-webapp-7.0.78-7.13.4 tomcat-el-2_2-api-7.0.78-7.13.4 tomcat-javadoc-7.0.78-7.13.4 tomcat-jsp-2_2-api-7.0.78-7.13.4 tomcat-lib-7.0.78-7.13.4 tomcat-servlet-3_0-api-7.0.78-7.13.4 tomcat-webapps-7.0.78-7.13.4 - SUSE Linux Enterprise Server 12-LTSS (noarch): tomcat-7.0.78-7.13.4 tomcat-admin-webapps-7.0.78-7.13.4 tomcat-docs-webapp-7.0.78-7.13.4 tomcat-el-2_2-api-7.0.78-7.13.4 tomcat-javadoc-7.0.78-7.13.4 tomcat-jsp-2_2-api-7.0.78-7.13.4 tomcat-lib-7.0.78-7.13.4 tomcat-servlet-3_0-api-7.0.78-7.13.4 tomcat-webapps-7.0.78-7.13.4 References: https://www.suse.com/security/cve/CVE-2016-0762.html https://www.suse.com/security/cve/CVE-2016-3092.html https://www.suse.com/security/cve/CVE-2016-5018.html https://www.suse.com/security/cve/CVE-2016-5388.html https://www.suse.com/security/cve/CVE-2016-6794.html https://www.suse.com/security/cve/CVE-2016-6796.html https://www.suse.com/security/cve/CVE-2016-6797.html https://www.suse.com/security/cve/CVE-2016-6816.html https://www.suse.com/security/cve/CVE-2016-8735.html https://www.suse.com/security/cve/CVE-2016-8745.html https://www.suse.com/security/cve/CVE-2017-5647.html https://www.suse.com/security/cve/CVE-2017-5648.html https://bugzilla.suse.com/1007853 https://bugzilla.suse.com/1007854 https://bugzilla.suse.com/1007855 https://bugzilla.suse.com/1007857 https://bugzilla.suse.com/1007858 https://bugzilla.suse.com/1011805 https://bugzilla.suse.com/1011812 https://bugzilla.suse.com/1015119 https://bugzilla.suse.com/1033447 https://bugzilla.suse.com/1033448 https://bugzilla.suse.com/986359 https://bugzilla.suse.com/988489 --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWVBiqIx+lLeg9Ub1AQgHvQ//e7zQ2ssie62PbAkLxxd7ds22bbdr0Zbf E1mG+ADbeItgiyGmyU6TKXxhJPVuGDewC0z7i8Fba5YR4+66HgNZGNU8TVzq1zB9 ygQVgygjwVQYMkdJXGfJCi8iDcPjBSARosIszOZ5g7kolxZx68xpb/ROKgaNeNyy U5hD0QWjP+ZMADQXgPVwJAnWaUrSzWtsI+FkJDrMRJQvDjEpDkNqRg55Ma6JA9mx uoh77h0aYQKko06vcDNMu+/G2Gfi6pUzu4AGl5GExQOjTP6uzmEZGWwtHEM8fZ6u 3Il3jlNsVpPIf+imwgxC5Ne3m2Q1/GJU+HK++dh1YR4oFQM8KSlopUTYiiYPSYHM 0T1eZChBqbJ6JKQmQ+Dkc3sLEiClDWi+VRDkXX8FvZlarEkS5bqz8QcLbqS13Hi7 3uzcJATgx48Ag0wtwThBpOfdneVqrqNp5lLAAXFONKMOftl8oNXFy7pSUvABLuv3 oOCcUf1OMQ+mullQTbmzwiB4r69Op0L9
2017. június 26.

(26/06/2017) ESB-2017.1594 - [Win][UNIX/Linux] IBM Netezza Host Management: Denial of service - Remote/unauthenticated

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1594 Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management 26 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Netezza Host Management Publisher: IBM Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-3139 CVE-2017-3137 CVE-2017-3136 Reference: ESB-2017.1445 ESB-2017.1219 ESB-2017.1146 ESB-2017.1025 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22003115 --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management Security Bulletin Document information More support for: PureData System for Analytics Host Software version: 1.0.0 Operating system(s): Platform Independent Software edition: All Editions Reference #: 2003115 Modified date: 23 June 2017 Summary OpenSource ISC Bind is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2017-3136 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of query requests when using DNS64 with "break-dnssec yes" option. By sending a specially crafted DNS request, a remote attacker could exploit this vulnerability to make named exit unexpectedly with an assertion failure. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124516 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-3137 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of a query response containing CNAME or DNAME resource records in an unusual order. By sending a specially crafted DNS response, a remote attacker could exploit this vulnerability to make named exit unexpectedly with an assertion failure. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124517 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-3139 DESCRIPTION: BIND on Red Hat Enterprise Linux is vulnerable to a denial of service, caused by a DNSSEC validation flaw. By sending a specially-crafted DNS response, a remote attacker could exploit this vulnerability to cause the system to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125766 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions IBM Netezza Host Management 5.3.8.0 - 5.4.12.0 Remediation/Fixes To resolve the reported CVE for Red Hat Enterprise Linux (RHEL) on PureData System for Analytics N200x and N3001 platforms only, update to the following IBM Netezza Host Management release: Product VRMF Remediation/First Fix IBM Netezza Host Management 5.4.13.0 Link to Fix Central The Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances. For more details on IBM Netezza Host Management security patching: Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System for Analytics appliances Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 23 June 2017: Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWVBXYYx+lLeg9Ub1AQje3Q/+KO5ltBohj01CswdeHJBzrSzSP9k2A4AU JuVRaw+ytY8q4SwFdk/fbrwiYAkDXP8HwS4BN3mtTAloTHAL/Slw384iIhiP53GC 3vHZdmeaGKiaLql5fhDz09TSUfi82akU4Vl/5zpLWBzcTg8p58yeg9H5/CBavg5Y gKxKFdtGeuZ3bQyywkz6RMBK1XowSC5kwNh1yIKumPvt09GSpaTSJEmu3CZLhzzu p3D8A4Zl5bkkRmjVVnzhYXQ7leZHIJo5qwHoKDGPB0K2Xei6CUrnVe005br5DxzM m266DMKsn3XANkm+753FEGBIRsg+ZHTLzrYCZmZwxmWN9qLGq7iuGg3lNHpEeNak 4gQD4iA3oSOEuhsH1B3RR68OhYx0Q6CizN6/2I61+vNQPMmHHhe8paLCt1B4s906 5MZQ1m0kvnNxrm+Mas+IH/OF2agwf10TwtSW3XCQ9cqMR+igYYcllmZnmfqpg+ml Ev19l4Gr9j0jsw30t6GUOsXTfTsxfR5t
2017. június 26.

(26/06/2017) ESB-2017.1593 - [Win][UNIX/Linux][Appliance] IBM Java Runtime: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1593 Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator CVE-2016-5546 (CVSS 7.5) , CVE-2016-5548 (CVSS 6.5), CVE-2016-5549 (CVSS 6.5), CVE-2016-5547 (CVSS 5.3), CVE-2016-2183 (CVSS 3.1) 26 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Java Runtime Publisher: IBM Operating System: Windows UNIX variants (UNIX, Linux, OSX) Network Appliance Impact/Access: Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-5549 CVE-2016-5548 CVE-2016-5547 CVE-2016-5546 CVE-2016-2183 Reference: ASB-2017.0005 ASB-2017.0001 ESB-2017.1586 ESB-2017.1553 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22005139 --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator CVE-2016-5546 (CVSS 7.5) , CVE-2016-5548 (CVSS 6.5), CVE-2016-5549 (CVSS 6.5), CVE-2016-5547 (CVSS 5.3), CVE-2016-2183 (CVSS 3.1) Security Bulletin Document information More support for: IBM Security Directory Integrator General Software version: 7.1.1, 7.2 Operating system(s): Platform Independent Reference #: 2005139 Modified date: 23 June 2017 Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition Version 6.0 and Version 7.0 that is used by Security Directory Integrator. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, high integrity impact, and no availability impact. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120869 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2016-5548 DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120864 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) CVEID: CVE-2016-5549 DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120863 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) CVEID: CVE-2016-5547 DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120871 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM Tivoli Directory Integrator 7.1.1 IBM Security Directory Integrator 7.2.0 Remediation/Fixes Affected Products and Versions Fix availability TDI 7.1.1 7.1.1-TIV-TDI-LA00034 SDI 7.2 To be updated. References Complete CVSS v2 Guide On-line Calculator v2 Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWVBVY4x+lLeg9Ub1AQiPvg//WgAeowq0X5/DsLgTlXGWVY8220hmA38c 7SYHx/1GGtzP3ICv4/s1QPlL9I+u0e3uu4om/bUhQzTHlPaIw5qRLSVjvYjfj6BH 4zd7f6SVhCMnAtznO0LB9zHoN/JLeskmQO7hjxBDQpDVyoOGpYcFPuQaqMYzJfHt kJvJQdRCHohnCmO9AN8ZTBR+rrZviAJbdRVCW2A2b04eRHXH+WU+jW9/Mk8ZudZp 7EvF3IeHiolaIwt++XErTtfMvimTrSi4WvmtB7zo2kxXpBVH0XkRD+5GjjCqYSYi l6zqF0ksfycIzHOLDb2XJtSGnGvS5tGKLRNMLWVUpl9qA3xK9NeuBfE/T8sX1NjJ CXC3xOrYWZKBAwndcmYwMOaZB5xG2g1+kPlWf10RfjlVtXxsKambp0/ChP/nR187 JT6tLAJKVLetXbm7YkC+/cEDHhlCi0ZHGzB8uvRwVBATcV3L8JrV+V57KzEHLEUt snvvZmObJ0F7sroEjnAkvJ3IaCfMH5nh
2017. június 26.

(26/06/2017) ESB-2017.1592 - [Win][IBM i][Ubuntu][HP-UX][Solaris][AIX] IBM Sterling B2B Integrator: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1592 Security Bulletin: Multiple vulnerabilities in Global Mailbox in IBM Sterling B2B Integrator (CVE-2015-5262, CVE-2014-3577) 26 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Sterling B2B Integrator Publisher: IBM Operating System: Ubuntu AIX HP-UX IBM i Windows Solaris Impact/Access: Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-5262 CVE-2014-3577 Reference: ESB-2017.0049 ESB-2016.2357 ESB-2016.2250 ESB-2016.2035 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22005149 --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple vulnerabilities in Global Mailbox in IBM Sterling B2B Integrator (CVE-2015-5262, CVE-2014-3577) Security Bulletin Document information More support for: Sterling B2B Integrator Software version: 5.2.6 Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows Reference #: 2005149 Modified date: 23 June 2017 Summary IBM Global Mailbox is vulnerable to denial of service attacks and spoofing attacks due to the vulnerabilities in Apache httpClient Vulnerability Details CVEID: CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106932 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95327 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) Affected Products and Versions IBM Sterling B2B Integrator 5.2.6 Remediation/Fixes Product & Version Remediation/Fix IBM Sterling B2B Integrator 5.2.6 with Global Mailbox Apply B2B Integrator fix pack 5020603_2 on Fix Central Workarounds and Mitigations None References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 23 June 2017: Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWVBU/Yx+lLeg9Ub1AQgO2g/+KaVdCebFXElOJ5hmP0YlqbEH/C52k/7/ mtOqwrkmQS/kNQg7hHl5ZCBEQaL0qJ9cufE871oEayPz7m1qXo1uvsZgx7GlIZmb QHYFk228WGVwsKbJgGWS0tfAJGpu5q2LN03fSIpjMHULh+RvrY42HpT7GDcjQMlO 7N1wkEFwnZRmqfT8n0OAsvr1AZpjuuO1mZ8sNRZw1L8HB7s7SblavdayxJDj9Dfa DI8eSjKmZlT3W3ZW5hZmy/975ghdL12kKhpzUt/GI1WVrSS7FHhS8ATNj5x6yR2s sC6l778w6C+rybGSFLg24sA4FoXHfEuT5Q+nY4lW3X+sQ543X/QA/Cc9LwRLZxxL EJcHfYZMZdL0mIhgfdiHb9C5/XlApmipyrFxrDMiNEqnIIi89Trz9a/dXGSPiWS4 i2FTGghkA/s/7aXKphsgdfCaOA/q9RXOtkASwlf9D+8eAZDX1Gu4i1rlh2PMrC4H 5jr1pkUv8VgpMaWcty8+9FKanAWyB7mz
2017. június 26.

(26/06/2017) ESB-2017.1591 - [Linux] QRadar SIEM: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1591 IBM QRadar SIEM is vulnerable to various CVEs 26 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: QRadar SIEM Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-1234 CVE-2016-9972 CVE-2016-9738 CVE-2016-3697 CVE-2015-3631 CVE-2015-3630 CVE-2015-3627 CVE-2015-1843 CVE-2014-1912 Reference: ESB-2016.2635 ESB-2016.1184 ESB-2015.2113 ESB-2015.1938 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22004925 http://www.ibm.com/support/docview.wss?uid=swg22004926 http://www.ibm.com/support/docview.wss?uid=swg22004947 http://www.ibm.com/support/docview.wss?uid=swg22004948 Comment: This bulletin contains four (4) IBM security advisories. --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM QRadar SIEM has weak password requirements. (CVE-2016-9738) Security Bulletin Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2004926 Modified date: 23 June 2017 Summary The product does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Vulnerability Details CVEID: CVE-2016-9738 DESCRIPTION: IBM QRadar does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119783 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions IBM QRadar SIEM 7.2.0 7.2.8 Patch 6 IBM QRadar SIEM 7.3.0 7.3.0 Patch 1 Remediation/Fixes IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 7 IBM QRadar/QRM/QVM/QRIF/QNI 7.3.0 Patch 3 Workarounds and Mitigations None References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 19 June 2017: First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. ======================================================================= Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972) Security Bulletin Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2004925 Modified date: 23 June 2017 Summary The product is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. Vulnerability Details CVEID: CVE-2016-9972 DESCRIPTION: IBM Qradar could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120208 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions IBM QRadar SIEM 7.2.0 7.2.8 Patch 6 IBM QRadar SIEM 7.3.0 7.3.0 Patch 1 Remediation/Fixes IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 7 IBM QRadar/QRM/QVM/QRIF/QNI 7.3.0 Patch 3 Workarounds and Mitigations None References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 19 June 2017: First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. ======================================================================= Security Bulletin: Docker and Python as used in IBM QRadar SIEM is vulnerable to various CVEs. Security Bulletin Document information More support for: IBM Security QRadar SIEM Software version: 7.2 Operating system(s): Linux Software edition: All Editions Reference #: 2004947 Modified date: 23 June 2017 Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2016-3697 DESCRIPTION: Docker could allow a local attacker to gain elevated privileges on the system, caused by an error in libcontainer/user/user.go. By using a numeric username in the password file in a container, an attacker could exploit this vulnerability to gain elevated privileges on the system. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113791 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2015-3631 DESCRIPTION: Docker could allow a remote attacker to bypass security restrictions, caused by the configuration of volume mounts to override files of /proc within a mount namespace. An attacker could exploit this vulnerability using specially-crafted images to specify arbitrary policies for Linux Security Modules. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103094 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVEID: CVE-2015-3630 DESCRIPTION: Docker could allow a remote attacker to obtain sensitive information, caused by multiple read/write proc paths being writable from containers. An attacker could exploit this vulnerability to modify the host and obtain sensitive information. CVSS Base Score: 5.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103093 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) CVEID: CVE-2015-3627 DESCRIPTION: A symlink vulnerability in Libcontainer and Docker Engine regarding the file-descriptor being opened prior to performing the chroot could allow a local attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability using a specially crafted Dockerfile or image to gain elevated privileges on the system. CVSS Base Score: 4.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103092 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2015-1843 DESCRIPTION: Red Hat docker package is vulnerable to a man-in-the-middle attack, caused by the use of the --add-registry option. A remote attacker could exploit this vulnerability to perform downgrade attacks to obtain authentication and image data to conduct man-in-the-middle attacks. CVSS Base Score: 5.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102670 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) CVEID: CVE-2014-1912 DESCRIPTION: Python is vulnerable to a buffer overflow, caused by improper bounds checking by sock_recvfrom_into() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90931 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Affected Products and Versions IBM QRadar 7.2.0 - 7.2.8 Patch 6 Remediation/Fixes IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 7 Workarounds and Mitigations None References Complete CVSS v2 Guide On-line Calculator v2 Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 19 June 2017: First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. =============================================================================== Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting. (CVE-2017-1234) Security Bulletin Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2004948 Modified date: 23 June 2017 Summary stored XSS vulnerability in QRadar system v 7.2.8. Vulnerability Details CVEID: CVE-2017-1234 DESCRIPTION: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123913 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions IBM QRadar 7.2.0 - 7.2.8 Patch 6 IBM QRadar 7.3.0 - 7.3.0 Patch 1 Remediation/Fixes IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 7 IBM QRadar/QRM/QVM/QRIF/QNI 7.3.0 Patch 3 Workarounds and Mitigations None References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement The vulnerability was reported to IBM by Mohammed Shameem Shahnawaz Change History 19 June 2017: First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWVBUX4x+lLeg9Ub1AQjphhAAme8TkBrPHddNQh2OJUH1BupzlLQ8byP4 +3aFSQPORaM65eXx7PI2fi+KQxq2i5xNV1tm53psRy8yKU5KIXBHW3srQx2//Z59 kmAqx+nzUHv0gpu6Nqq7Y2394PRAAr4/BgUN0oPVlQPmFnMbkkhc0upKX0jWOLOB IUmnsE9mH2s1OWfN+5bq7IH4RwOWDWyFwkSyNl5Rw/RggS1qmiCRg7EHjALt/T8z t1GgVODh7b+PbMEkGqzv4jOq4RkDZ+M0LnDjE/s5wtBjEe7hMp8oCJ/PqKqvbRCH n+y+hInA5Tupn/NwgymlFrNMtjwLpkqwL9DEiNwm7hAITyNZFBcUYge34u4CMWFP lGT4e0yxoZdFLTFwz56k+iEjinHtrDppQ3xWfZtSVfYT7kCl7MoAkFsKmkrmOTgq mzGYqoNJr6G7Nj79fAuG5OuLCaFkPumYbiZyAL/HkZDnjA2h9s8RQlraSbbIxkY9 fKWo8mZKLRU06XkV7cV2+9TbC10Fjmwt
2017. június 23.

(23/06/2017) ESB-2017.1590 - [Win][Linux][HP-UX][AIX] Hitachi Cosminexus HTTP Server and Hitachi Web Server: Provide misleading information - Remote/unauthenticated

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1590 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cosminexus HTTP Server Hitachi Web Server Publisher: Hitachi Operating System: AIX HP-UX Linux variants Windows Impact/Access: Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-8743 Reference: ASB-2017.0058 ASB-2017.0021 ASB-2017.0014 ESB-2017.0521 ESB-2017.0347.2 ESB-2017.0127 Original Bulletin: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-116/index.html --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability in Cosminexus HTTP Server and Hitachi Web Server Security Information ID Vulnerability description Affected products Fixed products Revision history Update: June 23, 2017 A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server. Security Information ID hitachi-sec-2017-116 Vulnerability description A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server. Affected products and versions are listed below. Please upgrade your version to the appropriate version. Affected products The information is organized under the following headings: (Example) Product name: Gives the name of the affected product. Version: Platform Gives the affected version. Product name: Cosminexus HTTP Server Version(s): AIX, HP-UX(IPF), Linux(x64), Windows, Windows(x64) 09-65 to 09-65-51, 09-00 to 09-00-51 Product name: Hitachi Web Server Version(s): AIX, HP-UX, HP-UX(IPF), Linux, Linux(IPF), Solaris, Solaris(x64), Windows, Windows(x64) 04-00 to 04-20-08, 03-00 to 03-10-15, 01-00 to 02-06-/F Product name: Hitachi Web Server Version(s): AIX, Linux(x64), Windows, Windows(x64) 10-00 to 10-11-01 Product name: Hitachi Web Server - Custom Edition Version(s): Windows, Linux All versions Product name: Hitachi Web Server - Security Enhancement Version(s): HP-UX(IPF) All versions These vulnerabilities exist in Cosminexus HTTP Server and Hitachi Web Server which is a component product of other Hitachi products. For details about the fixed version about Cosminexus products, contact your Hitachi support service representative. - Cosminexus V5, V6, V7, V8, V9 Product name: uCosminexus Application Server Product name: uCosminexus Application Server Enterprise Product name: uCosminexus Application Server Express Product name: uCosminexus Application Server Smart Edition Product name: uCosminexus Application Server Standard Product name: uCosminexus Application Server Standard-R Product name: uCosminexus Application Server(64) Product name: uCosminexus Application Server-R Product name: uCosminexus Developer Product name: uCosminexus Developer 01 Product name: uCosminexus Developer Light Product name: uCosminexus Developer Professional Product name: uCosminexus Developer Professional for Plug-in Product name: uCosminexus Developer Standard Product name: uCosminexus Primary Server Base Product name: uCosminexus Primary Server Base(64) Product name: uCosminexus Service Architect Product name: uCosminexus Service Platform Product name: uCosminexus Service Platform - Messaging Product name: uCosminexus Service Platform(64) Version(s): AIX, HP-UX(IPF), Linux(x64), Windows, Windows(x64) 05-00 to 09-71 - Hitachi Application Server Product name: Hitachi Application Server Product name: Hitachi Application Server for Developers Version(s): AIX, Linux(x64), Windows, Windows(x64) 10-00 to 10-11 Fixed products The information is organized under the following headings: (Example) Product name: Gives the name of the fixed product. Version: Platform Gives the fixed version, and release date. Scheduled version: Platform Gives the fixed version scheduled to be released. Product name: Cosminexus HTTP Server Version(s): Linux(x64) 09-65-52 May 24, 2017 Windows(x64) 09-00-52 May 19, 2017 Windows 09-00-52 June 16, 2017 Product name: Hitachi Web Server Scheduled version(s): For details on the fixed products, contact your Hitachi support service representative. Revision history June 23, 2017 This page is released. Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information. The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers. The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself. The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability. --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUyYU4x+lLeg9Ub1AQhUEQ/8D/faWcAhxvGrsjvPHqIUEooOQtcSxq53 H+MaIloIjeqodXINsEaRMx56aG4q9kDJy59Jf4wtWo+zOaFV7ELAt+UQMFwm/QZN qyXmzFC4eQOyUoCukQbj75Ruht4m8uZSFnpiaJtTNQ5wv/mk1l/ea6prpnf+JT+a iGiG0p+2WUGCSGRhrEtq4FVS4gJrDKuTFTINn17lI4bY75tp4rHLlca+QOcTGa0x 95GTJiyVzn8nK4Zrf78G2vuZ9d/A3jJXnMSaiAnuiWea4IjhTJA1sqqZdfDxuR5G vIm5qVbHdT399M5FsqyG+cK0YGF/eJV05Tj8HO1aT2k5PGTRu5kwrDJ7lFOGisty pSyd6V5ufG4x3f16G+pvwL3rzl0ysqX+N7GXnvxRkLCisAT7Ls4t9jDaeVVFxzvt NTrK6Ln9Hoc9e/VaiXh9xdRT0cUZxuNN15r4q5JrEG9uTioGufagJhBwGlDesUJk 7oHVkn3GrQQLVDFWLXRpzeJPmVn1afXl
2017. június 23.

(23/06/2017) ESB-2017.1589 - [Win][Linux][HP-UX][AIX] Cosminexus HTTP Server: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1589 Multiple Vulnerabilities in Cosminexus HTTP Server 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cosminexus HTTP Server Publisher: Hitachi Operating System: AIX HP-UX Linux variants Windows Impact/Access: Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-3732 CVE-2017-3731 CVE-2016-7055 Reference: ASB-2017.0059 ASB-2017.0058 ASB-2017.0055 ESB-2017.0055 ESB-2016.2841 ESB-2016.2770 Original Bulletin: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-115/index.html --------------------------BEGIN INCLUDED TEXT-------------------- Multiple Vulnerabilities in Cosminexus HTTP Server Security Information ID Vulnerability description Affected products Fixed products Revision history Update: June 23, 2017 Multiple vulnerabilities have been found in Cosminexus HTTP Server. Security Information ID hitachi-sec-2017-115 Vulnerability description Cosminexus HTTP Server contain the following vulnerabilities: CVE-2016-7055, CVE-2017-3731, CVE-2017-3732 Affected products and versions are listed below. Please upgrade your version to the appropriate version. This problem occurs only if the SSL function is being used. Affected products The information is organized under the following headings: (Example) Product name: Gives the name of the affected product. Version: Platform Gives the affected version. Product name: Cosminexus HTTP Server Version(s): AIX, HP-UX(IPF), Linux(x64), Windows, Windows(x64) 09-65-50 to 09-65-51, 09-00-51 These vulnerabilities exist in Cosminexus HTTP Server which is a component product of other Hitachi products. For details about the fixed version about Cosminexus products, contact your Hitachi support service representative. - Cosminexus V9 Product name: uCosminexus Developer Product name: uCosminexus Application Server Product name: uCosminexus Application Server(64) Product name: uCosminexus Service Platform Product name: uCosminexus Service Platform(64) Product name: uCosminexus Service Architect Product name: uCosminexus Application Server-R Product name: uCosminexus Primary Server Base Product name: uCosminexus Primary Server Base(64) Version(s): AIX, HP-UX(IPF), Linux(x64), Windows, Windows(x64) 09-00 to 09-71 Fixed products The information is organized under the following headings: (Example) Product name: Gives the name of the fixed product. Version: Platform Gives the fixed version, and release date. Scheduled version: Platform Gives the fixed version scheduled to be released. Product name: Cosminexus HTTP Server Version(s): Linux(x64) 09-65-52 May 24, 2017 Windows(x64) 09-00-52 May 19, 2017 Windows 09-00-52 June 16, 2017 For details on the fixed products, contact your Hitachi support service representative. Revision history June 23, 2017 This page is released. Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information. The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers. The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself. The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability. --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUyYP4x+lLeg9Ub1AQi/2Q/+Oyhj48Oy6+qHyb4R+tor3tbsbeOB5H6l yrhJX4Un4dgbsOUL5t9/Xg4EfpKts//wNcjmyel1uZ1m70G2898pxIAvDaif9TNJ Fi0elPuJHL4uNcbrOXUE3iA70GrdraFAr7arpH0kBTzvdzYhNlzxMuxL33+5sHY1 +e0h+C9FE01K4YbfY+BHCMFdsbuFVjVXzeiAFaGz+1W2uyUjweWJHDuvn92HAc9l TGGQ2D7/Mjci5YzpcjHRMi8IlVWzaErxLfllq5JblNBqvJqiH91gyhCGln/FI3oP SBt6BJP9MhLBY4wh4XRazpy4gKCr34manQfw6SfizYwegK7iyLuLHSJN2mS8LIUa 3mqhGIfbbGGH8LPbBvEQZneRHJBO1qWpl4Qo0c2mH+82nX41N3KcBFx1owFafOAc 2f1AxOB/Z6Dw5Biro4ssefg8pMPLDNpLYBzza4S6tuu7cDWniMd7N2kV7wG/lnv+ /145jDzbuVPgoiODf7m/iPMBPao5FF34
2017. június 23.

(23/06/2017) ESB-2017.1588 - [Win] Siemens XHQ: Access confidential data - Existing account

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1588 Siemens XHQ 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Siemens XHQ Publisher: ICS-CERT Operating System: Windows Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-6866 Original Bulletin: https://ics-cert.us-cert.gov/advisories/ICSA-17-173-02 --------------------------BEGIN INCLUDED TEXT-------------------- Advisory (ICSA-17-173-02) Siemens XHQ Original release date: June 22, 2017 Legal Notice All information products included in http://ics-cert.us-cert.gov are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see http://www.us-cert.gov/tlp/. CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: XHQ Vulnerability: Improper Access Control AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of the XHQ operations intelligence product line: XHQ 4: All versions prior to V4.7.1.3 XHQ 5: All versions prior to V5.0.0.2 IMPACT This vulnerability could allow a low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. MITIGATION Siemens has released new versions of XHQ to address this vulnerability. Users are to call their local service organization for further information on how to obtain the newest version of XHQ. If the local service organization is not known, please call a local Siemens hotline center: https://w3.siemens.com/aspa_app/ Siemens strongly recommends users protect network access to XHQ with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens' Operational Guidelines for Industrial Security: https://www.siemens.com/cert/operational-guidelines-industrial-security For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-945660 at the following location: http://www.siemens.com/cert/advisories NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Restrict access to systems to only those users who require access that system. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. No known public exploits specifically target this vulnerability. This vulnerability is remotely exploitable. Low skill level is needed to exploit. VULNERABILITY OVERVIEW IMPROPER ACCESS CONTROL CWE-284 A vulnerability in XHQ server could allow an authenticated, low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. CVE-2017-6866 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). RESEARCHER Siemens self-reported this vulnerability. BACKGROUND Critical Infrastructure Sector: Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Contact Information For any questions related to this report, please contact ICS-CERT at: Email: ics-cert@hq.dhs.gov Toll Free: 1-877-776-7585 International Callers: (208) 526-0900 For industrial control systems security information and incident reporting: http://ics-cert.us-cert.gov ICS-CERT continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product. --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUyYSox+lLeg9Ub1AQhg3RAAi2vmUBjcGJ51AChrYLTHgHnmeZeYTGku FuDevozSbtZ0PNtjIhbijYgQB/9CPka/4vuo31IZ37WdEpk0nZWdFEwz7FyaHaRa lsEDOMpaFjGY+nWftscLrNKItrT7VA/zpedo7XPTlUn1DTl81PMNXkI5K0zxYf0S 3TKJ51B9EQY7R2zqaAlgdXi7WYSrDAeNMtg8191trKPnSSUMf/mMXjZbVFETNaEf uLkAONBxxv5ZjK+UkHzFpwPvKKQCevn2nbGrwmtBpu0WlVP0K229n30bOcCh3zbL S6/ttT75770F+FE6DnfLMC41HvO6oPzU9VFKFW0iqmpMI6VvApOPaaH3UNxKnT6o hh71U4bjN4bJrtZXEwubmEVkef5CfIWuyswnMQut4Lf+Bh3FvJ7BPPi49pez87qO SLjS+WzNNSD5fIbTABJQ5Q/CeIBJuf3ijLlfjoFgyW0tkVLxvBLxO4pLnbU6Zzdf oUk8SUKiGiJCrtwIMaVctKAN/s9F+gr4
2017. június 23.

(23/06/2017) ESB-2017.1587 - [Appliance] SIMATIC CP 44x-1 Redundant Network Access (RNA) modules: Administrator compromise - Remote/unauthenticated

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1587 Siemens SIMATIC CP 44x-1 Redundant Network Access Modules 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: SIMATIC CP 44x-1 Redundant Network Access (RNA) modules Publisher: ICS-CERT Operating System: Network Appliance Impact/Access: Administrator Compromise -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-6868 Original Bulletin: https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01 --------------------------BEGIN INCLUDED TEXT-------------------- Advisory (ICSA-17-173-01) Siemens SIMATIC CP 44x-1 Redundant Network Access Modules Original release date: June 22, 2017 Legal Notice All information products included in http://ics-cert.us-cert.gov are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see http://www.us-cert.gov/tlp/. CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC CP 44x-1 Redundant Network Access (RNA) modules Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of the SIMATIC CP 44x-1 RNA, which connect SIMATIC S7-400 CPUs to Industrial Ethernet, are affected: SIMATIC CP 44x-1 RNA, all versions prior to Versions 1.4.1. IMPACT Successful exploitation of this vulnerability may allow an unauthenticated remote attacker to perform administrative actions under certain conditions. MITIGATION Siemens has released firmware update, Version 1.4.1, for the SIMATIC CP 44x-1 RNA modules that fixes the vulnerability and is available at the following location: https://support.industry.siemens.com/cs/ww/en/view/109748227. Siemens recommends that users apply the firmware update. Siemens recommends that users apply the following mitigations until the firmware update can be applied: Apply cell protection concept, described in the following: https://www.siemens.com/cert/operational-guidelines-industrial-security Use VPN for protecting network communication between cells Apply Defense-in-Depth, which is described in the following: https://www.siemens.com/industrialsecurity NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. No known public exploits specifically target this vulnerability. VULNERABILITY OVERVIEW IMPROPER AUTHENTICATION CWE-287 An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU. CVE-2017-6868 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). RESEARCHER Siemens reported this vulnerability. BACKGROUND Critical Infrastructure Sector(s): Chemical, Critical Manufacturing, and Food and Agriculture Countries/Areas Deployed: Worldwide Company Headquarters Location: Munich, Germany Contact Information For any questions related to this report, please contact ICS-CERT at: Email: ics-cert@hq.dhs.gov Toll Free: 1-877-776-7585 International Callers: (208) 526-0900 For industrial control systems security information and incident reporting: http://ics-cert.us-cert.gov ICS-CERT continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product. --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUyTHYx+lLeg9Ub1AQgjbA//Z05EBKw/amwxMbfTj6t5RSTvO5HeLeOJ 6FmBPa2ql+G6M+Xs6GMdHPYFlQJoWUhhmpEeywe5Rd93PP2q9R86qu8CuNyBGkOq VrZQCK6C07KHgpVgnQgTOjvy9IvOQaSOiXaSx/BvSxbnym2iZISHk15aysu46KPn /b6RScmpEYpJ/9TFp/3StFBrj1r4OsLlkco4v+wU4gnJDNCWahPbva/3T2ixrI7P IT2lWoZJsCnx4j7ydKEqpyPQh5ROc10U6W7eUmML5FAmGygGANPfB7Qt8brpi05d yajFWQ6T2ztCw7DChy0yGRJrJ6TNcW8E/3EJvF3dUPe7BibKZnGhZzgNe+yK/EO1 v6DnuXEiW1sMyX2+oSv+yHRfh5zalUApf0tBuvrEoZ4tckbqdiS8fv2yvjbqmg28 NKUntlx+MjbyGnLrOcxRqN+0ymO+plMzcpBBPQ8643zMs/kC/ErZYqbq4rVRwovl 5ipy5KResxY7epLGRMeZ1FhySL4itGKM
2017. június 23.

(23/06/2017) ESB-2017.1586 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2 for Linux, UNIX and Windows: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1586 Multiple vulnerabilities have been identified in IBM DB2 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM DB2 for Linux, UNIX and Windows Publisher: IBM Operating System: AIX HP-UX Linux variants Solaris Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Access Privileged Data -- Remote with User Interaction Overwrite Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-1297 CVE-2017-1134 CVE-2017-1105 CVE-2016-9843 CVE-2016-9842 CVE-2016-9841 CVE-2016-9840 CVE-2016-6115 CVE-2016-5995 CVE-2016-2183 CVE-2016-2126 CVE-2016-2125 CVE-2016-2119 CVE-2016-0729 Reference: ASB-2017.0074 ASB-2017.0047 ASB-2017.0028 ESB-2016.1672 ESB-2016.0659 ESB-2016.0502 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22004878 http://www.ibm.com/support/docview.wss?uid=swg22003877 http://www.ibm.com/support/docview.wss?uid=swg22004735 http://www.ibm.com/support/docview.wss?uid=swg21994955 --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM DB2 LUW's Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297). Document information More support for: DB2 for Linux, UNIX and Windows Software version: 9.7, 10.1, 10.5, 11.1 Operating system(s): AIX, HP-UX, Linux, Solaris, Windows Software edition: Advanced Enterprise Server, Advanced Workgroup Server, Enterprise Server, Express, Express-C, Personal, Workgroup Server Reference #: 2004878 Modified date: 22 June 2017 Security Bulletin Summary IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) Command Line Process (CLP) is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. Vulnerability Details CVEID: CVE-2017-1297 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125159 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) Affected Products and Versions All fix pack levels and editions of IBM DB2 V9.7, V10.1, V10.5 and V11.1 on all platforms are affected. Remediation/Fixes The recommended solution is to apply the appropriate fix for this vulnerability. FIX: The fix for DB2 V11.1.1 is in V11.1.2 FP2, available for download from Fix Central. Customers running any vulnerable fixpack level of an affected Program, V9.7, V10.1 and V10.5 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: DB2 V9.7 FP11, V10.1 FP6 and V10.5 FP8. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. Release Fixed in fix pack APAR Download URL V9.7 TBD IT20570 Special Build for V9.7 FP11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER(TM) big endian Linux 64-bit, System z(R), System z9(R) or zSeries(R) Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V10.1 TBD IT20571 Special Build for V10.1 FP6: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER(TM) big endian Linux 64-bit, System z(R), System z9(R) or zSeries(R) Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V10.5 TBD IT20498 Special Build for V10.5 FP8: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER(TM) big endian Linux 64-bit, POWER(TM) little endian Linux 64-bit, System z(R), System z9(R) or zSeries(R) Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 Inspur V11.1.2 FP2 IT20562 http://www-01.ibm.com/support/docview.wss?uid=swg24043789 Workarounds and Mitigations None. Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement This vulnerability was reported to IBM by Leon Juranic and Bosko Stankovic of DefenseCode Change History June 22, 2017: Original version published. *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. ------------------------------------------------------------------------------- Security Bulletin: Buffer overflow vulnerability in IBM(R) DB2(R) LUW (CVE-2017-1105) Document information More support for: DB2 for Linux, UNIX and Windows Software version: 9.7, 10.1, 10.5, 11.1 Operating system(s): AIX, HP-UX, Linux, Solaris Software edition: Advanced Enterprise Server, Advanced Workgroup Server, Enterprise Server, Express, Express-C, Personal, Workgroup Server Reference #: 2003877 Modified date: 22 June 2017 Security Bulletin Summary IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. Vulnerability Details CVEID: CVE-2017-1105 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. CVSS Base Score: 5.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120668 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) Affected Products and Versions All fix pack levels of IBM DB2 V9.7, V10.1, V10.5 and V11.1 editions listed below and running on AIX, Linux, Solaris and HP are affected. DB2 on Windows is not affected. IBM(R) DB2(R) Express Edition IBM(R) DB2(R) Workgroup Server Edition IBM(R) DB2(R) Enterprise Server Edition IBM(R) DB2(R) Advanced Enterprise Server Edition IBM(R) DB2(R) Advanced Workgroup Server Edition IBM(R) DB2(R) Connect(TM) Application Server Edition IBM(R) DB2(R) Connect(TM) Enterprise Edition IBM(R) DB2(R) Connect(TM) Unlimited Edition for System i(R) IBM(R) DB2(R) Connect(TM) Unlimited Edition for System z(R) The IBM data server client and driver types are affected as well and they are as follows: IBM Data Server Driver Package IBM Data Server Driver for ODBC and CLI IBM Data Server Runtime Client IBM Data Server Client Remediation/Fixes The recommended solution is to apply the appropriate fix for this vulnerability. FIX: The fix for DB2 V11.1.1 is in V11.1.2 FP2, available for download from Fix Central. Customers running any vulnerable fixpack level of an affected Program, V9.7, V10.1 and V10.5 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: DB2 V9.7 FP11, V10.1 FP6 and V10.5 FP8. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. Release Fixed in fix pack APAR Download URL V9.7 TBD IT20567 Special Build for V9.7 FP11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER(TM) big endian Linux 64-bit, System z(R), System z9(R) or zSeries(R) Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V10.1 TBD IT20568 Special Build for V10.1 FP6: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER(TM) big endian Linux 64-bit, System z(R), System z9(R) or zSeries(R) Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V10.5 TBD IT20461 Special Build for V10.5 FP8: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER(TM) big endian Linux 64-bit, POWER(TM) little endian Linux 64-bit, System z(R), System z9(R) or zSeries(R) Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 Inspur V11.1.2 FP2 IT20563 http://www-01.ibm.com/support/docview.wss?uid=swg24043789 Workarounds and Mitigations None. Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement The vulnerability was reported to IBM by Tim Brown at Portcullis Computer Security Change History June 22, 2017 - Original Version Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. ------------------------------------------------------------------------------- Security Bulletin: IBM(R) DB2(R) LUW on AIX and Linux Affected by vulnerabilities in zlib (CVE-2016-9840, CVE-2016-9841). Document information More support for: DB2 for Linux, UNIX and Windows Software version: 9.7, 10.1, 10.5, 11.1 Operating system(s): AIX, HP-UX, Linux, Solaris, Windows Software edition: Advanced Enterprise Server, Advanced Workgroup Server, Enterprise Server, Express, Express-C, Personal, Workgroup Server Reference #: 2004735 Modified date: 22 June 2017 Security Bulletin Summary IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is affected by vulnerabilities in zlib. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120508 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2016-9841 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120509 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2016-9842 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an undefined left shift of negative number. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120510 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2016-9843 DESCRIPTION: zlib is vulnerable to a denial of service, caused by a big-endian out-of-bounds pointer. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120511 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) Affected Products and Versions All fix pack levels and editions of IBM DB2 V9.7, V10.1, V10.5 and V11.1 on all platforms are affected. Remediation/Fixes The recommended solution is to apply the appropriate fix for this vulnerability. FIX: The fix for DB2 V11.1.1 is in V11.1.2 FP2, available for download from Fix Central. Customers running any vulnerable fixpack level of an affected Program, V9.7, V10.1 and V10.5 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: DB2 V9.7 FP11, V10.1 FP6 and V10.5 FP8. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. Release Fixed in fix pack APAR Download URL V9.7 TBD IT19129 Special Build for V9.7 FP11: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER(TM) big endian Linux 64-bit, System z(R), System z9(R) or zSeries(R) Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V10.1 TBD IT20564 Special Build for V10.1 FP6: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER(TM) big endian Linux 64-bit, System z(R), System z9(R) or zSeries(R) Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 V10.5 TBD IT20565 Special Build for V10.5 FP8: AIX 64-bit HP-UX 64-bit Linux 32-bit, x86-32 Linux 64-bit, x86-64 Linux 64-bit, POWER(TM) big endian Linux 64-bit, POWER(TM) little endian Linux 64-bit, System z(R), System z9(R) or zSeries(R) Solaris 64-bit, SPARC Solaris 64-bit, x86-64 Windows 32-bit, x86 Windows 64-bit, x86 Inspur V11.1.2 FP2 IT20566 http://www-01.ibm.com/support/docview.wss?uid=swg24043789 Workarounds and Mitigations None. Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History June 22, 2017: Original version published. *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. ------------------------------------------------------------------------------- Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for Linux, UNIX, and Windows Version 11.1 Document information More support for: DB2 for Linux, UNIX and Windows OTHER - Uncategorised Software version: 11.1 Operating system(s): AIX, HP-UX, Linux, Solaris, Windows Reference #: 1994955 Modified date: 22 June 2017 Flash (Alert) Abstract This document contains a list of fixes for Security and HIPER APARs in DB2 Version 11.1. Content A set of security vulnerabilities was discovered in some DB2 database products. These vulnerabilities were analyzed by the DB2 development organization and a set of corresponding fixes was created to address the reported issues. IBM is not currently aware of any externally reported incidents where production DB2 installations have been compromised due to these issues. The affected DB2 UDB for Linux, UNIX, and Windows products are: DB2 Connect Server (all Editions) DB2 Developer Edition DB2 Enterprise Server (all Editions) DB2 Express Server (all Editions) DB2 Workgroup Server (all Editions) DB2 Client component and DB2 products or components other than those listed above are not affected. Due to the complexity of the fixes required to eliminate the reported service issues, it is not feasible to retrofit the same fixes into earlier DB2 Version 11.1 fix packs. Select a Fix Pack: 1 2 DB2 Version 11.1 Fix Pack 2 Security APARs IT17647 SECURITY: VULNERABILITY IN GSKIT AFFECTS IBM DB2 (CVE-2016-2183) IT20462 SECURITY: TSAMP PRIVILEGE ESCALATION VULNERABILITY AFFECTS DB2 (CVE-2017-1134) IT20561 SECURITY: DB2 LUW ON AIX AND LINUX AFFECTED BY MULTIPLE VULNERABILITIES IN GPFS (CVE-2016-6115, CVE-2016-2126, CVE-2016-2125) IT20562 SECURITY: DB2 CLP WILL TRAP IF IT IS PASSED A ROUTINE NAME GREATER THEN THE ALLOWED MAXIMUM LENGTH (CVE-2017-1297). IT20563 SECURITY: BUFFER OVERFLOW THAT COULD ALLOW A LOCAL USER TO OVERWRITE DB2 FILES OR CAUSE A DENIAL OF SERVICE (CVE-2017-1105). IT20566 SECURITY: DB2 IS AFFECTED BY VULNERABILITIES IN COMPRESSION ROUTINES.HIPER APARs IT17787 SQL STATEMENT WITH AN EXISTS PREDICATE AND A JOIN INVOLVING NON-DETERMINISTIC CORRELATED SUBQUERY MAY RETURN MORE ROWS IT17894 PREDICATE COMPARING SUBSTR ON CODEUNITES32 COLUMN IN THE COLUMN AR ORGANIZED TABLE TO HOST VAR COULD RETURN AN INCORRECT RESULT IT18021 INCORRECTLY GENERATED DERIVED PREDICATES MIGHT CAUSE INCORRECTQUERY RESULTS DUE TO TRAILING BLANKS IT18083 WRONG RESULTS AGAINST COLUMN ORGANIZED TABLE ARE POSSIBLE WITH EXPANDING JOIN PLAN IT18101 AN SQL STATEMENT IN A PARTITIONED DATABASE ENV CONTAINING THE ROW_NUMBER() OVER() OPERATION MIGHT PRODUCE INCONSISTENT RESULTS IT18170 WRONG RESULT IS POSSIBLE IF GENERATED ALWAYS EXPRESSION REFERENCES A BUILT-IN FUNCTION WITH MORE THEN ONE STRING INPUT IT18204 WRONG RESULT IS POSSIBLE IN ORACLE COMPATIBILITY MODE UNICODE DB WHEN COMPARING A CHAR COLUMN WITH A GRAPHIC CONSTANT IT18381 DB2 MAY RETURN INCORRECT RESULTS IF USING A CASE STATEMENT TO COMPARE FIXED CHAR/GRAPHIC STRINGS IN VARCHAR2 COMPATIBILITY MODE IT18502 DB2 MAY RETURN SQLCODE:-901 OR RETURN WRONG RESULTS ON QUERIES WITH PLANS THAT INVOVLE SORT ON AN ENCRYPTED DATABASE IT18506 DB2 CAN RETURN WRONG RESULTS WHEN USING THE SPECIAL REGISTER 'CURRENT DECFLOAT ROUNDING MODE' IN A QUERY IN AN MPP ENVIRONMENT IT18742 TRUNC ON MINIMUM INTEGER VALUE MIGHT RETURN 0 WHEN (VALUE, -X) IS DONE IT18797 PURESCALE: QUERY MIGHT RETURNS WRONG RESULT WHEN INPLACE (ONLINE) TABLE REORGANIZATION IS RUNNING IT19197 DB2 MIGHT PRODUCE INCORRECT RESULT WHEN EXECUTING XQUERY WITH MULTIPLE OR SUBTERMS IT19608 DB2 MAY CONVERT VIEW COLUMN TYPES INCORRECTLY OR RETURN SQL0418N UPON REVALIDATION OF A VIEW WITH UNTYPED EXPRESSIONS IT19796 COMPILED COMPOUND SQL OR A PL/SQL ANONYMOUS BLOCK CAN DELETE ALL ROWS OF A ON COMMIT DELETE ROWS TEMPORARY TABLE IT20463 INCORRECT RESULTS ARE POSSIBLE WHEN CONCURRENT QUERIES ACCESS COLUMNAR ORGANIZED TABLES AND USE CS ISOLATION IT20661 WRONG RESULTS MIGHT OCCUR WHEN SCALAR SUB-QUERY IS ON THE LEFT HAND SIDE OF A NOT IN PREDICATE IV91752 THE FIRST UPDATE STATEMENT FOR A COLUMN-ORGANIZED TABLE MAY IN RARE CASES CAUSE FUTURE QUERIES TO MISS SOME MATCHING RESULTS IV93080 WRONG RESULT IS POSSIBLE WHEN COLUMNAR TABLES ARE INVOLVED IN A PLAN WITH A UNION AND CSE IS PUSHED DOWN ON TO CDE Back to top DB2 Version 11.1 Fix Pack 1 Security APARs IT15579 SECURITY: DB2 IS AFFECTED BY OPEN SOURCE APACHE XERCES-C XML PARSER VULNERABILITIES (CVE-2016-0729) IT16324 SECURITY: DB2 PURESCALE AFFECTED BY MULTIPLE VULNERABILITIES IN GPFS IT17012 SECURITY: ELEVATED PRIVILEGES WITH DB2 EXECUTABLES (CVE-2016-5995) IT17530 SECURITY: DB2 PURESCALE AFFECTED BY A VULNERABILITY IN GPFS (CVE-2016-2119) HIPER APARs IT16112 A CORRELATED SCALAR SUBQUERY IN AN UPDATE STATEMENT MAY NOT CORRECTLY RETURN SQL0811N IT16385 DB2 DATA SERVER CLIENT SILENT INSTALL FAILS WITH ERROR: PRODUCT: IBM DATA SERVER CLIENT - DB2COPY1 -- ERROR 1314 IT16656 SQL0801 AND WRONG RESULTS FROM STDDEV_SAMP, VARIANCE_SAMP, COVARIANCE_SAMP WHEN USED IN AN OLAP SPECIFICATION IT16703 DB2 MAY RETURN INCORRECT RESULTS WHEN USING STRING EQUALITY PREDICATES CONTAINING DIFFERING CODE UNITS IT16869 SELECT ROW CHANGE TOKEN WILL RETURN WRONG RESULT WHEN USINGRIDSCAN (ROW IDENTIFIER SCAN) IT16893 ONLINE BACKUP WITH COMPRESSION AND ENCRYPTION MAY CREATE A CORRUPTED BACKUP FILE IT17179 IF ARRAY USED IN AN OPEN CURSOR IS MODIFIED THEN WRONG RESULT OR A TRAP ARE POSSIBLE IT17452 WRONG RESULT IN STORED PROCEDURE QUERY WHEN ADD/DROP CHECK CONSTRAINT IT17458 IN DB2 DPF, POSSIBLE WRONG RESULT WHEN OUTER JOIN PREDICATE COL1=COL2 AND BOTH COLUMNS ARE FROM THE OUTER TABLE IT17489 SELECT AGAINST AN MDC TABLE WITH A RANGE PREDICATE IN SMP MIGHT RETURN A WRONG RESULT IT17556 INCORRECT RESULTS ARE POSSIBLE WHEN JOIN AGAINST CDE TABLES IS DONE AND AN UNDOCUMENTED JOIN SUPPORT REGISTRY VARIABLE SET IT17941 POSSIBLE WRONG RESULTS WHEN THE INPUT PARAMETERS OF AN INLINED SQL SCALAR UDF CONTAINS AN OLAP SPECIFICATION IV90269 QUERIES WITH MULTIPLE OLAP CLAUSES AND DISTINCT AGAINST COLUMN ORGANIZED TABLES COULD RETURN WRONG RESULTS IV90750 INCORRECT RESULTS ARE POSSIBLE WHEN MULTIPLE ROW_NUMBER(), INLINED SQL SCALAR UDF AND COLUMN ORGANIZED TABLES ARE PRESENT DB2 fix packs for all supported versions can be downloaded at the following site: http://www.ibm.com/support/docview.wss?uid=swg27007053 The DB2 team will continue to have a strong focus on delivering timely fixes for newly discovered issues along with information that helps our customers to decide on an appropriate course of action. The DB2 team regrets the inconvenience that these issues are causing to you, our customers. We believe that our actions are the most prudent steps to address your concerns and remain open to suggestions on how to further improve our processes. My Notifications Sign-up to receive e-mail notification of changes to this document. 1. Sign in to My Notifications 2. select Subscribe tab 3. select " Information Management" from the Software column 4. select the check box for " DB2 for Linux, UNIX and Windows" click the Continue button. 5. select the check box for " Flashes" and all other document types click the Submit button. For more information about My Notifications please click on the Benefits and features or take a guided tour of My Notifications. Cross reference information Segment Product Component Platform Version Edition Information Management DB2 Connect --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUyTE4x+lLeg9Ub1AQjtXBAAnduOMBPTa6WPFW8/4sPN077h85/Sbczn 9EhxG1grPj5tu/BUt0rDB4s9//bjsFFXyPTDz3cY2qtRb2E2ccW8R6DscLzjEt6Q u4v2iuFqfnlLqGcWfxfWgBrapAgloM41n0sfz0LrwJKITOQonXIV00WVRbErFDuX 42xqUfkGpF28L5DxqVaEy8ESq/++ULYJ+rvVJYOLLMn18zc01RFgRBmVcSsPLM+8 AGkN06Rgjz4qxHO0yb1jO6A2QdWS3wQju6Fo9BTIfFNsr3jpAfelWt3Zhn7h2c5I frJRUrM5zfb1Rlbdwz46OTNmlFtNdiud5A03b+Hr0lhYbI8VCbnuMlq8h4BMmPnC bza7+fM9a8I9xxJfgLW1I/KqPhfkljMT8gzWYspQ4jdBdvliaLn5ueI5hw7pEhJ6 uMIOUlHqcA4PYiCVIuq4pYUMlhA5NXsHcl9HepFiJKHIdO1D4aJF417pB+JwbHyW a3dFzUdGQ1jj7hQ0Klq6y79R0LODEmCt
2017. június 23.

(23/06/2017) ESB-2017.1584 - [Ubuntu] openvpn: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1584 OpenVPN vulnerabilities 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openvpn Publisher: Ubuntu Operating System: Ubuntu Impact/Access: Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-7521 CVE-2017-7520 CVE-2017-7512 CVE-2017-7508 CVE-2017-7479 CVE-2016-6329 Reference: ASB-2016.0098 ESB-2017.1561 ESB-2016.2898 ESB-2016.2379 Original Bulletin: http://www.ubuntu.com/usn/usn-3339-1 --------------------------BEGIN INCLUDED TEXT-------------------- ========================================================================== Ubuntu Security Notice USN-3339-1 June 22, 2017 openvpn vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenVPN. Software Description: - openvpn: virtual private network software Details: Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6329) It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-7479) Guido Vranken discovered that OpenVPN incorrectly handled certain malformed IPv6 packets. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7508) Guido Vranken discovered that OpenVPN incorrectly handled memory. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7512) Guido Vranken discovered that OpenVPN incorrectly handled an HTTP proxy with NTLM authentication. A remote attacker could use this issue to cause OpenVPN clients to crash, resulting in a denial of service, or possibly expose sensitive memory contents. (CVE-2017-7520) Guido Vranken discovered that OpenVPN incorrectly handled certain x509 extensions. A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7521) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: openvpn 2.4.0-4ubuntu1.3 Ubuntu 16.10: openvpn 2.3.11-1ubuntu2.1 Ubuntu 16.04 LTS: openvpn 2.3.10-1ubuntu2.1 Ubuntu 14.04 LTS: openvpn 2.3.2-7ubuntu3.2 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3339-1 CVE-2016-6329, CVE-2017-7479, CVE-2017-7508, CVE-2017-7512, CVE-2017-7520, CVE-2017-7521 Package Information: https://launchpad.net/ubuntu/+source/openvpn/2.4.0-4ubuntu1.3 https://launchpad.net/ubuntu/+source/openvpn/2.3.11-1ubuntu2.1 https://launchpad.net/ubuntu/+source/openvpn/2.3.10-1ubuntu2.1 https://launchpad.net/ubuntu/+source/openvpn/2.3.2-7ubuntu3.2 --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUxbVYx+lLeg9Ub1AQgCkA//e6kMWKzxmRKKwxo1lSNDjqhDbTQJqsyJ RvELaZS4M+OR3B4cpltGsRAeowgaarQLy3pElNL4/ECPB0rAs+T2fpWlrbmCRhBO DKV4oRnsDLuCOCdHZjVCakhLveqRZOQMEveutPg/o+7vhhAllJZQyM8IqHxNPRYt GGx61uJTUH0dAncN9lEEmSxwosl9AQdeIvslGSbTKIqFN2xA3TSFUhXRJ2L1h1sl H3WQh9ltkla+QASpGGPlhwsMLIcuM/NRCBR5nzDySNnwsBZn7EKc6fFZ30QHaLfM 3pV1ahrDk3J8urlAkntSngG5Ht5eipJMN3fS/WoJ8cdl2jFvyRwBgYibauKjJlY/ jVNLKgk297ePyPHHXOA1pgjrJ55eFyXc0Qx9STEODf5Qatp5O3PlkSE6MPxuW47b VkWFfRKguYthLkOVydRaYvC5vlA4BjALVj8Js2MR7H+YoAxUZFWAOba4uyQOr2rf ASumMpWlUtEda1kTsApyUq9j4YKB2WpU
2017. június 23.

(23/06/2017) ESB-2017.1583 - [Debian] apache2: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1583 apache2 security update 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: apache2 Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 Impact/Access: Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-7679 CVE-2017-7668 CVE-2017-7659 CVE-2017-3169 CVE-2017-3167 Reference: ESB-2017.1533 Original Bulletin: http://www.debian.org/security/2017/dsa-3896 --------------------------BEGIN INCLUDED TEXT-------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3896-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. CVE-2017-3169 Vasileios Panopoulos of AdNovum Informatik AG discovered that mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port leading to a denial of service. CVE-2017-7659 Robert Swiecki reported that a specially crafted HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process. CVE-2017-7668 Javier Jimenez reported that the HTTP strict parsing contains a flaw leading to a buffer overread in ap_find_token(). A remote attacker can take advantage of this flaw by carefully crafting a sequence of request headers to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. CVE-2017-7679 ChenQin and Hanno Boeck reported that mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. For the oldstable distribution (jessie), these problems have been fixed in version 2.4.10-10+deb8u9. The oldstable distribution (jessie) is not affected by CVE-2017-7659. For the stable distribution (stretch), these problems have been fixed in version 2.4.25-3+deb9u1. For the unstable distribution (sid), these problems have been fixed in version 2.4.25-4. We recommend that you upgrade your apache2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllMG3FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TeKRAAhVlS+pLGQzuA55qQUEWCi1I1r/BI4uZhA1+2lhH63o0yfkx7bmKLHGy/ TEQeBxY9MW6l/wVH3fuJinfnl72T3Q9MKuGgB9dFW+5j0G4EsX2Si4iHo49vcOOx o2jXCcZa3N08EOlIzjHAc1Ll7QXhGD4Oz0jHhtRY6Ah3L4Cp263Ntui+SajjBko7 GtlPS2wa60xKbUMLFyBJjZxtZDHR/dqrwD4WNoEYCgQonSpZ9O2QZ4lcYmrQ2tTc /sELhjDNQqgjYXG5PFS+1X0vfTMmLJpbG9/U6pbu6jP3PF/1zvvXnS8rZTCNA2WT 3BathHrPESOrFo2nSPSg4G9ZgQ9hw0q2ftXilWgXH7LV/ta2ZW4cf6qtxbQrKZH3 l+OukeZLn5F5EJRzQGrmKmzBA4IQKKlwOsvGGLr81yHPskEePTNZCoymsJm5Uj5u NfSdc40S/wEVnJlUroJDsqujY/2CekrKw6ppy0saLoTzhnjmBYWmzl71Bd7ZbkHh LtjmEjiAx7Aj9a3KGa9cnFk2oynDGUYKe1qY9lEP7iCDS8hCnkBYqkZ/w6MrahjL 0BfGCeLc3APdd/O4FDsfGhC9JL660OfYdvF4EcGT/o80xPmI7Gs2lVPaR+v+PilN d9lqVxm2xXzaZ+bYEHd7MR0cfc3emeDLJGQonTe5MV9qkETdNy4= =i4iT -----END PGP SIGNATURE----- --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUxaQYx+lLeg9Ub1AQglYA/9F5p4fXU+48ou/E3UUtG5UnhrbAjZ/tIT Ks8+gn9hOmig/AI/yI+RHOFvSYbFNLyJMIFdJtbgA+IlLMa6yqJDjhqFAjzBnjDU 89rIhKA3tsobDYwCfY5pOq/xnb3qf3TaZXOH4Uajgm1RxDBw98m30SRFfODM9cKe u54mOGRmPsiIGusHOurb/ozty/gKs3oeM+ju9PvGEjJLs0UYVykVoDgn4w7idS4l 14+XM0aa13vn/pOAm7l6Y9WUg2MNCime8du4ibbalhx8r40+Ab5zpiHLQas3Aszm 1NRgcnb4HwFTx85w24og1hTsBpPsth51Zy8JidJwrf7yT+MxueLdegxPl2v3iqf/ D9+c3FKrKg7k0Zq1HWVL1ZYoZh5RS99rdqijG+KlHYrrgmIjFmp7ffjmQz4dkb72 XeNFlhW5Mblw+VnAMP5/DDmK5gQIsgrSpzZIwxoyowhTNUKS7b0c5u/0uQPQ4BwV 2rCo1QCOTUt1lZmdKH2wxMkFYX7Q8vOB
2017. június 23.

(23/06/2017) ESB-2017.1582 - [Linux][Debian] flatpak: Increased privileges - Existing account

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1582 flatpak security update 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: flatpak Publisher: Debian Operating System: Debian GNU/Linux 9 Linux variants Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-9780 Original Bulletin: http://www.debian.org/security/2017/dsa-3895 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running flatpak check for an updated version of the software for their operating system. --------------------------BEGIN INCLUDED TEXT-------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3895-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : flatpak CVE ID : CVE-2017-9780 It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation. For the stable distribution (stretch), this problem has been fixed in version 0.8.5-2+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 0.8.7-1. We recommend that you upgrade your flatpak packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAllMARwACgkQEMKTtsN8 TjbZ6hAAoKoaQJvsB3JLNm0oIhMJ6FLNDZhBRBH7uD1DWOZAVk+YNK/m+4Q0O9yq +w1TrsFHI1MYhM/FSXhVP4L2RENaGGCYscpZLxRVOi0AuYprjsFL49LKqZC8RdQY VaUlJWl90R2WPZcNSmuI2Q3reav6nPxDPdZfb2PK8Drg7JVda2DroJk/PF6gql7P +4JZ4FoPgCjb6q9yZQWypJ74lBLYEBkQT3I/4iOnLHNU3iOiZ2XsIo7d/kvMmH7q EldGivROFw3t9q/MlyaIYaeh6UOBg0C6aijJczVwhWlQ8G7jOSUrlN8DnsbX/2Wu x5yaAkZFnur0F1FQ3zJoH9sKLkjCWOw0UlRhf2AV1HXuptvjB0De7R6km2g4cFbv ykPL0ljHbdUNG9DlXQpr+yUSPeqh7d16Qhwhf8QBgcRlbo4Q7Z536k77G33bQask D0r4HZ3GH/SizY4eX2smDGGdZ51YarqJvt5t18+E4r5vwe8/wd9zBadf9/iuMK5B rUiQ1QbaEC2xwXKMe2sxnC1PLAW8Xqx8Vwb6SFeRqFQIGe1F1FnBSxONjMUgx6Z/ l3NUdLqyVBfjrS5paL113a4sWtskwO9NHTpQnJBD4hXDLTLi6kdR4aQfFhDf3dd4 wgai9t5njMLkFjPpQE2GcZ+Aite8ylDovudXYAVuOjW7sNNFz+A= =StXu -----END PGP SIGNATURE----- --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUxS+4x+lLeg9Ub1AQjg5g/6AkVqcDVZc14SNAARv6psK1Rh6yPcgBFG rw7MGfeprKNtM4zGnjsP13PzGSNRlPeAonKGeLfYR3AqFbgBERoCGw2ZRoL4LMDY Tm+46LSOPfWdk13uOOVyI8Mz0QqZHVJXvLt3WJVknU4L9cH9uPTbJoorAbmRJFsg hbwYoGpd+IlwnvEiPszedaqFcUKh0Hqx26DbBmY1CJhQ6o5b6KZTOJOQjFwMKlyA 2qHn8FRTsG3iBdJjf2YDD6N2WEiyQVZ1ovKOMnD1u4ekP+3Sb8E0T8GcEiEX0RsK bb4HL+tWrSMw8uDUGaGGCQWdV9OH1ypRp+ORLa1G+QHYsuV4o3WoSqlMoZlUDP4A amM6/RhOXAoacRnSJygJu+/5pX86vpKS0z9b97UHqQgirpUll+k/LwjEXorrI/fs 38mwzylNZK8pOdvSWJ2oe286kO/2ArIFH4uLly2koWkesiV5pOUYatNV4lVoMtiz jrZtcZ9b/8Wz+8luQ8X9HoX4jial82xc
2017. június 23.

(23/06/2017) ESB-2017.1581 - [Debian] graphite2: Multiple vulnerabilities

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1581 graphite2 security update 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: graphite2 Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-7778 CVE-2017-7777 CVE-2017-7776 CVE-2017-7775 CVE-2017-7774 CVE-2017-7773 CVE-2017-7772 CVE-2017-7771 Reference: ASB-2017.0091 ESB-2017.1556 ESB-2017.1509 ESB-2017.1499 ESB-2017.1494 Original Bulletin: http://www.debian.org/security/2017/dsa-3894 --------------------------BEGIN INCLUDED TEXT-------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3894-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : graphite2 CVE ID : CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Multiple vulnerabilities have been found in the Graphite font rendering engine which might result in denial of service or the execution of arbitrary code if a malformed font file is processed. For the oldstable distribution (jessie), these problems have been fixed in version 1.3.10-1~deb8u1. For the stable distribution (stretch), these problems have been fixed prior to the initial release. We recommend that you upgrade your graphite2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAllMAZcACgkQEMKTtsN8 TjY0uQ//SzW6gQ3w48JMRKnSr1W3AwvgbGGptNpmePVD9+UmyCNqCPYHGSL0xOm4 gxlrMKaXP+Q6cdXD84ebhzmsJoDY04XCAG5WYEthQTvZC7Rh/fNjqJQUBeeO0Qps T3/je6Mdy5hQRzu8R7/47lyZ0ypKMKjx5WSgJj7T1UoA2rWITffvdLCx48qy5Env 57GG4Aft8UOU+l4OokpZqYk6KZspc+lNkj/X032vRNQJOA758YqJHK3K7nraDV3T +iPFSAMu9Zu/ybvYnH4ylxSGR3c+3pWV40dY4DhWyxdLNGI7kRCXVlbgO0UvSYmd s/0/Jil3gvc1NWOB3T2rJAcjw5KZ9Rsd9HaYm0hZLuYB4z6xELpHw0ayLgwnkbP4 xadrMWRroccL/HaRyd21WrMVeLBknvNB9TXrnnZYhm07cSbFZzkPOjkE0Z5F9nJV K9YtH5FcH1o/yAeY2ruuCYXfkXlFvhA4grs8xcgGBAQH7Cfq7zLZYhpWueh3Qz6g vSuuJoscuWgfWFiVvSKLMCNPbStO1iVV7GZWSweC0c/FUjVzq2Yk+6d7TkSdC0Ry WKjlP3m40QUAzDqsj/J43Z4W+3VGQ7aHc2pE+HEMkcDkvYaitTxCMo1lauCdIkix 8RjOrgTl8o8aIZKSgYiS65T9dVzkdPBf5dXRklrj35Z357Tkdn8= =gCVt -----END PGP SIGNATURE----- --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUxS4ox+lLeg9Ub1AQjfFg/9HhbxqdjX+fMGzSey8I9N7OybZEN4F4F0 kCdNh8qiO/ermhWlv2Fd11MTgZTozo/yJgl5h3QsA67sb8NCD02ms6PqhPo1wJWz cNlw1X/ejmKasMjkVznXJg+kZEqrDISHNiS2KeHa+NTglfrWfZSJqJuXMwCLSJoP REWG1ZT8qO5AU/ovoSPnGJJ+jVR7fVVN8wuhk47RdhK9POL+PndKqOjEz5qvepa1 3VXvJRAkKnBvpKbpdndxwsaMeV6b2XFx6+h9G/0ElnaS6Bvi4Zi8/1nxDIjYzh3J j02ibrNsZ/g1mxSET2w7XbTZCMWvLjfJAfUSZPGxDsEuPp/syUPCVWdDIBt6UwAc XNfnokLsd3ZG2ms642RQhkZECwqoQRtbcmNy2p4kHk2jWy+EjMOY7ikTh69TfB47 5hFMRBkxPNDDKv9p4t2cNIS8fKG9l7nWTRNj4OJhJeboG/gByiA0jBb4aBjshpxh ZROgAZedP0Y0vOLbt/V+OSmLJpaKhxNm
2017. június 23.

(23/06/2017) ESB-2017.1580 - [Win][UNIX/Linux][Debian] jython: Execute arbitrary code/commands - Remote/unauthenticated

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1580 jython security update 23 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: jython Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-4000 Original Bulletin: http://www.debian.org/security/2017/dsa-3893 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running jython check for an updated version of the software for their operating system. --------------------------BEGIN INCLUDED TEXT-------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3893-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jython CVE ID : CVE-2016-4000 Debian Bug : 864859 Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer. For the oldstable distribution (jessie), this problem has been fixed in version 2.5.3-3+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 2.5.3-16+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 2.5.3-17. We recommend that you upgrade your jython packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllLudlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ToGw/+MK3U6RBkBbh3sv9fNxgY9Ou+yj7dSeUhN4P8511145goAHgM0PvSI/Ml PsPgOZDrnnymc8GYn2bGXWqVcWgqrXnIvycz1J8orvLnJfPb13ww3t+XlKs/Vrrv Prj6ROiC0cmbNeKbuR+ly2qaysYcippl5SmpnhOEbJkXf8fsBYqIWo+WThAIE2NO 0X2CPP3iiS3N0NLHmEUBicXd0osZGkTrDznSCJ/mi7RaY30WISJbkuUoepILg+Qi c9b2ZEkOGn9MxBfh8dAeY2j/hpUXGIWVZrmBE7t9ertMQ7wc2JS/Tmgiy/kAttFB D2CiQQ0laZfJFUXyTr00i+t80A4RamsIfnvMZ1fly4IjJnVaRw7M9umlw0dnQmBd hbLwDIOZnHSU0e5pBLMT6a62ENivyY8SoOmHC0lNyTAIHqHzKO9IOUx9taNuFiUM kEaE/9qTYNuUS4JstMZ04lonvx06pjg5oMd4JyMJrav5wq7xes7bLGVTgaKzUgxb nJwpSFyQhLJmz5XhjD4O/gMS1PdFHvoxTJeOfrB7E/kMSQnkT6+gvZGUb17n51Bo FB+k92EDlcsSRjYFPcxQmNw/H8pRjpMLTMQN07bltU2ZnILm212wrDsccw/qk960 SW7QsVoWzFuxVsk36xArq/96h5Y7lW4wHgUlw5H5g/F2KQvEeZ8= =3zEd -----END PGP SIGNATURE----- --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUxS04x+lLeg9Ub1AQhVHxAAorZC3sZjdwrBkmftxAmJrdIs9FA1bdSV MCBTRDos/M4qFuAssiX/HMOxVQYGy86NpETfjYADPqqzM5jcg7nzH+8hD1Azptni AKdxK61z9YnXa/BTEjt5OFn7iJOkq4zfJ6ildTvo2Kf9njF5PiV0J2M3eQRcuKRB +SfyT5WUL9Rr4ZGqQhSnRbDADRoy4+SLtTEr3deieMI0oAlxERzwyJiNlfcZfbhP abP543OX6+w/7cMy/ictvd/OToyCFaPNWhLPc7Y4YMeWIwv4iG0EqH9hp7fUVsF2 k+vo/6r4zpCzf7gZGutG6t5VYZyClAMu1mGJAX2EG0qzUkvuUr3H1HnEr+dXWNew SQBH0jk8u5RVn6ho+fQk+8OcqKs8c8we4Z+R1uf37Fvxcrq1WTQ6oTjSBn36wu6U 8Qf89KN6UsG0/EhQjDEwQ5cOcLpeQHy/3u4PqLL2JUHIL9OHqjN88wlVAOGHuy0/ LMIKjci0DDPYGMnfMJOtO0FQz0Ap7zo+
2017. június 22.

(22/06/2017) ESB-2017.1576 - [Win][OSX] Cisco WebEx Network Recording Player: Execute arbitrary code/commands - Remote with user interaction

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1576 Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities 22 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco WebEx Network Recording Player Publisher: Cisco Systems Operating System: Windows OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-6669 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Security Advisory Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities High Advisory ID: cisco-sa-20170621-wnrp First Published: 2017 June 21 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242 CVE-2017-6669 CWE-119 CVSS Score: Base 7.3, Temporal 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X CVE-2017-6669 CWE-119 Summary Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp Affected Products Vulnerable Products This vulnerability affects the Cisco WebEx ARF Player. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130 Cisco WebEx Business Suite (WBS30) client builds prior to T30.17 Cisco WebEx Business Suite (WBS31) client builds prior to T31.10 To determine whether a Cisco WebEx meeting site is running an affected version of the WebEx client build, users can log in to their Cisco WebEx meeting site and go to the Support > Downloads section. The version of the WebEx client build will be displayed on the right side of the page under "About Support Center." Alternatively, version information of the Cisco WebEx Meeting client can be accessed from within the Cisco WebEx Meeting client. Version information for the Cisco WebEx meeting client on Windows and Linux platforms can be viewed by choosing Help > About Cisco WebEx Meeting Center. Version information for the Cisco WebEx meeting client on Mac platforms can be viewed by choosing Meeting Center > About Cisco WebEx Meeting Center. The Cisco WebEx software updates are cumulative in client builds. For example, if client build 29.32.16 is fixed, build 29.32.17 will contain updated software. Cisco WebEx site administrators have access to secondary version nomenclature, for example, T29 SP32 EP16, which shows that the server is running client build 29.32.16. Note: Customers who do not receive automatic software updates may be running versions of Cisco WebEx that have reached end of software maintenance and should contact customer support. Products Confirmed Not Vulnerable No other Cisco products are currently known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the Cisco WebEx WRF Player. Details The Cisco WebEx Business Suite (WBS) meeting services are a hosted multimedia conferencing solution that is managed and maintained by Cisco WebEx. The Cisco WebEx Meetings Server is a multimedia conferencing solution that customers can host in their private clouds. The ARF file format is used to store WebEx meeting recordings that have been recorded on a WebEx meeting site. The Cisco WebEx ARF Player is an application that is used to play back and edit WebEx ARF recording files (files with .arf extensions). The Cisco WebEx ARF Player can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site (for stream playback mode). The Cisco WebEx ARF Player can also be manually installed after downloading the application from http://www.webex.com/ play-webex-recording.html to play back recording files for offline playback. The Cisco WebEx ARF Player is available for all Cisco WebEx Business Suite clients (WBS29, WBS30, and WBS31), Cisco WebEx Meetings, and for Cisco WebEx Meetings Server clients. Exploitation of this vulnerability may cause player applications to crash or, in some cases, remote code execution could occur. To exploit this vulnerability, the player application would need to open a malicious ARF file. An attacker may be able to accomplish this exploit by providing the malicious recording file directly to users (for example, by using email), or by directing a user to a malicious web page. The vulnerabilities cannot be triggered by users who are attending a WebEx meeting. Workarounds There are no workarounds that address this vulnerability. However, it is possible to remove all WebEx software completely from a system using the Meeting Services Removal Tool (for Microsoft Windows users) or Mac Cisco-WebEx Uninstaller (for Apple Mac OS X users) available at https:// help.webex.com/docs/DOC-2672. Removal of WebEx software from a Linux or UNIX-based system can be accomplished by following the steps in the WebEx knowledge base help article at the following link: https://support.webex.com/MyAccountWeb/ knowledgeBase.do?root=Tools&parent=Knowledge&articleId=WBX28548& txtSearchQuery=uninstall%20linux#. Fixed Software Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases The following client builds of Cisco WebEx Business Suite (WBS29, WBS30, WBS31) address this vulnerability: Cisco WebEx Business Suite (WBS29) client builds T29.13.130 or later Cisco WebEx Business Suite (WBS30) client builds T30.17 or later Cisco WebEx Business Suite (WBS31) client builds T31.10 or later To determine whether a Cisco WebEx meeting site is running an affected version of the WebEx client build, users can log in to their Cisco WebEx meeting site and go to the Support > Downloads section. The version of the WebEx client build will be displayed on the right side of the page under "About Support Center." The Cisco WebEx software updates are cumulative in client builds. For example, if client build 29.32.16 is fixed, build 29.32.17 will contain updated software. Users who have downloaded the ARF player directly from the WebEx site can update their player manually by downloading the application from http:// www.webex.com/play-webex-recording.html. NOTE: Users whose WebEx Business Suites are on lockdown will need to contact WebEx Support to apply the appropriate patch to their WebEx site. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source This vulnerability was reported to Cisco by Trend Micro. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications Subscribe URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp Revision History Version Description Section Status Date 1.0 Initial public release. Final 2017-June-21 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications Subscribe --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUtf0Yx+lLeg9Ub1AQjH6Q/+JCYNneFbLVT0ztyPgah1eZ2gRmPXFxct +bhkoAfakWQqkhZUDqlEsRTqC2M9SOjOPDrdeHVGYZxj7ynXHxIkRawTz+9pQH7f ZLlck7mXjncvvN5PU4+hh1Gxr7pbik+2QnEzb/+aunZeadqZCWyG4FJyb8oT6Hvb 1NWraT2IE/Jg3bt9DoYhhJKbDCx3SWIgRjeOjU14RkR8+eFrz3Zxyg57M821UeZs x0VPJssZr1V666Nix0ISFvuMC71DjDgH4IUaeui1T8kRauRsAxYRcd8LCvz09QH6 3ctZKq0U7L1RIDFMy28ISI14e5GdxDjs940hQWsFPeDS94qEop3xGqJxfxb5PfUE W0pYkej4eAmNUAOulKDFE3NQDVXoVKcOlM2cXqIsycgvmpNthEOh9Qt7XRHc/Yu+ 74WIAk3Y27c5zml7Si/fBYP8+CWkQ7pVG1xe13FFp1BHUXmr4onBLOf1XjN00l6I aVaWPCSrSvpnuuoMONj/9hha7aLbJfms
2017. június 22.

(22/06/2017) ESB-2017.1575 - [Cisco] Cisco Wide Area Application Services: Denial of service - Remote/unauthenticated

6 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1575 Cisco Wide Area Application Services TCP Fragment Denial of Service Vulnerability 22 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Wide Area Application Services Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-6721 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Security Advisory Cisco Wide Area Application Services TCP Fragment Denial of Service Vulnerability Medium Advisory ID: cisco-sa-20170621-waas First Published: 2017 June 21 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvc57428 CVE-2017-6721 CWE-20 CVSS Score: Base 5.8, Temporal 5.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:X/RL:X/RC:X CVE-2017-6721 CWE-20 Summary A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of TCP packets when a packet chain is fragmented. An attacker could exploit this vulnerability by sending a crafted set of TCP fragments through an affected device. An exploit could allow the attacker to cause a DoS condition due to a process restarting unexpectedly. The WAAS could drop traffic during the brief time that the WAASNET process is restarting. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas Affected Products Vulnerable Products This vulnerability affects Cisco Wide Area Application Services (WAAS). For information about affected software releases, consult the Cisco bug ID(s) at the top of this advisory. Products Confirmed Not Vulnerable No other Cisco products are currently known to be affected by this vulnerability. Workarounds There are no workarounds that address this vulnerability. Fixed Software For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications Subscribe URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas Revision History Version Description Section Status Date 1.0 Initial public release. Final 2017-June-21 Legal Disclaimer THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications Subscribe --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUtfxYx+lLeg9Ub1AQgpBQ//VMddkF7VA47OEg6ZvuUCAa5uQrqaHUKX qpoAiLupai9ClhiHLmxV3DdXjGA5tfWdZVyS5KVyJX3OjvbEhKFiEkvwRF+fQGWz 4SQk1bIhLxCRr5BTXbVwM7ft2x+tqkvXhLNQMom2PbWXvLFe8Fc40LIxHzRikbxv jVOjvaSRxCe+5VseWa0KbyGg/jhcc6AgKHe3OkjDWiUcARcgyim6fxNZCaKfOJmx phifpZvAY9H3KAMALg2PSwFC87n3IWNXdHaQQKJPOnGvLsFjIE5HfTTBF5PH6Sne ADiD01PiBUtbbxIlxc/jPmtUjtT7N38cRpBluuQRZKaKrqyAmrUBoBpUuRlHBdcq dSrn0oE1x9PhS/E3ib+11LP0GGpW4eP/UZPvT30+xg5gEIwckOdCL1fbitA0Ukm0 VQvzi6FUxNY3A+VHalV7yY2fYXJaR0z/kr/GsqV1u02Z/fAq0avj/+B+bke//eZT nys3WrFzZwSLGx4xX5GbGzD81CbSYunV